UC San Diego

Ignoring security concerns when building digital hardware allows for malicious parties to take advantage of vulnerabilities to gain access to secret information and manipulate systems.This is unacceptable because of the disastrous results of attackers compromising consumer products such as cell phones, smart cards and automobiles. To this end, researchers have developed numerous mathematically secure cryptographic algorithms.

Unfortunately, side channel analysis (SCA) attacks bypass these algorithms by monitoring the effects of the algorithm on a physical platform through power consumption, electromagnetic emanations (EM), or subjecting it to fault injection. These effects are referred to as side channels. By analyzing side channels, an attacker is able to discover sensitive information, e.g., extracting the secret key from a cryptographic algorithm.

It has been shown that retrieving side channel information is not uniform. Some portions of the execution reveal a large amount of information to an adversary while other portions reveal little to no information to the adversary. However, most SCA countermeasures incur larger than necessary overhead by protecting all portions of the computation. One way to reduce overhead is through a methodology called blinking. Blinking identifies the most critical points in time for a cryptographic computation and performs isolation to prevent an adversary from observing or modifying any information. This thesis proposes using blinking in a variety of different scenarios and provides analysis so hardware designers can make informed decisions on how to balance the performance, area overhead, power consumption and security.

First, this thesis provides analysis on using blinking to mitigate power analysis attacks with an on-chip capacitor. Next, this thesis shows how the same on-chip capacitor can be used to protect against differential fault analysis, fault sensitivity analysis, biased fault analysis and combined fault analysis. Finally, this thesis demonstrates how blinking can be used to attenuate EM analysis.