Abstract
Power side-channel attacks (SCAs) have been proven to be effective at extracting secret keys from hardware implementations of cryptographic algorithms. Ideally, the power side-channel leakage (PSCL) of hardware designs of a cryptographic algorithm should be evaluated as early as the pre-silicon stage (e.g., gate level). However, there has been little effort in developing computer-aided design (CAD) tools to accomplish this. In this article, we propose an automated CAD framework called SCRIPT to evaluate information leakage through side-channel analysis. SCRIPT starts by defining the underlying properties of the hardware implementation that can be exploited by side-channel attacks. It then utilizes information flow tracking (IFT) to identify registers that exhibit those properties and, therefore, leak information through the side-channel. Here, we develop an IFT-based side-channel vulnerability metric (SCV) that is utilized by SCRIPT for PSCL assessment. SCV is conceptually similar to the traditionally used signal-to-noise ratio (SNR) metric. However, unlike SNR, which requires thousands of traces from silicon measurements, SCRIPT utilizes formal methods to generate SCV-guided patterns/plaintexts, allowing us to derive SCV using only a few patterns (ideally as low as two) at gate level. SCV estimates PSCL vulnerability at pre-silicon stage based on the number of plaintexts required to attain a specific SCA success rate. The integration of IFT and pattern generation makes SCRIPT efficient, accurate, and generic to be applied to any hardware design. We validate the efficacy of the SCRIPT framework by demonstrating that it can effectively and accurately determine SCA success rates for different AES designs at pre-silicon stage. SCRIPT is orders of magnitude more efficient than traditional pre-silicon PSCL assessment (SNR-based), with an average evaluation time of 15 minutes; whereas, traditional PSCL assessment at pre-silicon stage would require more than a month. We also analyze the PSCL characteristic of the multiplication unit of RISC processor using SCRIPT to demonstrate SCRIPT’s applicability.
- Xilinx, Inc. 2019. Power Analysis and Optimization. https://www.xilinx.com/.Google Scholar
- Cadence Design Systems, Inc. 2019. Cadence. https://www.cadence.com/.Google Scholar
- Tohoku University. 2019. Galois field based AES verilog design. http://www.aoki.ecei.tohoku.ac.jp/.Google Scholar
- Satoh Laboratory. 2019. Lookup table based AES verilog design. Satoh Laboratory UEC. http://satoh.cs.uec.ac.jp/en/.Google Scholar
- Synopsys. 2019. Synopsys. http://www.synopsys.com/.Google Scholar
- Xilinx, Inc. 2019. Vectorless Estimation. https://www.xilinx.com/support/documentation/.Google Scholar
- Xilinx, Inc. 2019. Xilinx. https://www.xilinx.com.Google Scholar
- Martin Aigner, Stefan Mangard, Francesco Menichelli, Renato Menicocci, Mauro Olivieri, Thomas Popp, Giuseppe Scotti, and Alessandro Trifiletti. 2006. Side channel analysis resistant design flow. In Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS’06).Google ScholarCross Ref
- Aydin Aysu, Youssef Tobah, Mohit Tiwari, Andreas Gerstlauer, and Michael Orshansky. 2018. Horizontal side-channel vulnerabilities of post-quantum key exchange protocols. In Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST’18). IEEE, 81--88.Google ScholarCross Ref
- Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, and Pierre-Yves Strub. 2015. Verified proofs of higher-order masking. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 457--485.Google ScholarCross Ref
- Ali Galip Bayrak, Francesco Regazzoni, Philip Brisk, François-Xavier Standaert, and Paolo Ienne. 2011. A first step towards automatic application of power analysis countermeasures. In Proceedings of the 48th Design Automation Conference. ACM, 230--235.Google ScholarDigital Library
