2020
Lyu, Yangdi; Mishra, Prabhat
Automated Test Generation for Trojan Detection using Delay-based Side Channel Analysis Proceedings Article
In: 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1031–1036, IEEE 2020, ISSN: 1558-1101.
Abstract | Links | BibTeX | Tags: Side Channel
@inproceedings{lyu2020automated1,
title = {Automated Test Generation for Trojan Detection using Delay-based Side Channel Analysis},
author = {Yangdi Lyu and Prabhat Mishra},
doi = {10.23919/DATE48585.2020.9116461},
issn = {1558-1101},
year = {2020},
date = {2020-03-01},
booktitle = {2020 Design, Automation & Test in Europe Conference & Exhibition (DATE)},
pages = {1031--1036},
organization = {IEEE},
abstract = {Side-channel analysis is widely used for hardware Trojan detection in integrated circuits by analyzing various side-channel signatures, such as timing, power and path delay. Existing delay-based side-channel analysis techniques have two major bottlenecks: (i) they are not suitable in detecting Trojans since the delay difference between the golden design and a Trojan inserted design is negligible, and (ii) they are not effective in creating robust delay signatures due to reliance on random and ATPG based test patterns. In this paper, we propose an efficient test generation technique to detect Trojans using delay-based side channel analysis. This paper makes two important contributions. (1) We propose an automated test generation algorithm to produce test patterns that are likely to activate trigger conditions, and change critical paths. Compared to existing approaches where delay difference is solely based on extra gates from a small Trojan, the change of critical paths by our approach will lead to significant difference in path delay. (2) We propose a fast and efficient reordering technique to maximize the delay deviation between the golden design and Trojan inserted design. Experimental results demonstrate that our approach significantly outperforms state-of-the-art approaches that rely on ATPG or random test patterns for delay-based side-channel analysis.},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {inproceedings}
}
Side-channel analysis is widely used for hardware Trojan detection in integrated circuits by analyzing various side-channel signatures, such as timing, power and path delay. Existing delay-based side-channel analysis techniques have two major bottlenecks: (i) they are not suitable in detecting Trojans since the delay difference between the golden design and a Trojan inserted design is negligible, and (ii) they are not effective in creating robust delay signatures due to reliance on random and ATPG based test patterns. In this paper, we propose an efficient test generation technique to detect Trojans using delay-based side channel analysis. This paper makes two important contributions. (1) We propose an automated test generation algorithm to produce test patterns that are likely to activate trigger conditions, and change critical paths. Compared to existing approaches where delay difference is solely based on extra gates from a small Trojan, the change of critical paths by our approach will lead to significant difference in path delay. (2) We propose a fast and efficient reordering technique to maximize the delay deviation between the golden design and Trojan inserted design. Experimental results demonstrate that our approach significantly outperforms state-of-the-art approaches that rely on ATPG or random test patterns for delay-based side-channel analysis.
He, Jiaji; Ma, Haocheng; Guo, Xiaolong; Zhao, Yiqiang; Jin, Yier
Design for EM Side-Channel Security through Quantitative Assessment of RTL Implementations Proceedings Article
In: 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 62-67, IEEE, Beijing, China , 2020.
Abstract | Links | BibTeX | Tags: Side Channel
@inproceedings{He2020,
title = {Design for EM Side-Channel Security through Quantitative Assessment of RTL Implementations},
author = {Jiaji He and Haocheng Ma and Xiaolong Guo and Yiqiang Zhao and Yier Jin },
url = {http://cadforassurance.org/wp-content/uploads/jiaji2020design.pdf},
doi = {10.1109/ASP-DAC47756.2020.9045426},
year = {2020},
date = {2020-01-13},
booktitle = {2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC)},
pages = {62-67},
publisher = {IEEE},
address = {Beijing, China },
abstract = {Electromagnetic (EM) side-channel attacks aim at extracting secret information from cryptographic hardware implementations. Countermeasures have been proposed at the device level, register-transfer level (RTL), and layout level, though efficient, there are still requirements for quantitative assessment of the hardware implementations' resistance against EM side-channel attacks. In this paper, we propose a design for EM side-channel security evaluation and optimization framework based on the t-test evaluation results derived from RTL hardware implementations. Different implementations of the same cryptographic algorithm are evaluated under different hypothesis leakage models considering the driven capabilities of logic components, and the evaluation results are validated with side-channel attacks on FPGA platform. Experimental results prove the feasibility of the proposed side-channel leakage evaluation method at the pre-silicon stage. The remedies and suggested security design rules are also discussed.},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {inproceedings}
}
Electromagnetic (EM) side-channel attacks aim at extracting secret information from cryptographic hardware implementations. Countermeasures have been proposed at the device level, register-transfer level (RTL), and layout level, though efficient, there are still requirements for quantitative assessment of the hardware implementations' resistance against EM side-channel attacks. In this paper, we propose a design for EM side-channel security evaluation and optimization framework based on the t-test evaluation results derived from RTL hardware implementations. Different implementations of the same cryptographic algorithm are evaluated under different hypothesis leakage models considering the driven capabilities of logic components, and the evaluation results are validated with side-channel attacks on FPGA platform. Experimental results prove the feasibility of the proposed side-channel leakage evaluation method at the pre-silicon stage. The remedies and suggested security design rules are also discussed.
