Mutating Runtime Architectures as a Countermeasure Against Power Analysis Attacks

This thesis deals with the study of so-called mutating data paths and their utilization as a countermeasure against power analysis attacks on implementations of cryptographic algorithms. Mutating data paths are conceptually data paths of a circuit, which can change their architecture during runtime...

Full description

Bibliographic Details
Main Author: Stöttinger, Marc Sebastian Patric
Format: Others
Language:English
en
Published: 2013
Online Access:https://tuprints.ulb.tu-darmstadt.de/3374/1/Thesis.pdf
Stöttinger, Marc Sebastian Patric <http://tuprints.ulb.tu-darmstadt.de/view/person/St=F6ttinger=3AMarc_Sebastian_Patric=3A=3A.html> (2013): Mutating Runtime Architectures as a Countermeasure Against Power Analysis Attacks.Darmstadt, Technische Universität, [Ph.D. Thesis]
Description
Summary:This thesis deals with the study of so-called mutating data paths and their utilization as a countermeasure against power analysis attacks on implementations of cryptographic algorithms. Mutating data paths are conceptually data paths of a circuit, which can change their architecture during runtime without compromising the correctness of the implemented algorithm. The concept of mutating data paths is investigated in this work theoretically and tested on the application examples for use in practice. A FPGA is used as basis platform for the practical implementation, because the platform-specific properties support the core concept of mutating data paths quite well. Power analysis attacks belong to the class of passive, non-invasive implementation attacks. This type of attack uses the power consumption of an implementation during runtime to extract secret parameters of the cryptographic implementation by exploiting their physical behavior. For these kind of attacks, the device is operated with the implementation of the cryptographic algorithm in normal mode, so that no traces of the attack can be found after the analysis. Essential for this attack is that the adversary knows, which cryptographic algorithm is implemented on the device and that in addition he has access to the power consumption as well as access to the input and output values. It is also essential that the unit with the implementation behaves deterministically, so that the circuit performs the same operations with different input values for every execution in normal operation mode. Exactly at this spot the concept of mutating data paths tries to increase the costs for such an implementation attack in order to make it unattractive for the adversary. Thus, the additional effort to extract the specific parameters of the circuit, being too much or infeasible. Unlike previous hiding based countermeasures or masking countermeasures the concept of the mutating data paths scramble the circuit of the architecture of the data path, so as to randomize the physical characteristics of the circuit in terms of power consumption and execution time. Instead of randomizing the data for the internal operations, as it is done in case of masking based procedures, the physical properties of the circuit are manipulated. The manipulation of the physical behavior in case of applying mutant data paths is not static but changes continuously, compared to other hiding techniques that also alter the physical behavior of the circuit, for instance dual-rail logic. Conservatively, various hiding concepts, such as shuffling and noise generation, are used to create such a mutating data path. By the skillful integration of the various processes in the data path, the different hiding techniques are effectively embedded as a countermeasure in an implementation of a cryptographic algorithm. To this end, a design flow for the creation of mutant data paths is proposed and discussed.