More Like this

1. Comparison of cost of protection against differential power analysis of selected authenticated ciphers

   https://doi.org/10.1109/HST.2018.8383904  

   Diehl, William ; Abdulgadir, Abubakr ; Farahmand, Farnoud ; Kaps, Jens-Peter ; Gaj, Kris ( April 2018 , 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST))

   Authenticated ciphers are vulnerable to side-channel attacks, including differential power analysis (DPA). Test Vector Leakage Assessment (TVLA) using Welch's t-test has been used to verify improved resistance of block ciphers to DPA after application of countermeasures. However, extension of this methodology to authenticated ciphers is non-trivial, since this requires additional input and output conditions, complex interfaces, and long test vectors interlaced with protocol necessary to describe authenticated cipher operations. In this research we augment an existing side-channel analysis architecture (FOBOS) with TVLA for authenticated ciphers. We use this capability to show that implementations in the Spartan-6 FPGA of the CAESAR Round 3 candidates ACORN, ASCON, CLOC (AES and TWINE), SILC (AES, PRESENT, and LED), JAMBU (AES and SIMON), and Ketje Jr., as well as AES-GCM, are potentially vulnerable to 1st order DPA. We then implement versions of the above ciphers, protected against 1st order DPA, using threshold implementations. TVLA is used to verify improved resistance to 1st order DPA of the protected cipher implementations. Finally, we benchmark unprotected and protected cipher implementations in the Spartan-6 FPGA, and compare the costs of 1st order DPA protection in terms of area, frequency, throughput, throughput-to-area (TP/A) ratio, power, and energy per bit. Our results show that ACORN is the most energy efficient, has the lowest area (in LUTs), and has the highest TP/A ratio of DPA-resistant implementations. However, Ketje Jr. has the highest throughput. 

   more » « less
2. Face-off between the CAESAR Lightweight Finalists: ACORN vs. Ascon

   Diehl, William ; Farahmand, Farnoud ; Abdulgadir, Abubakr ; Kaps, Jens-Peter ; Gaj, Kris ( December 2018 , 2018 International Conference on Field-Programmable Technology)

   Authenticated ciphers potentially provide resource savings and security improvements over the joint use of secret-key ciphers and message authentication codes. The CAESAR competition aims to choose the most suitable authenticated ciphers for several categories of applications, including a lightweight use case, for which the primary criteria are performance in resource constrained devices, and ease of protection against side channel attacks (SCA). Recently, two of the candidates from this category, ACORN and Ascon, were selected as CAESAR contest finalists. In this research, we compare two SCA-resistant FPGA implementations of ACORN and Ascon, where one set of implementations has area consumption nearly equivalent to the defacto standard AES-GCM, and the other set has throughput (TP) close to that of AES-GCM. The results show that protected implementations of ACORN and Ascon, with area consumption less than but close to AES-GCM, have 23.3 and 2.5 times, respectively, the TP of AES-GCM. Likewise, implementations of ACORN and Ascon with TP greater than but close to AES-GCM, consume 18% and 74% of the area, respectively, of AES-GCM. 

   more » « less
3. Side-channel Resistant Implementations of a Novel Lightweight Authenticated Cipher with Application to Hardware Security

   https://doi.org/10.1145/3453688.3461761  

   Abdulgadir, Abubakr ; Lin, Sammy ; Farahmand, Farnoud ; Kaps, Jens-Peter ; Gaj, Kris ( June 2021 , GLSVLSI '21: Proceedings of the 2021 on Great Lakes Symposium on VLSI)

   null (Ed.)

   Lightweight authenticated ciphers are crucial in many resource-constrained applications, including hardware security. To protect Intellectual Property (IPs) from theft and reverse-engineering, multiple obfuscation methods have been developed. An essential component of such schemes is the need for secrecy and authenticity of the obfuscation keys. Such keys may need to be exchanged through the unprotected channels, and their recovery attempted using side-channel attacks. However, the use of the current AES-GCM standard to protected key exchange requires a substantial area and power overhead. NIST is currently coordinating a standardization process to select lightweight algorithms for resource-constrained applications. Although security against cryptanalysis is paramount, cost, performance, and resistance to side-channel attacks are among the most important selection criteria. Since the cost of protection against side-channel attacks is a function of the algorithm, quantifying this cost is necessary for estimating its cost and performance in real-world applications. In this work, we investigate side-channel resistant lightweight implementations of an authenticated cipher TinyJAMBU, one of ten finalists in the current NIST LWC standardization process. Our results demonstrate that these implementations achieve robust security against side-channel attacks while keeping the area and power consumption significantly lower than it is possible using the current standards. 

   more » « less
4. An Open-Source Platform for Evaluation of Hardware Implementations of Lightweight Authenticated Ciphers

   https://doi.org/10.1109/ReConFig48160.2019.8994788  

   Abdulgadir, Abubakr ; Diehl, William ; Kaps, Jens-Peter ( December 2019 , 2019 International Conference on ReConFigurable Computing and FPGAs (ReConFig), Cancun, Mexico)

   Lightweight implementations of cryptographic algorithms must be evaluated in terms of security, cost, and performance before their deployment in practical applications. The availability of open-source platforms for such evaluation saves researchers' time and increases reproducibility of results. In this work, we improve upon the previous version of the Flexible Opensource workBench fOr Side-channel analysis (FO-BOS) to introduce “FOBOS2,” and utilize it to perform such evaluation tasks for hardware implementations of authenticated ciphers, with special focus on candidates submitted to the NIST Lightweight Cryptography standardization process. We perform power measurements on Artix7 FPGA, and countermeasure evaluation of lightweight hardware implementations of selected NIST Lightweight Cryptography Round-2 candidates and the current NIST standard AES-GCM on the Spartan6 and Artix7 FPGAs. Our results show that Ascon consumes the least power at 50 MHz, and has the lowest change in dynamic power per increase in frequency, while GIFT-COFB consumes the least energy-per-bit. We also show that side-channel countermeasures applied to implementations of Ascon and AES-GCM are effective using leakage detection tests. 

   more » « less
5. A Lightweight Implementation of Saber Resistant Against Side-Channel Attacks

   Abdulgadir, Abubakr ; Mohajerani, Kamyar ; Dang, Viet Ba ; Kaps, Jens-Peter ; Gaj, Kris ( December 2021 , Progress in Cryptology – INDOCRYPT 2021. INDOCRYPT 2021)

   Adhikari, Avishek ; Küsters, Ralf ; Preneel, Bart (Ed.)

   The field of post-quantum cryptography aims to develop and analyze algorithms that can withstand classical and quantum cryptanalysis. The NIST PQC standardization process, now in its third round, specifies ease of protection against side-channel analysis as an important selection criterion. In this work, we develop and validate a masked hardware implementation of Saber key encapsulation mechanism, a third-round NIST PQC finalist. We first design a baseline lightweight hardware architecture of Saber and then apply side-channel countermeasures. Our protected hardware implementation is significantly faster than previously reported protected software and software/hardware co-design implementations. Additionally, applying side-channel countermeasures to our baseline design incurs approximately 2.9x and 1.4x penalty in terms of the number of LUTs and latency, respectively, in modern FPGAs. 

   more » « less