Nahiyan, Adib; Park, Jungmin; He, Miao; Iskander, Yousef; Farahmandi, Farimah; Forte, Domenic; Tehranipoor, Mark
SCRIPT: A CAD Framework for Power Side-channel Vulnerability Assessment Using Information Flow Tracking and Pattern Generation Journal Article
In: ACM Trans. Des. Autom. Electron. Syst., vol. 25, no. 3, pp. 1–27, 2020, ISSN: 1084-4309.
Abstract | Links | BibTeX | Tags: Side Channel
@article{nahiyan2020script,
title = {SCRIPT: A CAD Framework for Power Side-channel Vulnerability Assessment Using Information Flow Tracking and Pattern Generation},
author = {Adib Nahiyan and Jungmin Park and Miao He and Yousef Iskander and Farimah Farahmandi and Domenic Forte and Mark Tehranipoor},
url = {https://doi.org/10.1145/3383445},
doi = {10.1145/3383445},
issn = {1084-4309},
year = {2020},
date = {2020-01-01},
journal = {ACM Trans. Des. Autom. Electron. Syst.},
volume = {25},
number = {3},
pages = {1--27},
publisher = {ACM New York, NY, USA},
abstract = {Power side-channel attacks (SCAs) have been proven to be effective at extracting secret keys from hardware implementations of cryptographic algorithms. Ideally, the power side-channel leakage (PSCL) of hardware designs of a cryptographic algorithm should be evaluated as early as the pre-silicon stage (e.g., gate level). However, there has been little effort in developing computer-aided design (CAD) tools to accomplish this. In this article, we propose an automated CAD framework called SCRIPT to evaluate information leakage through side-channel analysis. SCRIPT starts by defining the underlying properties of the hardware implementation that can be exploited by side-channel attacks. It then utilizes information flow tracking (IFT) to identify registers that exhibit those properties and, therefore, leak information through the side-channel. Here, we develop an IFT-based side-channel vulnerability metric (SCV) that is utilized by SCRIPT for PSCL assessment. SCV is conceptually similar to the traditionally used signal-to-noise ratio (SNR) metric. However, unlike SNR, which requires thousands of traces from silicon measurements, SCRIPT utilizes formal methods to generate SCV-guided patterns/plaintexts, allowing us to derive SCV using only a few patterns (ideally as low as two) at gate level. SCV estimates PSCL vulnerability at pre-silicon stage based on the number of plaintexts required to attain a specific SCA success rate. The integration of IFT and pattern generation makes SCRIPT efficient, accurate, and generic to be applied to any hardware design. We validate the efficacy of the SCRIPT framework by demonstrating that it can effectively and accurately determine SCA success rates for different AES designs at pre-silicon stage. SCRIPT is orders of magnitude more efficient than traditional pre-silicon PSCL assessment (SNR-based), with an average evaluation time of 15 minutes; whereas, traditional PSCL assessment at pre-silicon stage would require more than a month. We also analyze the PSCL characteristic of the multiplication unit of RISC processor using SCRIPT to demonstrate SCRIPT’s applicability.},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {article}
}
Power side-channel attacks (SCAs) have been proven to be effective at extracting secret keys from hardware implementations of cryptographic algorithms. Ideally, the power side-channel leakage (PSCL) of hardware designs of a cryptographic algorithm should be evaluated as early as the pre-silicon stage (e.g., gate level). However, there has been little effort in developing computer-aided design (CAD) tools to accomplish this. In this article, we propose an automated CAD framework called SCRIPT to evaluate information leakage through side-channel analysis. SCRIPT starts by defining the underlying properties of the hardware implementation that can be exploited by side-channel attacks. It then utilizes information flow tracking (IFT) to identify registers that exhibit those properties and, therefore, leak information through the side-channel. Here, we develop an IFT-based side-channel vulnerability metric (SCV) that is utilized by SCRIPT for PSCL assessment. SCV is conceptually similar to the traditionally used signal-to-noise ratio (SNR) metric. However, unlike SNR, which requires thousands of traces from silicon measurements, SCRIPT utilizes formal methods to generate SCV-guided