Side-channel Power Analysis Research Articles

Internal Re-keying Based Modified AES

Objectives: Masking and re-keying are two major countermeasures against the Power Side Channel Analysis attacks. Re-keying has either secret sharing overhead or needs to be used in synchronization. The Advanced Encryption System (AES) has been modified in the proposed scheme and uses re-keying without the need for secret random sharing or need for synchronized communication. The research proposed a modified AES scheme and validated its effectiveness with the AES. Methods: This study proposes modifying AES and then implementing it as software encryption using Python. As the AES has been modified, the proposed scheme should also match its strength to be further used against the Power Analysis Attack. Avalanche parameter is used to check the proposed solution strength. A data set of 10000, 50000, and 100000 records were generated to test the avalanche effect. The avalanche of existing AES and modified AES are then compared. Findings: The results indicate that the avalanche effect for both AES and the modified AES remains equivalent for the supplied dataset. To analyze further, the avalanche distribution is analyzed and randomness is checked using the Shannon entropy and found that the modified AES provides 0.5% more randomness against the AES. Hence, the modified AES fulfills the benchmark criteria to further check its strength against the Power Side Channel Analysis attacks. Novelty: The algorithm uses a part of the plain text to generate the round key making the resultant key unique and as it can be re-generated from the ciphertext and original key schedule on the decryption side, the random sharing is not needed. Keywords: Masking, Random Sharing Overhead, Differential Power Analysis (DPA), AES, Avalanche Effect, Re-keying

Ml assisted techniques in power side channel analysis for trojan classification

Hardware Trojans (HTs) are one of the emerging malicious hardware modification attacks that have become a critical threat to the integrity, reliability, security, and trustworthiness of integrated circuits (ICs) applications. These deliberately hidden malicious entities can be inserted into the IC during manufacturing or design, potentially leading to the leakage of secret information or the deactivation or destruction of the entire system that relies on the IC hardware chips. Localizing and detecting hardware Trojans is becoming increasingly challenging as these threats are deeply embedded and electronic systems continue to grow in complexity. Traditional methods, including physical inspections and functional testing, are increasingly inadequate. They are limited in scope and often fall short when confronted with the advanced designs of modern hardware Trojans.This study aims to improve the identification of hardware Trojans (HTs) in integrated circuits by using advanced machine learning algorithms with a unique dataset of power side-channel signals. Various machine learning techniques, such as Support Vector Machines (SVM), neural networks, and decision trees, are applied to classify and identify HTs accurately. This method combines comprehensive feature extraction and model validation to provide high accuracy and reliability in HT identification. This research makes significant contributions to cybersecurity by providing improved techniques for detecting minor anomalies associated with HTs using advanced machine learning algorithms. The results show potential advances in securing electronic systems against these hidden threats, highlighting the practical significance and necessity of our work in maintaining a wide range of applications from consumer electronics to national infrastructure.

ZeroD-fender: A Resource-aware IoT Malware Detection Engine via Fine-grained Side-channel Analysis

In early 2023, cyberattacks experienced a significant rise due to unknown (zero-day) malware targeting Internet of Things (IoT) devices. To tackle the challenge of zero-day detection within a highly resource-constrained IoT environment, we propose a novel design that utilizes fine-grained power side-channel analysis with deep learning techniques. Our approach introduces an innovative concept called multiscale feature extraction to identify the most representative malware features across diverse architectures, thereby enhancing deep learning based detection performance against zero-day malware. Specifically, we employ a fine-grained power side-channel analysis of more than 120,000 honeypot-collected malware files across a hierarchy of commands , functions , and modules to identify the unique zero-day malware behaviors. With these identified features to train our model, ZeroD-fender’s performance in detecting zero-day malware has significantly improved. In pursuit of on-device detection, we present a resource-aware online inference customization framework. This framework features our lightweight network, ThingNetV2, which uses specialized 1-D depthwise separable convolution paired with h-swish activation, leading to significant resource savings. By applying the fine-grained power analysis, ZeroD-fender demonstrates a detection rate of 95.88% across various architecture zero-day malware, achieving detection speeds ranging between 16.083 ms and 23.961 ms , depending on the specific scenario.

