Cyber-physical systems contain networked embedded systems. Such systems may implement cryptographic algorithms for processing and/or communication. Therefore, they can be prone to side-channel attacks. Differential power analysis is one of such attacks, which is considered among the most serious threats against cryptographic devices. Various metrics have been proposed to evaluate the resistance of different implementations against these attacks. Some of these metrics need side-channel attacks to be conducted and depend on the considered power model. Due to the vast variety of proposed side-channel attacks and power models, comprehensively evaluating a design under these metrics is commonly considered to be a tedious task. To alleviate this situation, t-test has been proposed. The non-specific variation of t-test does not need to suppose a power model for leakage assessment. In this paper, we have evaluated three implementations of AES on an FPGA. In the first design, no side-channel countermeasure is implemented while the second and the third implementations make use of masking and shuffling, respectively. Evaluation results show that significant reduction occurs in terms of side-channel leakage when masking or shuffling is applied. Results imply that shuffling and masking are proper choices for area-restricted and time-restricted devices, respectively.

Keywords