Title

Towards Comprehensive Countermeasures to Power Analysis Attacks

Date of Completion

January 2011

Keywords

Engineering, Computer

Degree

Ph.D.

Abstract

Cryptographic devices produce not only the output data but also some additional information like power, timing, and electromagnetic radiation, which is referred to as side-channel information. The side-channel information can be exploited by attackers to retrieve secrets involved in cryptographic computation. This type of attacks is called side-channel attacks. Different from traditional cryptanalysis, the side-channel attacks target the physical implementation of a cryptographic system. ^ Power analysis attack is one type of side channel attacks that exploits the power dissipation information. Power analysis attacks can be launched with low-cost equipments and finished in a short period of time, for example, a couple of hours. Power analysis is a very powerful attack to the real implementations of cryptographic algorithms. ^ This dissertation focuses on power analysis and the countermeasures, studying two fundamental questions of power analysis attacks: where are the vulnerabilities and what are the countermeasures? To demonstrate the vulnerability of existing systems, two attacks are designed. One targets at the implementation of Elliptic Curve Cryptography (ECC) with previously proposed countermeasures and the other at the implementation of HMAC-Whirlpool. To thwart power analysis attacks, several countermeasures at different design levels are proposed. The window-based countermeasure for ECC works at the algorithm level. Toward constructing an algorithm-independent power analysis resistant platform, the RFRF (Register File with Redundant, Flipped copies) countermeasure works at the architecture level. In addition, a more advanced duplicated datapaths countermeasure is proposed which takes advantage of existing resources in the C674x DSP core and executes two same instructions with complemented data in two separated datapaths. The future efforts include the evaluation of vulnerability of shift operation which is widely used in many algorithms submitted to SHA-3 competition, and the general random masking scheme. ^