Robust SCA & DPA countermeasures for defense, IoT, V2V and mobile
Implementing the most robust security into your SoC design or FPGA is no longer nice to do, it is an absolute imperative. Doing so in-house adds significant project risk, impacts your time-to-market and adds unnecessary expense.
Athena delivers a comprehensive suite of security IP with side-channel attack (SCA) protection, ready for your SoC or FPGA application. While there are many types of SCA, differential power analysis (DPA) has become synonymous with SCA. Athena SCA countermeasures include protection against DPA, as well as simple power analysis (SPA), simple electromagnetic analysis (SEMA), and differential electromagnetic analysis (DEMA).
SCA Countermeasures Overview
SCAs are a class of non-invasive attacks used to extract keys and other secret information from devices that have cryptographic functions. Unlike invasive tampering, electromagnetic attacks can even be performed at a distance: attacks on cell phones have been demonstrated at a range of 30 feet. SCA countermeasures are needed to protect devices that use cryptographic keys, especially hand-held devices and any device that will not have the physical security of a protected facility. Cell phones, IoT endpoints, any device with access to banking information (smart cards, cell phones, etc.), commercial electronics, and especially defense electronics all require strong SCA countermeasures as part of a comprehensive defense-in-depth strategy to protect against reverse engineering, cloning, over-production, and theft of sensitive personal and financial data.
DPA countermeasures are patented by Rambus Cryptography Research division, and Athena is an approved DPA countermeasure developer. Athena is committed to leadership in DPA countermeasures, with offerings across its entire product line, including AES, SHA, elliptic curve cryptography, public key cryptography IP cores, and even the Athena advanced TRNG.
AES with SCA Countermeasures
AES encryption is the preferred method for protecting the confidentiality of data, so the SCA countermeasures had better be good. And Athena’s implementations are not just good – they are superior. Compared to alternative implementations, the Athena AES implementation with SCA countermeasures is smaller, faster, and has less leakage. Athena’s AES-SCA core is available in 4 performance levels, with support for every mode (ECB, CBC, CFB, OFB, CTR, CMAC, CCM, GCM, GHASH, and XTS), every key size (128, 192, and 256), and numerous integration and usability features, such as optional bus interfaces and context switching.
HMAC-SHA and SHA with Countermeasures
Protecting HMAC-SHA and SHA are notoriously difficult. Just as Athena did with AES, its HMAC-SHA and SHA implementations employ an innovative approach that delivers superior SCA protection. All while maintaining the performance advantages and advanced features of Athena’s standard SHA cores, including automatic message padding, context switching, optional bus interfaces, and even a double-speed version.
Cryptography Microprocessors with SCA Countermeasures
TeraFire® cryptography microprocessors with SCA countermeasures are ideal for applications requiring strong SCA resistance while also delivering fire-and-forget standalone execution of RSA-CRT, DSA, ECDSA, ECDH, and more. The TeraFire processors are available in multiple configurations, optimized for different applications: The F5200 is compact, sized for embedded applications, and has the flexibility to perform all Suite B operations in a single core. The E6400 is optimized for RSA-2048 operations, while the E5200 is optimized for RSA-1024 operations. Both E6400 and E5200 are enhanced with additional logic specifically designed to accelerate NIST P-Curve elliptic curve cryptography. By executing these complex algorithms entirely on the TeraFire cryptography microprocessor, Athena can deliver strong, self-contained SCA countermeasures without involving your host processor - which both offloads your host processor and keeps it out of the security boundary. All TeraFire cryptography microprocessors are firmware compatible, so the same firmware will run on any core, and the ability to deliver firmware upgrades means that TeraFire cryptography microprocessor solutions are future-proof.
EC Ultra with SCA Countermeasures
EC Ultra employs a breakthrough architecture to deliver unprecedented elliptic curve cryptography (ECC) performance across a range of devices. Coupling Athena’s SCA countermeasures with ultra-performance and fire-and-forget capability makes the EC Ultra the perfect solution for secure, low latency ECDSA and ECDH applications.
InCipher with SCA Countermeasures
Robust security means protection of data, both internal and external. InCipher memory protection does just that; encrypting data for storage in vulnerable bulk memory devices. InCipher employs high performance AES to provide confidentiality or confidentiality with authentication and is available with SCA countermeasures for the ultimate in tamper resistance.
In-House Countermeasures Assessment
Traditional assessments based on attempts to recover keys have limited value when implementing countermeasures: while a successful attack proves that there is a leak, an unsuccessful attack does not prove there are no leaks but only that the attack failed. Athena employs the sophisticated test vector leakage assessment (TVLA) testing approach, a fast and reliable testing methodology for SCA countermeasures assessment that avoids this pitfall.
Rather than attempting to recover a key, the TVLA approach measures the extent to which there is any key- or data-dependent variation in the power or electromagnetic emanations from an implementation. This measurement is provided in the form of the statistical significance of these key- and data-dependent variations versus the number of observed operations. As a result, an implementation with countermeasures is said to have no statistically significant leakage up to a certain number of operations. Since the TVLA approach is not dependent on any specific attack methodology, it provides confidence about the resistance of an implementation to all attacks, including unknown future attacks.
Athena is the only IP provider that is both fully equipped to design cores with countermeasures and also to perform in-house assessment of the implementations. This is critical, since many published countermeasures simply do not work. Athena has implemented custom SCA assessment boards using a variety of FPGAs from multiple manufacturers and is the only vendor equipped to provide an implementation that has been tested on your FPGA device target. With this in-house assessment capability, Athena is also able to provide implementations with different SCA resistance levels, trading performance and/or device resources for SCA resistance. For example, AES may be implemented with SCA resistance from 10 million traces to approaching a billion traces.
Athena’s SCA implementations are silicon tested and silicon proven on multiple FPGA targets, and verification/validation of countermeasure effectiveness is available on your specific device.