patterns/plaintexts, allowing us to derive SCV using only a few patterns (ideally as low as two) at gate level. SCV estimates PSCL vulnerability at pre-silicon stage based on the number of plaintexts required to attain a specific SCA success rate. The integration of IFT and pattern generation makes SCRIPT efficient, accurate, and generic to be applied to any hardware design. We validate the efficacy of the SCRIPT framework by demonstrating that it can effectively and accurately determine SCA success rates for different AES designs at pre-silicon stage. SCRIPT is orders of magnitude more efficient than traditional pre-silicon PSCL assessment (SNR-based), with an average evaluation time of 15 minutes; whereas, traditional PSCL assessment at pre-silicon stage would require more than a month. We also analyze the PSCL characteristic of the multiplication unit of RISC processor using SCRIPT to demonstrate SCRIPT’s applicability.
2019
Ma, Haocheng; He, Jiaji; Liu, Yanjiang; Zhao, Yiqiang; Jin, Yier
CAD4EM-P: Security-Driven Placement Tools for Electromagnetic Side Channel Protection Proceedings Article
In: 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), pp. 1-6, IEEE, Xi'an, P.R. China, 2019.
Abstract | Links | BibTeX | Tags: Side Channel
@inproceedings{Ma2019,
title = {CAD4EM-P: Security-Driven Placement Tools for Electromagnetic Side Channel Protection},
author = {Haocheng Ma and Jiaji He and Yanjiang Liu and Yiqiang Zhao and Yier Jin},
url = {http://cadforassurance.org/wp-content/uploads/haocheng1019cad4emp.pdf},
doi = {10.1109/AsianHOST47458.2019.9006705},
year = {2019},
date = {2019-12-16},
booktitle = {2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)},
pages = {1-6},
publisher = {IEEE},
address = {Xi'an, P.R. China},
abstract = {Side-Channel Analysis (SCA) attacks are major threats to hardware security. Upon this security threat, various countermeasures at different design layers have been proposed against SCA attacks. These approaches often introduce significant performance overheads and impose high requirements of side-channel security backgrounds to IC designers. In this paper, we propose an automatic computer-aided design (CAD) tool that can enhance the circuit resistance against electromagnetic (EM) SCA attacks. This new tool will guide a security-driven placement process and can be seamlessly integrated into the modern IC design flow. The protected IC design will be resilient to SCA attacks with the negligible area and power overheads. In order to develop this tool, we first investigate the root-cause of EM leakage at the layout level and mathematically demonstrate the feasibility of security-driven placement through the EM leakage modeling. We then identify that the correlation between the data under the protection and the EM leakage can be significantly reduced through a data-dependent register's reallocation. Simulation results on cryptographic circuits prove the effectiveness of both the constructed EM leakage model and the EM model-based CAD tool for EM security.},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {inproceedings}
}
Side-Channel Analysis (SCA) attacks are major threats to hardware security. Upon this security threat, various countermeasures at different design layers have been proposed against SCA attacks. These approaches often introduce significant performance overheads and impose high requirements of side-channel security backgrounds to IC designers. In this paper, we propose an automatic computer-aided design (CAD) tool that can enhance the circuit resistance against electromagnetic (EM) SCA attacks. This new tool will guide a security-driven placement process and can be seamlessly integrated into the modern IC design flow. The protected IC design will be resilient to SCA attacks with the negligible area and power overheads. In order to develop this tool, we first investigate the root-cause of EM leakage at the layout level and mathematically demonstrate the feasibility of security-driven placement through the EM leakage modeling. We then identify that the correlation between the data under the protection and the EM leakage can be significantly reduced through a data-dependent register's reallocation. Simulation results on cryptographic circuits prove the effectiveness of both the constructed EM leakage model and the EM model-based CAD tool for EM security.
