An Investigation of Differential Power Analysis Attacks on FPGA-based Encryption Systems

• Main Author: McDaniel, Larry T. III
• Other Authors: Electrical and Computer Engineering
• Format: Others
• Published: Virginia Tech 2014
• Subjects: DPA; Data Encryption Standard; SPA; power analysis
• Online Access: http://hdl.handle.net/10919/33451; http://scholar.lib.vt.edu/theses/available/etd-06062003-163826/

Hardware devices implementing cryptographic algorithms are finding their way into many applications. As this happens, the ability to keep the data being processed or stored on the device secure grows more important. Power analysis attacks involve cryptographic hardware leaking information during encryption because power consumption is correlated to the key used for encryption. Power analysis attacks have proven successful against public and private key cryptosystems in a variety of form factors. The majority of the countermeasures that have been proposed for this attack are intended for software implementations on a microcontroller. This project focuses on the development of a VHDL tool for investigating power analysis attacks on FPGAs and exploring countermeasures that might be used. The tool developed here counted the transitions of CLB output signals to estimate power and was used to explore the impact of possible gate-level countermeasures to differential power analysis. Using this tool, it was found that only a few nodes in the circuit have a high correlation to bits of the key. This means that modifying only a small portion of the circuit could dramatically increase the difficulty of mounting a differential power analysis attack on the hardware. Further investigation of the correlation between CLB outputs and the key showed that a tradeoff exists between the amount of space required for decorrelation versus the amount of decorrelation that is desired, allowing a designer to determine the amount of correlation that can be removed for available space. Filtering of glitches on CLB output signals slightly reduced the amount of correlation each CLB had. Finally, a decorrelation circuit was proposed and shown capable of decorrelating flip-flop outputs of a CLB, which account for less than 10% of the CLB outputs signals. === Master of Science