Secure Cryptographic Designs Resilient to Side-channel Attacks

The rapid development of IoT devices and distributed computing brings convenience and high efficiency to modern society. To enhance the security of hardware devices, quite a few cryptographic algorithms were proposed and applied. These encryption algorithms show good resilience to brute-force attacks, but are still vulnerable to side-channel attacks.
Side-channel attacks are non-invasive and passive attack that shows high efficiency on secret data extraction and brings a lot of difficulties for detection and defense. Unlike the brute-force attack and the cryptanalysis attack, that targets the weakness in the encryption algorithm, side-channel attacks utilize weaknesses of implementation and use statistical models such as differential analysis and correlation analysis to steal secret information.
In this work, we explore different side-channel attacks and propose feasible countermeasures for mitigation, including power-based analysis, electromagnetic-based analysis and Direct Memory Access(DMA) attack.
For power/EM based side channel attacks, we first demonstrate multiple attacks on both software-based implementation and hardware-based implementation, including template attack, power-based correlation analysis, and EM-based correlation analysis. To mitigate the risk, we propose a key update scheme to provide resilience to correlation-based side-channel attacks for encryption engine and prove the efficiency by experiments. To protect the process of key generation and key storage from the tampering attack, we use a secure coprocessor to generate and store secret keys.
For DMA attack, we propose a lightweight scheme to provide resilience without any physical and protocol-level modification. The proposed scheme constructs a unique identifier for each DMA-supported PCIe device based on profiling time and builds a trusted database for authentication. The efficiency is also tested and proved by experiments.