Data encryption and decryption operations are basic building blocks for most security applications. For this purpose, most systems use block ciphers, such as the public AES standard. It is well known, however, that implementations of block ciphers such as AES, as well as other cryptographic algorithms, are subject to side-channel attacks [1]. These attacks allow adversaries to extract secret keys from devices by passively monitoring power consumption, EM emissions, or other “side channels”. Differential power analysis (DPA) is a common side channel attack that leverages power measurements.
Security IP
Introduction to differential power analysis
The power consumed by a circuit varies according to the activity of its individual transistors and other components. As a result, measurements of the power used by actual computers or microchips contain information about the operations being performed and the data being processed. Cryptographic designs have traditionally assumed that secrets are manipulated in environments that expose no information beyond the specified inputs and outputs.
Protecting FPGAs from Power Analysis
Recent advances in the size and performance of FPGAs, coupled with advantages in time-to-market, field-reconfigurability and lower up-front costs, make FPGAs ideally suited to a wide range of commercial and defense applications [6]. In addition, FPGAs’ generality and reconfigurability provide important protections against the introduction of Trojan horses during semiconductor manufacturing process[8]. As a result, FPGA applications increasingly involve highly-sensitive intellectual property and trade-secrets, as well as cryptographic keys and algorithms.
A First-Order DPA Attack Against AES in Counter Mode with Unknown Initial Counter
Design and Validation Strategies for Obtaining Assurance in Countermeasures to Power Analysis and Related Attacks
To be secure, tamper resistant cryptographic devices must be protected against DPA and related attacks. Independent testing processes are essential for validating the presence and effectiveness of these countermeasures. Testing methodologies for power analysis vulnerabilities can yield varying degrees of assurance as to the security of the device under test. While insecurity can be demonstrated conclusively, evidence of security is more open-ended. Confidence in a security evaluation depends on many factors including the comprehensiveness of the evaluation, the skill of the evaluator, the nature of the device’s design, and the difficulty of exploiting any identified vulnerabilities. This paper reviews testing strategies for power analysis and related attacks, including black box and clear box methods. The paper also examines how appropriate design architectures and evaluation approaches can be combined to yield the strongest evidence of a device’s security.
VIA Technologies Random Number Generator
Randomness is required for a variety of computational, statistical, and security-related applications. In particular, random numbers and the processes used to generate them are a critical component of secure protocols and cryptographic key generation. Security processes that lack adequate sources of randomness will have poor security. Cryptography Research has evaluated the C3 Nehemiah random number generator, which is an on-chip component of the VIA Technologies Nehemiah processor core. When properly used, the generator was found to be a consistent, high-rate source of entropy which we believe is suitable for use in cryptographic and high-assurance applications.
This report analyzes the Nehemiah RNG design, provides an entropy analysis of the source, and provides developer recommendations for proper use of the Nehemiah RNG. Cryptography Research provided no Nehemiah design assistance to VIA Technologies or Centaur Technology.