Efficient simulation of EM side-channel attack resilience

Abstract

Electromagnetic (EM) fields emanated during crypto-operations are an effective non-invasive channel for extracting secret keys. To predict vulnerabilities and improve resilience to EM side-channel analysis attacks, design-time simulation tools are needed. Predictive simulation of such attacks is computationally taxing, however, as it requires transient circuit and EM simulation for a large number of encryptions, with high modeling accuracy, and high spatial and temporal resolution of EM fields. We developed a computational platform for EM side-channel attack analysis using commercial EDA tools to extract current waveforms and a custom EM simulator to radiate them. We achieve a 7000X speed-up over brute-force sequential simulation by identifying information-leaking cycles, deploying hybrid gate-and transistor-level simulation, radiating only EM-dominant currents, and simulating different encryptions in parallel. This permits a vulnerability study of a 32nm design of Advanced Encryption System block cipher to differential attacks with manageable 20h/attack cost. We demonstrate that EM attacks can succeed with 6X fewer encryptions compared to power attacks and identify worst information-leaking hotspots. The proposed platform enables targeted deployment of design-level countermeasures, leading us to identify a power/ground network design with a 4X security boost over an alternative.