Abstract
Electromagnetic and power side-channel analysis (SCA) provides attackers a prominent tool to extract the secret key from the cryptographic engine. In this article, we present our cross-device deep learning (DL)-based side-channel attack (X-DeepSCA) which reduces the time to attack on embedded devices, thereby increasing the threat surface significantly. Consequently, with the knowledge of such advanced attacks, we performed a ground-up white-box analysis of the crypto IC to root-cause the source of the electromagnetic (EM) side-channel leakage. Equipped with the understanding that the higher-level metals significantly contribute to the EM leakage, we present STELLAR, which proposes to route the crypto core within the lower metals and then embed it within a current-domain signature attenuation (CDSA) hardware to ensure that the critical correlated signature gets suppressed before it reaches the top-level metal layers. CDSA-AES256 with local lower metal routing was fabricated in a TSMC 65 nm process and evaluated against different profiled and non-profiled attacks, showing protection beyond 1B encryptions, compared to ∼10K for the unprotected AES. Overall, the presented countermeasure achieved a 100× improvement over the state-of-the-art countermeasures available, with comparable power/area overheads and without any performance degradation. Moreover, it is a generic countermeasure and can be used to protect any crypto cores while preserving the legacy of the existing implementations.
Highlights
Introduction and MotivationOver the last decade, we have witnessed a steady expansion of Internet-connected devices, and they are projected to proliferate even further [1]
In 2017, we proposed the first concept of signature attenuation hardware (SAH) design in the form of attenuated signature noise injection (ASNI) [18], ref. [19] to prevent power side-channel analysis (SCA) attacks, generic for all cryptographic algorithms, without any performance overheads
While the unprotected AES256 could be broken with only 8K and 12K traces respectively, for correlational power attacks (CPA) and CEMA attacks, the protected current-domain signature attenuation (CDSA)-AES remains secure even after 1B encryptions (Figure 18a,b), showing an minimum traces to disclosure (MTD) improvement of 100× over the existing countermeasures [22]
Summary
Introduction and MotivationOver the last decade, we have witnessed a steady expansion of Internet-connected devices, and they are projected to proliferate even further [1]. It becomes extremely important to employ cryptographic algorithms to ensure data security and confidentiality for all electronic devices. As these mathematically-secure crypto algorithms are implemented on a physical platform, they leak critical correlated information in the form of power consumption, electromagnetic (EM) emissions, cache hits/misses, timing and so on, leading to side-channel analysis (SCA) attacks, allowing an attacker to extract the secret key from the device. SCA attack typically requires the insertion of a small resistor (∼0.5–10 Ω) in series with the power supply of the device that measures the voltage drop across it. Transitioning from AES-128 to AES-256 only increases the SCA resilience linearly by a factor of 2×, unlike the exponential increase in mathematical security
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have