Lyu, Yangdi; Mishra, Prabhat
Efficient Test Generation for Trojan Detection using Side Channel Analysis Proceedings Article
In: 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 408–413, IEEE 2019, ISSN: 1558-1101.
Abstract | Links | BibTeX | Tags: Side Channel
@inproceedings{lyu2019efficient,
title = {Efficient Test Generation for Trojan Detection using Side Channel Analysis},
author = {Yangdi Lyu and Prabhat Mishra},
doi = {10.23919/DATE.2019.8715179},
issn = {1558-1101},
year = {2019},
date = {2019-03-01},
booktitle = {2019 Design, Automation & Test in Europe Conference & Exhibition (DATE)},
pages = {408--413},
organization = {IEEE},
abstract = {Detection of hardware Trojans is vital to ensure the security and trustworthiness of System-on-Chip (SoC) designs. Side-channel analysis is effective for Trojan detection by analyzing various side-channel signatures such as power, current and delay. In this paper, we propose an efficient test generation technique to facilitate side-channel analysis utilizing dynamic current. While early work on current-aware test generation has proposed several promising ideas, there are two major challenges in applying it on large designs: (i) the test generation time grows exponentially with the design complexity, and (ii) it is infeasible to detect Trojans since the side-channel sensitivity is marginal compared to the noise and process variations. Our proposed work addresses both challenges by effectively exploiting the affinity between the inputs and rare (suspicious) nodes. We formalize the test generation problem as a searching problem and solve the optimization using genetic algorithm. The basic idea is to quickly find the profitable test patterns that can maximize switching in the suspicious regions while minimize switching in the rest of the circuit. Our experimental results demonstrate that we can drastically improve both the side-channel sensitivity (30x on average) and time complexity (4.6x on average) compared to the state-of-the-art test generation techniques.},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {inproceedings}
}
Detection of hardware Trojans is vital to ensure the security and trustworthiness of System-on-Chip (SoC) designs. Side-channel analysis is effective for Trojan detection by analyzing various side-channel signatures such as power, current and delay. In this paper, we propose an efficient test generation technique to facilitate side-channel analysis utilizing dynamic current. While early work on current-aware test generation has proposed several promising ideas, there are two major challenges in applying it on large designs: (i) the test generation time grows exponentially with the design complexity, and (ii) it is infeasible to detect Trojans since the side-channel sensitivity is marginal compared to the noise and process variations. Our proposed work addresses both challenges by effectively exploiting the affinity between the inputs and rare (suspicious) nodes. We formalize the test generation problem as a searching problem and solve the optimization using genetic algorithm. The basic idea is to quickly find the profitable test patterns that can maximize switching in the suspicious regions while minimize switching in the rest of the circuit. Our experimental results demonstrate that we can drastically improve both the side-channel sensitivity (30x on average) and time complexity (4.6x on average) compared to the state-of-the-art test generation techniques.
Santikellur, Pranesh; Bhattacharyay, Aritra; Chakraborty, Rajat Subhra
Deep Learning based Model Building Attacks on Arbiter PUF Compositions Miscellaneous
Cryptology ePrint Archive, Report 2019/566, 2019.