A lightweight BRLWE-based post-quantum cryptosystem with side-channel resilience for IoT security

The rapid advancement of quantum computing poses a significant threat to conventional cryptographic systems, particularly in the context of Internet of Things (IoT) security. This paper introduces PQ-IoTCrypt, a lightweight post-quantum cryptosystem for resource-constrained IoT devices. PQ-IoTCrypt builds upon the binary ring learning with errors problem, incorporating optimizations for efficient implementation on 8-bit microcontrollers commonly found in IoT environments. We introduce a symmetric discrete uniform distribution and streamlined polynomial arithmetic to reduce computational overhead while maintaining a high-security level. Additionally, we present a comprehensive power side-channel analysis framework for lattice-based post-quantum cryptography, demonstrating PQ-IoTCrypt's resilience against various side-channel attacks, including advanced ciphertext selection criteria, IoT-optimized template creation, and a hierarchical chosen-ciphertext attack methodology tailored for IoT deployments. Experimental results show that PQ-IoTCrypt achieves a 9.9% reduction in total encryption time compared to the next best baseline at the 256-bit security level while requiring significantly fewer ciphertexts for successful attacks. PQ-IoTCrypt demonstrates superior performance in key generation, encryption, and decryption processes, with times reduced by 12.7 %, 9.1 %, and 9.2 %, respectively, compared to the closest competitor. This work contributes to the standardization efforts of post-quantum IoT security and offers valuable insights for real-world deployment of quantum-resistant cryptography in resource-limited settings.

SCAR: Power Side-Channel Analysis at RTL Level

SCAR: Power Side-Channel Analysis at RTL Level

Deep Learning Method for Power Side-Channel Analysis on Chip Leakages

Power side channel analysis signal analysis is automated using deep learning. Signal processing and cryptanalytic techniques are necessary components of power side channel analysis. Chip leakages can be found using a classification approach called deep learning. In addition to this, we do this so that the deep learning network can automatically tackle signal processing difficulties such as re-alignment and noise reduction. We were able to break minimally protected Advanced Encryption Standard (AES), as well as masking-countermeasure AES and protected elliptic-curve cryptography (ECC). These results demonstrate that the attacker knowledge required for side channel analysis, which had previously placed a significant emphasis on human abilities, is decreasing. This research will appeal to individuals with a technical background who have an interest in deep learning, side channel analysis, and security.

Side-Channel Power Analysis Based on SA-SVM

Support vector machines (SVMs) have been widely used in side-channel power analysis. The selection of the penalty factor and kernel parameter heavily influences how well support vector machines work. Setting reasonable SVM hyperparameters is a key issue in side-channel power analysis. The novel side-channel power analysis method SA-SVM, which combines simulated annealing (SA) and support vector machines (SVMs) to analyze the power traces and crack the key, is proposed in this paper as a solution to this issue. This method differs from other approaches in that it integrates SA and SVMs, enabling us to more effectively explore the search space and produce superior results. In this paper, we conducted experiments on SA-SVM and SVM models from three different aspects: the selection of kernel functions, the number of parameters, and the number of eigenvalues. To compare our results with previous research, we performed experimental evaluations on open datasets. The results indicate that, compared with the SVM model, the SA-SVM model improved the accuracy by 0.25% to 3.25% and reduced the required time by 39.96% to 98.02% when the point of interest was 53, recovering the key using only three power traces. The SA-SVM model outperforms existing methods in terms of accuracy and computation time.

RDS: FPGA Routing Delay Sensors for Effective Remote Power Analysis Attacks

State-of-the-art sensors for measuring FPGA voltage fluctuations are time-to-digital converters (TDCs). They allow detecting voltage fluctuations in the order of a few nanoseconds. The key building component of a TDC is a delay line, typically implemented as a chain of fast carry propagation multiplexers. In FPGAs, the fast carry chains are constrained to dedicated logic and routing, and need to be routed strictly vertically. In this work, we present an alternative approach to designing on-chip voltage sensors, in which the FPGA routing resources replace the carry logic. We present three variants of what we name a routing delay sensor (RDS): one vertically constrained, one horizontally constrained, and one free of any constraints. We perform a thorough experimental evaluation on both the Sakura-X side-channel evaluation board and the Alveo U200 datacenter card, to evaluate the performance of RDS sensors in the context of a remote power side-channel analysis attack. The results show that our best RDS implementation in most cases outperforms the TDC. On average, for breaking the full 128-bit key of an AES-128 cryptographic core, an adversary requires 35% fewer side-channel traces when using the RDS than when using the TDC. Besides making the attack more effective, given the absence of the placement and routing constraint, the RDS sensor is also easier to deploy.

