CAPA: The Spirit of Beaver against Physical Attacks

In this paper we introduce CAPA: a combined countermeasure against physical attacks. Our countermeasure provides security against higher-order SCA, multiple-shot DFA and combined attacks, scales to arbitrary protection order and is suitable for implementation in embedded hardware and software. The methodology is based on an attack model which we call tile-probe-and-fault, which is an extension (in both attack surface and capabilities) of prior work such as the wire-probe model. The tile-probe-and-fault leads one to naturally look (by analogy) at actively secure multi-party computation protocols such as SPDZ. We detail several proof-of-concept designs using the CAPA methodology: a hardware implementation of the KATAN and AES block ciphers, as well as a software bitsliced AES S-box implementation. We program a secondorder secure version of the KATAN design into a Spartan-6 FPGA and perform a side-channel evaluation. No leakage is detected with up to 18 million traces. We also deploy a second-order secure software AES S-box implementation into an ARM Cortex-M4. Neither firstnor second-order leakage is detected with up to 200 000 traces. Both our implementations can detect faults within a strong adversarial model with arbitrarily high probability.