Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations

Kamel, Dina; Renauld, Mathieu; Flandre, Denis; Standaert, François-Xavier

doi:10.1007/S13389-014-0080-z

Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations

Kamel, Dina

;

Renauld, Mathieu

;

Flandre, Denis

;

Standaert, François-Xavier

(2014) Journal of Cryptographic Engineering — n° 4, p. 1987-1995 (2014)

Files

UnderstandingtheLimitationsandImprovingtheRelevanceofSPICESimulationsinSide-ChannelSecurityEvaluations.pdf

Open Access
Adobe PDF
4.87 MB

Download

Details

Authors

Kamel, DinaUCLouvain
Author
Renauld, MathieuUCLouvain
Author
Flandre, DenisUCLouvain
Author
Standaert, François-XavierUCLouvain
Author

Abstract

Simulation is a very powerful tool for hardware designers. It generally allows the preliminary evaluation of a chip's performances before its final tape out. As security against side-channel attacks is an increasingly important issue for cryptographic devices, simulation also becomes a desirable option for preliminary evaluation in this case. However, its relevance highly depends on the proper modeling of all the attack peculiarities. For example, several works in the literature directly exploit SPICE-like simulations without considering measurement peripherals. But the outcome of such analyses may be questionable, as witnessed by the recent results of Renauld et al. at CHES 2011, which showed how far the power traces of an AES S-box implemented using a dynamic and differential logic style fabricated in 65 nm CMOS can lie from their post-layout simulations. One important difference was found in the linear dependencies between the (simulated and actual) traces and the S-box input/output bits. While simulations exhibited highly non-linear traces, actual measurements were much more linear. As linearity is a crucial parameter for the application of non-proled side-channel attacks (which are only possible under the assumption of sufficiently linear leakages), this observation motivated us to study the reasons of such differences. Consequently, this work discusses the relevance of simulation in security evaluations, and highlights its dependency on the proper modeling of measurement setups. For this purpose, we present a generic approach to build an adequate model to represent measurements artifacts, based upon real data from equipment providers for our AES S-box case study. Next, we illustrate the transformation of simulated leakages, from highly nonlinear to reasonably linear, exploiting our model and regression-based side-channel analysis. While improving the relevance of simulations in security evaluations, our results also raise doubts regarding the possibility to design dual-rail implementations with highly non-linear leakages.

Affiliations

UCLouvainSST/ICTM/ELEN - Pôle en ingénierie électrique

Citations

APA
Chicago
FWB

Kamel, D., Renauld, M., Flandre, D., & Standaert, F.-X. (2014). Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations. Journal of Cryptographic Engineering, 4, 1987-1995. https://doi.org/10.1007/S13389-014-0080-z (Original work published 2014)