Radio-Frequency Identification (RFID) tag-based applications are usually resource constrained and security sensitive. However, only about 2,000 gate equivalents in a tag can be budgeted for implementing security components [27]. This requires not only lightweight cryptographic algorithms such as PRESENT (around 1,000 gate equivalents) but also lightweight protections against modern Side Channel Attacks (SCAs). With this budget, the first-order masking and fault detection are two suitable countermeasures to be developed for PRESENT. However, if both countermeasures are applied without any optimization, it will significantly exceed the given area budget. In this work, we optimize area to include both countermeasures to maximize the security for PRESENT within this RFID area budget. The most area-consuming parts of the proposed design are the masked S-boxes and the inverse masked S-boxes. To optimize the area, we have deduced a computational relationship between these two parts, which enables us to reuse the hardware resource of the masked S-boxes to implement the inverse masked S-boxes. The proposed design takes up only 2,376 gates with UMC 65nm CMOS technology. Compared with the unoptimized design, our implementation reduces the overall area by 28.45%. We have tested the effectiveness of the first-order Differential Power Analysis (DPA) and Differential Fault Analysis (DFA) -resistant countermeasures. Experimental results show that we have enhanced the SCA resistance of our PRESENT implementation.

• 出版日期2017-9
• 单位上海科技大学