- Ali Galip Bayrak, Francesco Regazzoni, David Novo, Philip Brisk, François-Xavier Standaert, and Paolo Ienne. 2013. Automatic application of power analysis countermeasures. IEEE Trans. Comput. 64, 2 (2013), 329--341.Google ScholarDigital Library
- Ali Galip Bayrak, Francesco Regazzoni, David Novo, and Paolo Ienne. 2013. Sleuth: Automated verification of software power analysis countermeasures. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 293--310.Google ScholarDigital Library
- Roderick Bloem, Hannes Gross, Rinat Iusupov, Bettina Könighofer, Stefan Mangard, and Johannes Winter. 2018. Formal verification of masked hardware implementations in the presence of glitches. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 321--353.Google ScholarCross Ref
- Eric Brier, Christophe Clavier, and Francis Olivier. 2004. Correlation power analysis with a leakage model. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 16--29.Google ScholarCross Ref
- Michael Bushnell and Vishwani Agrawal. 2004. Essentials of Electronic Testing for Digital, Memory, and Mixed-signal VLSI Circuits. Vol. 17. Springer Science 8 Business Media.Google ScholarDigital Library
- Gustavo K. Contreras, Adib Nahiyan, Swarup Bhunia, Domenic Forte, and Mark Tehranipoor. 2017. Security vulnerability analysis of design-for-test exploits for asset protection in SoCs. In Proceedings of the 22nd Asia and South Pacific Design Automation Conference (ASP-DAC’17). IEEE, 617--622.Google ScholarCross Ref
- Jerry den Hartog, Jan Verschuren, E. de Vink, Jaap de Vos, and W. Wiersma. 2003. PINPAS: A tool for power analysis of smartcards. In Proceedings of the IFIP International Information Security Conference. Springer, 453--457.Google Scholar
- Yaseer Arafat Durrani and Teresa Riesgo. 2014. Power estimation for intellectual property-based digital systems at the architectural level. J. King Saud Univ.—Comput. Inf. Sci. 26, 3 (2014), 287--295. DOI:https://doi.org/10.1016/j.jksuci.2014.03.005Google Scholar
- François Durvaux and François-Xavier Standaert. 2016. From improved leakage detection to the detection of points of interests in leakage traces. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 240--262.Google ScholarCross Ref
- Yunsi Fei, A. Adam Ding, Jian Lao, and Liwei Zhang. 2014. A statistics-based fundamental model for side-channel attack analysis. IACR Cryptology ePrint Archive (2014), 152.Google Scholar
- Benedikt Gierlichs, Lejla Batina, Pim Tuyls, and Bart Preneel. 2008. Mutual information analysis. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 426--442.Google ScholarDigital Library
- Benedikt Gierlichs, Kerstin Lemke-Rust, and Christof Paar. 2006. Templates vs. Stochastic Methods. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 15--29.Google Scholar
- Benjamin Jun Gilbert Goodwill, Josh Jaffe, Pankaj Rohatgi, et al. 2011. A testing methodology for side-channel resistance validation. In Proceedings of the NIST Non-invasive Attack Testing Workshop.Google Scholar
- Z. Hanna. 2013. Verifying security aspects of SoC designs with Jasper app. (white paper), Jasper Design Automation (Cadence) (2013). https://www.cadence.com/en_US/home/tools/system-design-and-verification/formal-and-static-verification/jasper-gold-verification-platform/security-path-verification-app.html.Google Scholar
- Wei Hu, Dejun Mu, Jason Oberg, Baolei Mao, Mohit Tiwari, Timothy Sherwood, and Ryan Kastner. 2014. Gate-level information flow tracking for security lattices. ACM Trans. Des. Autom. Electron. Syst. 20, 1 (2014), 1--25.Google ScholarDigital Library
- Sorin A. Huss and Oliver Stein. 2017. A novel design flow for a security-driven synthesis of side-channel hardened cryptographic modules. J. Low Power Electron. Applic. 7, 1 (2017), 4.Google ScholarCross Ref
