Cryptographic Security: Countermeasures against Side-Channel Attacks

Side channel attacks have become a serious threat to a cryptosystem. Even if a cryptographic algorithm is mathematically secure, its software or hardware implementation may leak information through side channels. Side channel attacks exploit the side channel leakage to break a cryptosystem. A small amount of side channel information may be sufficient to compromise a cryptosystem which cannot be broken by pure cryptanalysis with current computing capability in limited time. As side channel attacks are not only powerful but also practical, protecting cryptosystem against side channel attacks is critical to ensure security in cryptographic applications. This work aims at protecting public key cryptosystems against side channel attacks. We present countermeasures against fault attacks for two widely used public key cryptosystems, Elliptic Curve Cryptography (ECC) and RSA. The countermeasures are based on error detection methods. If an error is detected, the cryptosystem will not output the erroneous result and hence prevent an attacker from obtaining it to perform fault analysis. The proposed error detection methods can achieve good error detection capability while significantly reduce the overhead in terms of time and hardware compared to error detection methods based on parallel computing and recomputing. We also discuss the basic principles to construct a comprehensive scheme to thwart multiple side channel attacks. A comprehensive scheme is critical in the security of public key cryptosystems since an attacker can choose any side channel attack in practice and he/she needs to succeed in only one to break the public key cryptosystems. The countermeasures proposed to thwart more than one type of side channel attacks customize the computations, which makes them inflexible to be extended when new side channel attacks appear. Careless modification can cause new leakage compromising the expected security. We present an approach to construct a comprehensive scheme from a rich variety of single-purpose countermeasures against different side channel attacks. The scheme can flexibly integrate the countermeasures against new side channel attacks at any time. We show a scheme for RSA constructed with the approach and propose techniques at Register Transfer Level to improve the performance and the resistant to power analysis attacks.