Securing Block Ciphers against SCA and SIFA
Side channel analysis (SCA) and fault injection (FI) attacks are a severe threat for cryptographic devices. For SCA, attackers typically measure timing, power consumption or electromagnetic emanation of a chip in operation, and from these measurements try to extract secret information such as the encryption/decryption keys. For FI, attackers usually try to flip data or control bits inside the chip, e.g. by manipulating clock and reset inputs or with the use of a laser, in order to manipulate device operation. The goal is to manipulate operation in such a way to either facilitate SCA, or by comparing the outputs with and without FI to extract secret information (differential fault analysis, DFA).
To protect cryptographic devices against SCA, different countermeasures such as masking and hiding have been developed #1. Protection against DFA is typically achieved by means of redundancy-based countermeasures. For example, the same inputs are processed several times with a randomized delay in between and some form of voting infrastructure is employed to only release the output, if the results of all executions match. This way, the FI would need to be repeated several times with high precision which is often considered impractical.
However, it has been shown that even with such redundancy countermeasures in place, it can be possible to extract secret information by means of statistical ineffective fault analysis (SIFA) #2. Given a known input, the information whether the redundancy countermeasure is able to detect a fault or not (signaled by not releasing or releasing output respectively) can already be exploited to extract secrets. To this end, combined countermeasures against SCA and SIFA have been proposed recently #3.
The goal of this project is to 1) take an existing open-source implementation of a cryptographic device, e.g., the AES unit (Advanced Encryption Standard) or KMAC/SHA3 (Keccak Message Authentication Code/Secure Hashing Algorithm 3) from the OpenTitan project, and 2) implement such a combined SCA and SIFA countermeasure on top of the existing design, and 3) drive the resulting system through an ASIC tapeout process.
You don't have to be an expert in the field of cryptography or SCA/FI and countermeasure design to successfully master this project. The project builds on top of existing, high-quality, open-source IP and verification infrastructure and you will be accompanied by experts in the various fields. What we need you to bring into the project is basic knowledge in integrated circuit design (VLIS I/II lectures), team working skills, self-motivation, drive and a positive attitude toward challenge.
This project is a joint collaboration between IIS, IAIK (Institute of Applied Information Processing and Communications, TU Graz, Austria) and lowRISC. IAIK has been active in the field of hardware security and privacy for more than 30 years and today is among the most renowned research and education institutes in this field. lowRISC C.I.C. is a not-for-profit, collaborative engineering company with the aim of developing and maintaining high-quality open-source silicon designs and tools. lowRISC is stewarding the OpenTitan project where it - together with partners such as Google, G+D Mobile Security, Nuvoton Technologies, Western Digital and ETH Zürich - is building the first open-source silicon root of trust chip.
- Looking for 1 or 2 motivated Master students (Semester Project)
- Supervision: Pirmin Vogel, Nils Wistoff, Frank K. Gürkaynak
- 20% Theory, Algorithms and Simulation
- 60% VHDL/System Verilog, ASIC Design
- 20% Verification
- VLSI I/II
- VHDL/System Verilog
- Experience with cryptographic algorithms/devices and countermeasures not necessarily required.
- S. Mangard, et al., "Power Analysis Attacks: Revealing the Secrets of Smart Cards" link
- C. Dobraunig, et al., "Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures", link
- J. Daemen, et al., "Protecting against Statistical Ineffective Fault Attacks", link