Exploring the contribution of hardware shuffling in securing low-cost symmetric encryption devices against power-based side-channel attacks: case study of an AES-128 on FPGA

In the era of the Internet of Things (IoT), embedded systems are massively spreading in critical infrastructures. Low-cost and low-power components are used to build such devices, which manipulate sensitive data and communicate at continuously growing throughput. To protect these data, IoT nodes embed cryptographic primitives including countermeasures against Side Channel Attacks (SCA).

In this paper, we explore the interest of hardware-based shuffling to protect AES ciphers against power-based side-channel attacks in the context of low-cost IoT devices. Shuffling is performed via a dedicated hardware module, wherein a Pseudo-Random Number Generator provides a random vector used to control a permutation network, generating a permutation which determines the AES computation sequence. The approach has been explored and evaluated through several FPGA-based design solutions in term of area, timing performance, and security. Compared to an unprotected design, the best solution leads to a minimum area overhead factor of 1.2 or a maximum throughput of 45.23 Mbit/s. Furthermore, compared to existing works that also depend on hardware-shuffling, the proposed solution is up to 10.4 times faster. Results show that hardware-based shuffling solution as implemented increases the Measure-to-Disclosure metric by a factor greater than 10,000 when considering Correlation Power Analysis-based SCA.