Abstract
Finding a suitable balance between performance and physical security can be
a significant challenge when implementing cryptographic software. Although
asymmetric primitives often afford inexpensive countermeasures against
side-channel attack as a result of flexibility in the underlying
mathematics, symmetric primitives are generally not as fortunate. The
previously proposed NONDET processor architecture attempts to address this
problem by securing generic workloads via micro-architectural
countermeasures against DPA attack; in this paper we present the first
concrete investigation of NONDET using AES as a case study. Our results
indicate that versus an implementation of AES with no countermeasures, NONDET
can significantly increase the number of acquisitions required for a
successful DPA attack. Alternatively, versus an implementation using
traditional software-based countermeasures such as randomisation and
masking, NONDET can produce significant improvements in performance and
memory footprint.
Original language | English |
---|---|
Title of host publication | Workshop on Embedded Systems Security - WESS |
Publisher | Association for Computing Machinery (ACM) |
Pages | 1--10 |
Publication status | Published - 2009 |