Side channel power analysis resistance evaluation of masked adders on FPGA

Since many internet of things (IoT) devices are threatened by side-channel attacks, security measures are essential for their safe use. However, there are a variety of IoT devices, so the accuracy required depends on the system’s application. In addition, security related to arithmetic operations has been attracting attention in recent years. Therefore, this paper presents an empirical experiment of masking for adders on field programmable gate arrays (FPGAs) and explores the trade-off between cost and security by varying the bit length of the mask. The experimental results show that masking improves power analysis attack resistance, and increasing the bit length of the random numbers used for masking increases security. In particular, the series-connected masked adder is found to be effective in improving power analysis attack resistance.

A Guessing Entropy-Based Framework for Deep Learning-Assisted Side-Channel Analysis

Recently deep-learning (DL) techniques have been widely adopted in side-channel power analysis. A DL-assisted SCA generally consists of two phases: a deep neural network (DNN) training phase and a follow-on attack phase using the trained DNN. However, currently the two phases are not well aligned, as there is no conclusion on what metric used in the training can result in the most effective attack in the second phase. When traditional loss functions such as negative log-likelihood (NLL) are used in training a DNN, the trained model does not yield optimal follow-on attack. Recently some information theoretical SCA leakage metrics are proposed, either as the validation metric to stop the DNN training with traditional loss functions, or as both the validation metric and the training loss function. None of those proposed metrics, however, directly measures the SCA effectiveness. We propose to conduct DNN training directly with a common SCA effectiveness metric, Guessing Entropy (GE). We overcome the prior practical difficulty of using GE in DNN training by utilizing the GEEA estimation algorithm introduced in CHES 2020. We show that using GEEA as either the validation metric or the loss function produces DNN models that lead to much more effective follow-on attacks. Our work consolidates the DL-assisted SCA framework with a consistent metric, which shows great potential to be adopted as the universal SCA-oriented DNN training framework.

On Side-Channel Analysis of Memristive Cryptographic Circuits

Memristive technologies offer fascinating opportunities for unconventional computing architectures and emerging applications. While memristive devices have received substantial attention as sources of entropy for security applications, security vulnerabilities of memristive technologies for implementing cryptographic circuits have been largely neglected so far. In this article, we provide the first in-depth analysis of power side-channel analysis against memristive cryptographic implementations based on both: physical experiments and simulations. We show that power consumption models developed for CMOS are not fully adequate for memristive circuits. In particular, the memory effect makes even input-independent initialization cycles vulnerable to attacks that would be fundamentally impossible in CMOS technologies. We propose a memristive-oriented Power Estimation Model (mPEM) integrated into the Stochastic Approach (StA) framework and demonstrate its effectiveness against larger-scale circuits. Finally, we demonstrate that attack countermeasures that were effective for CMOS fail for fundamental reasons in the memristive case.

A 7T SECURITY ORIENTED SRAM BITCELL USING VLSI

Power analysis (PA) attacks have become a serious threat to security systems by enabling secret data extraction through the analysis of the current consumed by the power supply of the system. Embedded memories, often implemented with six-transistor (6T) static random access memory (SRAM) cells, serve as a key component in many of these systems. However, conventional SRAM cells are prone to side-channel power analysis attacks due to the correlation between their current characteristics and written data. To provide resiliency to these types of attacks, we propose a security-oriented 7T SRAM cell, which incorporates an additional transistor to the original 6T SRAM implementation and a two-phase write operation, which significantly reduces the correlation between the stored data and the power consumption during write operations. The proposed 7T SRAM cell was implemented in a 28 nm technology and demonstrates over 1000× lower write energy standard deviation between write ‘1’ and ‘0’ operations compared to a conventional 6T SRAM. In addition, the proposed cell has a 39%–53% write energy reduction and a 19%–38% reduced write delay compared to other power analysis resistant SRAM cells. Key Words: Power Analysis, SRAM Design, 6T SRAM, 7T SRAM, Power Dissipation Software Tools:  Tanner eda Tool