Abstract | Links | BibTeX | Tags: Side Channel
@misc{Santikellur2019,
title = {Deep Learning based Model Building Attacks on Arbiter PUF Compositions},
author = {Pranesh Santikellur and Aritra Bhattacharyay and Rajat Subhra Chakraborty},
url = {https://eprint.iacr.org/2019/566.pdf},
year = {2019},
date = {2019-01-01},
abstract = {Robustness to modeling attacks is an important requirement for PUF circuits. Several reported Arbiter PUF compositions have resisted modeling attacks. and often require huge computational resources for successful modeling. In this paper we present deep feedforward neural network based modeling attack on 64-bit and 128-bit Arbiter PUF (APUF), and several other PUFs composed of Arbiter PUFs, namely, XOR APUF, Lightweight Secure PUF (LSPUF), Multiplexer PUF (MPUF) and its variants (cMPUF and rMPUF), and the recently proposed Interpose PUF (IPUF, up to the (4,4)-IPUF configuration). The technique requires no auxiliary information (e.g. side-channel information or reliability information), while employing deep neural networks of relatively low structural complexity to achieve very high modeling accuracy at low computational overhead (compared to previously proposed approaches), and is reasonably robust to error-inflicted training dataset.},
howpublished = {Cryptology ePrint Archive, Report 2019/566},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {misc}
}
Robustness to modeling attacks is an important requirement for PUF circuits. Several reported Arbiter PUF compositions have resisted modeling attacks. and often require huge computational resources for successful modeling. In this paper we present deep feedforward neural network based modeling attack on 64-bit and 128-bit Arbiter PUF (APUF), and several other PUFs composed of Arbiter PUFs, namely, XOR APUF, Lightweight Secure PUF (LSPUF), Multiplexer PUF (MPUF) and its variants (cMPUF and rMPUF), and the recently proposed Interpose PUF (IPUF, up to the (4,4)-IPUF configuration). The technique requires no auxiliary information (e.g. side-channel information or reliability information), while employing deep neural networks of relatively low structural complexity to achieve very high modeling accuracy at low computational overhead (compared to previously proposed approaches), and is reasonably robust to error-inflicted training dataset.
2018
Saha, Sayandeep; Mukhopadhyay, Debdeep; Dasgupta, Pallab
ExpFault: An Automated Framework for Exploitable Fault Characterization in Block Ciphers Journal Article
In: IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 2, pp. 242-276, 2018.
Abstract | Links | BibTeX | Tags: Side Channel
@article{Saha_Mukhopadhyay_Dasgupta_2018,
title = {ExpFault: An Automated Framework for Exploitable Fault Characterization in Block Ciphers},
author = {Sayandeep Saha and Debdeep Mukhopadhyay and Pallab Dasgupta},
url = {https://tches.iacr.org/index.php/TCHES/article/view/882},
doi = {10.13154/tches.v2018.i2.242-276},
year = {2018},
date = {2018-05-01},
journal = {IACR Transactions on Cryptographic Hardware and Embedded Systems},
volume = {2018},
number = {2},
pages = {242-276},
abstract = {Malicious exploitation of faults for extracting secrets is one of the most practical and potent threats to modern cryptographic primitives. Interestingly, not every possible fault for a cryptosystem is maliciously exploitable, and evaluation of the exploitability of a fault is nontrivial. In order to devise precise defense mechanisms against such rogue faults, a comprehensive knowledge is required about the exploitable part of the fault space of a cryptosystem. Unfortunately, the fault space is diversified and of formidable size even while a single cryptoprimitive is considered and traditional manual fault analysis techniques may often fall short to practically cover such a fault space within reasonable time. An automation for analyzing individual fault instances for their exploitability is thus inevitable. Such an automation is supposed to work as the core engine for analyzing the fault spaces of cryptographic primitives. In this paper, we propose an automation for evaluating the exploitability status of fault instances from block ciphers, mainly in the context of Differential Fault Analysis (DFA) attacks. The proposed framework is generic and scalable, which are perhaps the two most important features for covering diversified fault spaces of formidable size originating from different ciphers. As a proof-of-concept, we reconstruct some known attack examples on AES and PRESENT using the framework and finally analyze a recently proposed cipher GIFT [BPP+17] for the first time. It is found that the secret key of GIFT can be uniquely determined with 1 nibble fault instance injected at the beginning of the 25th round with a reasonable computational complexity of 214.},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {article}
}
Malicious exploitation of faults for extracting secrets is one of the most practical and potent threats to modern cryptographic primitives. Interestingly, not every possible fault for a cryptosystem is maliciously exploitable, and evaluation of the exploitability of a fault is nontrivial. In order to devise precise defense mechanisms against such rogue faults, a comprehensive knowledge is required about the exploitable part of the fault space of a cryptosystem. Unfortunately, the fault space is diversified and of formidable size even while a single cryptoprimitive is considered and traditional manual fault analysis techniques may often fall short to practically cover such a fault space within reasonable time. An automation for analyzing individual fault instances for their exploitability is thus inevitable. Such an automation is supposed to work as the core engine for analyzing the fault spaces of cryptographic primitives. In this paper, we propose an automation for evaluating the exploitability status of fault instances from block ciphers, mainly in the context of Differential Fault Analysis (DFA) attacks. The proposed framework is generic and scalable, which are perhaps the two most important features for covering diversified fault spaces of formidable size originating from different ciphers. As a proof-of-concept, we reconstruct some known attack examples on AES and PRESENT using the framework and finally analyze a recently proposed cipher GIFT [BPP+17] for the first time. It is found that the secret key of GIFT can be uniquely determined with 1 nibble fault instance injected at the beginning of the 25th round with a reasonable computational complexity of 214.
