Received: 26 April 2019 Revised: 1 July 2019 Accepted: 3 July 2019 DOI: 10.1002/spy2.87 ORIGINAL ARTICLE Correlation power analysis and effective defense approach on light encryption device block cipher Vikash Kumar Rai Boreddy V. Reddy Somanath Tripathy Jimson Mathew Department of Computer Science and Engineering, Indian Institute of Technology, Patna, Bihar, India Correspondence Somanath Tripathy, Department of Computer Science and Engineering, Indian Institute of Technology Patna, Bihar 801103, India. Email: som@iitp.ac.in Abstract Recently many works have shown that one of the weaknesses of cryptographic algorithms is power analysis attacks on its hardware implementation. This side channel analysis (SCA) is of interest because such attack can leak information of cryptographic algorithms. So, developing attack resistant mechanism is important for hardware security modules. This paper investigates the vulnerability of light encryption device (LED) block cipher, against correlation power analysis. LED is a lightweight block cipher targeted for compact hardware implementation to pro- tect ubiquitous computing data. We use Chipwhisperer capture hardware to capture power traces during encryption of randomly generated plain texts using the same secret key. Our proposed attack successfully retrieves all 64 bits of secret key cor- rectly using only 300 power traces and 256 key guesses. Furthermore, we propose a simple but effective mitigation technique to prevent such attacks. KEYWORDS Chipwhisperer, correlation power analysis, LED block cipher 1 INTRODUCTION Pervasive computing has become the necessity of the current era, and for example, smart cards are used in a variety of situations and applications. The smart card acts as a unique identifier for any device connected to the network, and is fundamental for the authentication and encryption processes needed for secure communications. It has a wide range of applications including areas such as identity schemes, health care provision, public transport ticket services, retail loyalty schemes, Subscriber identity modules, and physical access control. Usually, it is supported by small computing devices which has less area and low battery life. Such computing devices process sensitive information like financial and medical data. Therefore, it is required to protect this data from unauthorized access. Various cryptographic techniques are used to protect this data from unauthorized access. Since these cryptographic algorithms are very much secure and based on well-proven mathematical concepts, it becomes challenging for an attacker to break these algorithms. The attacker uses the side channel information from the devices where the security algorithms are implemented to extract sensitive information. When a cryptographic algorithm is implemented, then there would be leakage of such information through some physical side channels. These side channels reveal the power consumption of the devices, and the time elapsed to run the algorithm, temperature variance etc. The information collected through these side channels is further processed to retrieve the secret keys. Side channel attacks (SCA) are noninvasive techniques that are particularly effective against smart cards. SCA applied to actual cryptographic systems were first presented in 1996. 1 In 1999, Kocher et al introduced a kind of side channel-attack called differential power analysis (DPA). 2 In this, the attacker exploits the power consumption information of a device to break the key while the cryptographic algorithm is running on the device. In DPA, 2 the statistical analysis has been performed to guess Security Privacy. 2019;e87. wileyonlinelibrary.com/journal/spy2 © 2019 John Wiley & Sons, Ltd. 1 of 11 https://doi.org/10.1002/spy2.87