Design, Automation and Test in Europe Conference (DATE 2022)
DATE is the European Event for Electronic System Design & Test. The DATE 2022 edition will be held on March 14-23 as a virtual event.
The first two days (March 14-15, 2022) feature invited live sessions, talks and panels on emerging topics of interest for the DATE, on top of four keynote talks. In the following days (March 16-23, 2022), the scientific papers will be presented by means of a recorded video and authors will attend the online sessions to briefly pitch their work and be engaged in Q & A sessions to discuss their solutions and results. Specific sessions are organized for the accepted Interactive Presentations (IPs), where authors will have the opportunity to introduce the main aspects of their work, and be engaged in further discussions.
Secure-IC will take part to the session dedicated to the Advances in defect detection and dependability on Wednesday, 23 March at 14:50 CET to discuss “Leakage Power Analysis in Different S-Box Masking Protection Schemes”.
Internet-of-Things (IoT) devices are natural targets for side-channel attacks. Still, side-channel leakage can be complex: its modeling can be assisted by statistical tools. Projection of the leakage into an orthonormal basis allows to understand its structure, typically linear (1st-order leakage) or non-linear (sometimes referred to as glitches). In order to ensure cryptosystems protection, several masking methods have been published. Unfortunately, they follow different strategies; thus it is hard to compare them. Namely, ISW is constructive, GLUT is systematic, RSM is a low-entropy version of GLUT, RSM-ROM is a further optimization aiming at balancing the leakage further, and TI aims at avoiding, by design, the leakage arising from the glitches. In practice, no study has compared these styles on an equal basis. Accordingly, in this paper, we present a consistent methodology relying on a Walsh-Hadamard transform in this respect. We consider different masked implementations of substitution boxes of PRESENT algorithm, as this function is the most leaking in symmetric cryptography. We show that ISW is the most secure among the considered masking implementations. For sure, it takes strong advantage of the knowledge of the PRESENT substitution box equation. Tabulated masking schemes appear as providing a lesser amount of security compared to unprotected counterparts. The leakage is assessed over time, i.e., considering device aging which contributes to mitigate the leakage differently according to the masking style.