2017
Kumar, Amit; Scarborough, Cody; Yilmaz, Ali; Orshansky, Michael
Efficient simulation of EM side-channel attack resilience Proceedings Article
In: 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 123–130, IEEE 2017, ISSN: 1558-2434.
Abstract | Links | BibTeX | Tags: Side Channel
@inproceedings{kumar2017efficient,
title = {Efficient simulation of EM side-channel attack resilience},
author = {Amit Kumar and Cody Scarborough and Ali Yilmaz and Michael Orshansky},
doi = {10.1109/ICCAD.2017.8203769},
issn = {1558-2434},
year = {2017},
date = {2017-11-01},
booktitle = {2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)},
pages = {123--130},
organization = {IEEE},
abstract = {Electromagnetic (EM) fields emanated during crypto-operations are an effective non-invasive channel for extracting secret keys. To predict vulnerabilities and improve resilience to EM side-channel analysis attacks, design-time simulation tools are needed. Predictive simulation of such attacks is computationally taxing, however, as it requires transient circuit and EM simulation for a large number of encryptions, with high modeling accuracy, and high spatial and temporal resolution of EM fields. We developed a computational platform for EM side-channel attack analysis using commercial EDA tools to extract current waveforms and a custom EM simulator to radiate them. We achieve a 7000X speed-up over brute-force sequential simulation by identifying information-leaking cycles, deploying hybrid gate-and transistor-level simulation, radiating only EM-dominant currents, and simulating different encryptions in parallel. This permits a vulnerability study of a 32nm design of Advanced Encryption System block cipher to differential attacks with manageable 20h/attack cost. We demonstrate that EM attacks can succeed with 6X fewer encryptions compared to power attacks and identify worst information-leaking hotspots. The proposed platform enables targeted deployment of design-level countermeasures, leading us to identify a power/ground network design with a 4X security boost over an alternative.},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {inproceedings}
}
Electromagnetic (EM) fields emanated during crypto-operations are an effective non-invasive channel for extracting secret keys. To predict vulnerabilities and improve resilience to EM side-channel analysis attacks, design-time simulation tools are needed. Predictive simulation of such attacks is computationally taxing, however, as it requires transient circuit and EM simulation for a large number of encryptions, with high modeling accuracy, and high spatial and temporal resolution of EM fields. We developed a computational platform for EM side-channel attack analysis using commercial EDA tools to extract current waveforms and a custom EM simulator to radiate them. We achieve a 7000X speed-up over brute-force sequential simulation by identifying information-leaking cycles, deploying hybrid gate-and transistor-level simulation, radiating only EM-dominant currents, and simulating different encryptions in parallel. This permits a vulnerability study of a 32nm design of Advanced Encryption System block cipher to differential attacks with manageable 20h/attack cost. We demonstrate that EM attacks can succeed with 6X fewer encryptions compared to power attacks and identify worst information-leaking hotspots. The proposed platform enables targeted deployment of design-level countermeasures, leading us to identify a power/ground network design with a 4X security boost over an alternative.
2010
Guilley, Sylvain; Sauvage, Laurent; Flament, Florent; Vong, Vinh-Nga; Hoogvorst, Philippe; Pacalet, Renaud
Evaluation of power constant dual-rail logics countermeasures against DPA with design time security metrics Journal Article
In: IEEE Transactions on Computers, vol. 59, no. 9, pp. 1250–1263, 2010, ISSN: 1557-9956.
