Finding a suitable balance between performance and physical security can be a significant challenge when implementing cryptographic software. Although asymmetric primitives often afford inexpensive countermeasures against side-channel attack as a result of flexibility in the underlying mathematics, symmetric primitives are generally not as fortunate. The previously proposed NONDET processor architecture attempts to address this problem by securing generic workloads via micro-architectural countermeasures against DPA attack; in this paper we present the first concrete investigation of NONDET using AES as a case study. Our results indicate that versus an implementation of AES with no countermeasures, NONDET can significantly increase the number of acquisitions required for a successful DPA attack. Alternatively, versus an implementation using traditional software-based countermeasures such as randomisation and masking, NONDET can produce significant improvements in performance and memory footprint.
|Translated title of the contribution||Non-Deterministic Processors: FPGA-based Analysis of Area, Performance and Security|
|Title of host publication||Workshop on Embedded Systems Security - WESS|
|Publisher||Association for Computing Machinery (ACM)|
|Publication status||Published - 2009|