Side-channel Attack Standard Evaluation Board (SASEBO)>SASEBO Project>Overview

Project Overview

With the rapid expansion of broadband networks and the spread of information appliances, IC cards, and radio frequency identification (RFID) tags, etc., large amounts of data are transferred in every phase of daily life. At the same time, security threats such as leakages and falsification of information are on the rise. Cryptography is widely used even in consumer products as a fundamental countermeasure against such threats. However, it is difficult for users to determine whether or not a cryptographic algorithm is implemented properly; it is not unusual for security flaws to be discovered in products advertised as perfectly secure.

FIPS 140-2, issued by the National Institute of Standards and Technology (NIST) and ISO/IEC 19790 and 24759 represent security evaluation standards specifying the requirements that should be satisfied by cryptographic modules. The Japan Cryptographic Validation Program (JCMVP®), which is compliant with the above standards, is also operated in Japan by IPA®. However, these standards do not cover side-channel attacks, which represent a new type of physical attack using secret information leaking from side channels instead of the designated I/O channels of the cryptographic module, in the form of operating time, power consumption, and electromagnetic radiation.

NIST is currently working to develop a new testing metrics known as FIPS 140-3, and international standards are also being scheduled for revision. Although the construction of a uniform testing environment is vital for the formulation of international standards, it is difficult to standardize evaluation schemes proposed by different research institutions, as each of them uses their own experimental equipment, which might prevent third parties from verifying the results.

In order to contribute to the standardization process, the Research Center for Information Security (RCIS) of AIST and Tohoku University have developed the Side-channel Attack Standard Evaluation BOard (SASEBO) as a research project funded by METI (Ministry of Economy, Trade and Industry, Japan). The boards were distributed together with detailed design information to research institutes as common experimental platforms.

There are five types of SASEBO boards, "SASEBO", "SASEBO-G", "SASEBO-B", "SASEBO-R", and "SASEBO-GII". SASEBO, SASEBO-G, and SASEBO-GII are Xilinx® FPGA boards, while SASBO-B is a board comprising ALTERA® FPGAs. The FPGA boards have microprocessor features, and thus side-channel attack experiments against cryptographic software can also be performed. Additionally, we have developed a custom cryptographic LSI that supports all of the block ciphers adopted by ISO/IEC 18033-3, as well as the public-key cipher RSA, and this LSI is mounted on SASEBO-R.

The global standard cipher Advanced Encryption Standard (AES) was implemented on SASEBO, and the respective board (SASEBO-AES) has received a Level-1 certification as the first cryptographic hardware module for the JCMVP® program. The details of the SASEBO-AES were also released in order to provide guidelines for designing cryptographic hardware featuring high security.

Project Overview

SASEBO Overview

The original version of "SASEBO" was developed in 2007 and contained two Xilinx® Virtex™-II Pro FPGA devices, xc2vp7 and xc2vp30, one of which was used for the cryptographic circuits, while the other was used for the RS-232 serial interface. The FPGAs comprised 32-bit powerPC® processor cores, which also allowed for software experiments to be performed. In order to monitor the power traces generated by the cryptographic circuits, no decoupling capacitance was mounted on the target FPGA, and linear power regulators with carefully designed layout patterns were used for minimizing noise signals. The two FPGAs have their own GND and VDD lines, as well as a data and control signal interface between the two FPGAs.

SASEBO-G is a revised version of SASEBO, in which a USB interface is mounted instead of the serial one in order to boost the data transfer rate. Additionally, two 8M-bit SRAMs are attached to the xc2v30 FPGA to allow experimentation with software, and the number of monitoring points is increased.

SASEBO-B is an ALTERA® FPGA version that features a Stratix™II EP2S15 for cryptographic circuits and an EP2S30 for interface and control circuits. The FPGAs provide 32-bit and 16-bit processor features, similarly to the NIOS® software core.

SASEBO-G and SASEBO-B are commercially available from Toppan Technical Design Center.

SASEBO-R is an ASIC version, in which a newly developed custom cryptographic LSI using a 90-nm or 130-nm library is mounted. An xc2vp30 Xilinx® FPGA device is used for the control and interface logic.

SASEBO-GII is a commercial product version distributed from Tokyo Electron Device LTD. The board has Virtex™-5 and Spaltan™-3A FPGA devices, where a USB interface can be used for power supply and FPGA configuration.