Circuit-Variant Moving Target Defense for Side-Channel Attacks

The security of cryptosystems involves preventing an attacker's ability to obtain information about plaintext. Traditionally, this has been done by prioritizing secrecy of the key through complex key selection and secure key exchange. With the emergence of side-channel analysis (SCA) attacks, bits of a secret key may be derived by correlating key values with physical properties of cryptographic process execution. Information such as power consumption and electromagnetic (EM) radiation side-channel properties can be observed during encryption or decryption. These signals reflect data-dependent system behaviours that may reveal secret key information. Power and EM SCA attacks require several measurements of the target process to amplify the signal of interest, filter out noise, and derive the secret key through statistical analysis methods. Differential power and EM analysis attacks rely on correlating actual side-channel measurements to hypothetical models. The goal of this research is to increase the complexity of both power and EM SCA by introducing structural and spatial randomization of the target hardware. We propose a System-on-a-Chip (SOC) countermeasure that will periodically reconfigure an AES scheme using randomly located S-box circuit variants. We hypothesize that changing the location of the target modules between encryption runs will result in a nonconstant EM signal strength for any given point on the chip, increasing the number of traces needed to perform a localized EM SCA attack. Further, each of the S-box circuit variants will consist of functionally equivalent, structurally diverse hardware. By diversifying the implementations at the gate-level, we aim to vary the power behaviour observed by the attacker and disrupt the correlation between the hypothetical and actual power consumption, increasing the complexity of power SCA. This moving target defense aims to disrupt side-channel collection and correlation needed to successfully implement an attack.

Syn-STELLAR: An EM/Power SCA-Resilient AES-256 With Synthesis-Friendly Signature Attenuation

Mathematically secure cryptographic algorithms leak meaningful side-channel information in the form of correlated power and electromagnetic (EM) signals, leading to physical side-channel analysis (SCA) attacks. Circuit-level countermeasures against power/EM SCA include a current equalizer, IVR, non-linear LDOs, enhancing protection up to 10M traces, and current-domain signature attenuation (CDSA), and randomized NL-LDO cascaded with arithmetic countermeasures achieved protection up to >1B. This work embraces the concept of analog CDSA but makes it easily scalable over technology nodes with digital-friendly current sources, digital control loop, and digital bleed path to increase the MTD from 10M to 250M (25x improvement, using a single digital countermeasure). Ring oscillator (RO) used as the bleed path to bypass encryption-dependent leakage acts as local negative feedback (LNFB). Besides, based on RO oscillation frequency, AES node voltage can be tuned at startup, PVT, or frequency variation. Thus, RO acts as integrated LNFB and global feedback for the digital signature attenuation circuit (DSAC). Another circuit technique, namely, the time-varying transfer function (TVTF), removes the requirement of dc bias in the current-domain equalizer (best switch capacitor-based countermeasure till date) to make it digital and utilizes switch cap-based circuit for time-domain obfuscation to achieve enhanced security. This work, namely, Syn-STELLAR: SYNthesis-friendly Signature aTtenuation Embedded crypto with Low-Level metAl Routing, combines both DSAC and TVTF techniques to achieve an MTD>1.25B for both EM and power SCA, which is 25% higher than the existing state of the art. The 65-nm CMOS test chip contains unprotected and both the protected (DSAC and DSAC-TVTF) parallel AES-256 implementation. This implementation is the first synthesis-friendly countermeasure, which converges two analog-type strong protections (signature attenuation and switched cap current equalizer) in a digital-friendly solution and achieves >1.25B MTD with power and area overheads comparable to previous circuit-level countermeasures.

IMPLEMENTATION OF A HARDWARE TROJAN CHIP DETECTOR MODEL USING ARDUINO MICROCONTROLLER

These days, hardware devices and its associated activities are greatly impacted by threats amidst of various technologies. Hardware trojans are malicious modifications made to the circuitry of an integrated circuit, Exploiting such alterations and accessing the level of damage to devices is considered in this work. These trojans, when present in sensitive hardware system deployment, tends to have potential damage and infection to the system. This research builds a hardware trojan detector using machine learning techniques. The work uses a combination of logic testing and power side-channel analysis (SCA) coupled with machine learning for power traces. The model was trained, validated and tested using the acquired data, for 5 epochs. Preliminary logic tests were conducted on target hardware device as well as power SCA. The designed machine learning model was implemented using Arduino microcontroller and result showed that the hardware trojan detector identifies trojan chips with a reliable accuracy. The power consumption readings of the hardware characteristically start at 1035-1040mW and the power time-series data were simulated using DC power measurements mixed with additive white Gaussian noise (AWGN) with different standard deviations. The model achieves accuracy, precision and accurate recall values. Setting the threshold proba¬bility for the trojan class less than 0.5 however increases the recall, which is the most important metric for overall accuracy acheivement of over 95 percent after several epochs of training.