Abstract | Links | BibTeX | Tags: Side Channel
@article{guilley2010evaluation,
title = {Evaluation of power constant dual-rail logics countermeasures against DPA with design time security metrics},
author = {Sylvain Guilley and Laurent Sauvage and Florent Flament and Vinh-Nga Vong and Philippe Hoogvorst and Renaud Pacalet},
doi = {10.1109/TC.2010.104},
issn = {1557-9956},
year = {2010},
date = {2010-09-01},
journal = {IEEE Transactions on Computers},
volume = {59},
number = {9},
pages = {1250--1263},
publisher = {IEEE},
abstract = {Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (DPA) established by Paul Kocher et al. in 1998 represents a serious threat for CMOS VLSI implementations. Different countermeasures that aim at reducing the information leaked by the power consumption have been published. Some of these countermeasures use sophisticated back-end-level constraints to increase their strength. As suggested by some preliminary works (e.g., by Li from Cambridge University), the prediction of the actual security level of such countermeasures remains an open research area. This paper tackles this issue on the example of the AES SubBytes primitive. Thirteen implementations of SubBytes, in unprotected, WDDL, and SecLib logic styles with various back-end-level arrangements are studied. Based on simulation and experimental results, we observe that static evaluations on extracted netlists are not relevant to classify variants of a countermeasure. Instead, we conclude that the fine-grained timing behavior is the main reason for security weaknesses. In this respect, we prove that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL.},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {article}
}
Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (DPA) established by Paul Kocher et al. in 1998 represents a serious threat for CMOS VLSI implementations. Different countermeasures that aim at reducing the information leaked by the power consumption have been published. Some of these countermeasures use sophisticated back-end-level constraints to increase their strength. As suggested by some preliminary works (e.g., by Li from Cambridge University), the prediction of the actual security level of such countermeasures remains an open research area. This paper tackles this issue on the example of the AES SubBytes primitive. Thirteen implementations of SubBytes, in unprotected, WDDL, and SecLib logic styles with various back-end-level arrangements are studied. Based on simulation and experimental results, we observe that static evaluations on extracted netlists are not relevant to classify variants of a countermeasure. Instead, we conclude that the fine-grained timing behavior is the main reason for security weaknesses. In this respect, we prove that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL.
2007
Guilley, Sylvain; Flament, Florent; Hoogvorst, Philippe; Pacalet, Renaud; Mathieu, Yves
Secured CAD back-end flow for power-analysis-resistant cryptoprocessors Journal Article
In: IEEE Design & Test of Computers, vol. 24, no. 6, pp. 546–555, 2007, ISSN: 1558-1918.
Abstract | Links | BibTeX | Tags: Side Channel
@article{guilley2007secured,
title = {Secured CAD back-end flow for power-analysis-resistant cryptoprocessors},
author = {Sylvain Guilley and Florent Flament and Philippe Hoogvorst and Renaud Pacalet and Yves Mathieu},
doi = {10.1109/MDT.2007.202},
issn = {1558-1918},
year = {2007},
date = {2007-11-01},
journal = {IEEE Design & Test of Computers},
volume = {24},
number = {6},
pages = {546--555},
publisher = {IEEE},
abstract = {Side-channel attacks threaten the security of any electronic device. We have developed a comprehensive back-end design flow that natively protects constant-power cryptoprocessors against side-channel attacks that exploit instant power consumption. The proposed methodology uses a fully custom, balanced cell library and an innovative place-and-route method. All the design steps in this methodology take place at the layout level. We apply the described flow to the quasi-delay-insensitive (QDI) SecLib library with a shielded routing method derived from back-end duplication, using legacy CAD tools for the back-end steps. In this article, we investigate the feasibility of implementing optimally secured unmasked logic. We argue that it is possible to thwart all known power attacks, at least on carefully designed netlist schematics.},
keywords = {Side Channel},
pubstate = {published},
tppubtype = {article}
}
Side-channel attacks threaten the security of any electronic device. We have developed a comprehensive back-end design flow that natively protects constant-power cryptoprocessors against side-channel attacks that exploit instant power consumption. The proposed methodology uses a fully custom, balanced cell library and an innovative place-and-route method. All the design steps in this methodology take place at the layout level. We apply the described flow to the quasi-delay-insensitive (QDI) SecLib library with a shielded routing method derived from back-end duplication, using legacy CAD tools for the back-end steps. In this article, we investigate the feasibility of implementing optimally secured unmasked logic. We argue that it is possible to thwart all known power attacks, at least on carefully designed netlist schematics.