Power Side-Channel Analysis of RNS GLV ECC Using Machine and Deep Learning Algorithms

Many Internet of Things applications in smart cities use elliptic-curve cryptosystems due to their efficiency compared to other well-known public-key cryptosystems such as RSA. One of the important components of an elliptic-curve-based cryptosystem is the elliptic-curve point multiplication which has been shown to be vulnerable to various types of side-channel attacks. Recently, substantial progress has been made in applying deep learning to side-channel attacks. Conceptually, the idea is to monitor a core while it is running encryption for information leakage of a certain kind, for example, power consumption. The knowledge of the underlying encryption algorithm can be used to train a model to recognise the key used for encryption. The model is then applied to traces gathered from the crypto core in order to recover the encryption key. In this article, we propose an RNS GLV elliptic curve cryptography core which is immune to machine learning and deep learning based side-channel attacks. The experimental analysis confirms the proposed crypto core does not leak any information about the private key and therefore it is suitable for hardware implementations.

A Secure IoT Firmware Update Scheme Against SCPA and DoS Attacks

In the IEEE S&P 2017, Ronen et al. exploited side-channel power analysis (SCPA) and approximately 5 000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware. Based on the recovered key, the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things (IoT) security issues. Inspired by the work of Ronen et al., we propose an AES-CCM-based firmware update scheme against SCPA and denial of service (DoS) attacks. The proposed scheme applied in IoT terminal devices includes two aspects of design (i.e., bootloader and application layer). Firstly, in the bootloader, the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time, which can effectively counter an SCPA attack. Secondly, in the application layer, using the proposed handshake protocol, the IoT device can access the IoT server to regain update permission, which can defend against DoS attacks. Moreover, on the STM32F405+M25P40 hardware platform, we implement Philips’ and the proposed modified schemes. Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps, the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.

Side-channel Analysis using Deep Learning on Hardware Trojans

A power side-channel analysis is proposed to nd the correct key in hardware trojan affected AES by evaluating correlation between every sub-key guesses. A deep learning method for side-channel analysis (SCA) is proposed, which consists of two phases-characterization and attack. Multilayer perceptron (MLP) and convolutional neural networks(CNN) are used as the models to determine the SCA and their performances are evaluated. Two kinds of desynchronization were used, where maximum possible value with which the trace can be shifted was 0 in rst and 100 in the second. SCA is performed in these desynchronized traces also.

Stealing Neural Network Structure Through Remote FPGA Side-Channel Analysis

Deep Neural Network (DNN) models have been extensively developed by companies for a wide range of applications. The development of a customized DNN model with great performance requires costly investments, and its structure (layers and hyper-parameters) is considered intellectual property and holds immense value. However, in this paper, we found the model secret is vulnerable when a cloud-based FPGA accelerator executes it. We demonstrate an end-to-end attack based on remote power side-channel analysis and machine-learning-based secret inference against different DNN models. The evaluation result shows that an attacker can reconstruct the layer and hyper-parameter sequence at over 90% accuracy using our method, which can significantly reduce her model development workload. We believe the threat presented by our attack is tangible, and new defense mechanisms should be developed against this threat.

SCAUL: Power Side-Channel Analysis With Unsupervised Learning

Existing power analysis techniques rely on strong adversary models with prior knowledge of the leakage or training data. We introduce side-channel analysis with unsupervised learning (SCAUL) that can recover the secret key without requiring prior knowledge or profiling (training). We employ an LSTM auto-encoder to extract features from power traces with high mutual information with the data-dependent samples of the measurements. We demonstrate that by replacing the raw measurements with the auto-encoder features in a classical DPA attack, the efficiency, in terms of required number of measurements for key recovery, improves by 10X. Further, we employ these features to identify a leakage model with sensitivity analysis and multi-layer perceptron (MLP) networks. SCAUL uses the auto-encoder features and the leakage model, obtained in an unsupervised approach, to find the correct key. On a lightweight implementation of AES on Artix-7 FPGA, we show that SCAUL is able to recover the correct key with 3,700 power measurements with random plaintexts, while a DPA attack requires at least 17,400 measurements. Using misaligned traces, with an uncertainty equal to 20 percent of the hardware clock cycle, SCAUL is able to recover the secret key with 12,300 measurements while the DPA attack fails to detect the key.