- Sorin A. Huss, Marc Stöttinger, and Michael Zohner. 2013. AMASIVE: An adaptable and modular autonomous side-channel vulnerability evaluation framework. In Number Theory and Cryptography. Springer, 151--165.Google Scholar
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the International Cryptology Conference. Springer, 388--397.Google ScholarCross Ref
- Thanh-Ha Le, Jessy Clédière, Cécile Canovas, Bruno Robisson, Christine Servière, and Jean-Louis Lacoume. 2006. A proposition for correlation power analysis enhancement. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 174--186.Google ScholarDigital Library
- Qiasi Luo and Yunsi Fei. 2011. Algorithmic collision analysis for evaluating cryptographic systems and side-channel attacks. In Proceedings of the IEEE International Symposium on Hardware-oriented Security and Trust (HOST’11). IEEE, 75--80.Google ScholarCross Ref
- Stefan Mangard. 2004. Hardware countermeasures against DPA—A statistical analysis of their effectiveness. In Cryptographers’ Track at the RSA Conference. Springer, 222--235.Google Scholar
- Thomas S. Messerges, Ezzat A. Dabbish, and Robert H. Sloan. 2002. Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51, 5 (2002), 541--552.Google ScholarDigital Library
- Amir Moradi. 2006. Masking as a side-channel countermeasure in hardware. In Proceedings of the ISC Conference on Information Security and Cryptology (ISCISC’16).Google Scholar
- Amir Moradi, Bastian Richter, Tobias Schneider, and François-Xavier Standaert. 2018. Leakage detection with the x2-Test. IACR Trans. Cryptog. Hardw. Embedd. Syst. 1 (2018), 209--237.Google ScholarCross Ref
- Adib Nahiyan, Mehdi Sadi, Rahul Vittal, Gustavo Contreras, Domenic Forte, and Mark Tehranipoor. 2017. Hardware Trojan detection through information flow security verification. In Proceedings of the IEEE International Test Conference (ITC’17). IEEE, 1--10.Google ScholarCross Ref
- Adib Nahiyan, Kan Xiao, Domenic Forte, and Mark Tehranipoor. 2017. Security rule check. In Hardware IP Security and Trust. Springer, 17--36.Google Scholar
- Jungmin Park. 2016. Secure Hardware Design Against Side-channel Attacks. Ph.D. Dissertation. Iowa State University.Google Scholar
- Gagandeep Singh. 2018. Gate-level Simulation Methodology. Retrieved from https://www.cadence.com.Google Scholar
- Céline Thuillet, Philippe Andouard, and Olivier Ly. 2009. A smart card power analysis simulator. In Proceedings of the International Conference on Computational Science and Engineering (CSE’09), Vol. 2. IEEE, 847--852.Google ScholarDigital Library
- Kris Tiri and Ingrid Verbauwhede. 2003. Securing encryption algorithms against DPA at the logic level: Next generation smart card technology. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 125--136.Google ScholarCross Ref
- Nikita Veshchikov and Sylvain Guilley. 2017. Use of simulators for side-channel analysis. In Proceedings of the IEEE European Symposium on Security and Privacy Workshops (EuroS8PW’17). IEEE, 104--112.Google Scholar
- Nicolas Veyrat-Charvillon and François-Xavier Standaert. 2009. Mutual information analysis: How, when and why? In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES’09). Springer, 429--443.Google ScholarDigital Library
- Kan Xiao, Adib Nahiyan, and Mark Tehranipoor. 2016. Security rule checking in IC design. Computer 49, 8 (2016), 54--61.Google ScholarDigital Library
- Muhammad Yasin, Bodhisatwa Mazumdar, Sk Subidh Ali, and Ozgur Sinanoglu. 2015. Security analysis of logic encryption against the most effective side-channel attack: DPA. In Proceedings of the IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS’15). IEEE, 97--102.Google ScholarCross Ref
Index Terms
- SCRIPT: A CAD Framework for Power Side-channel Vulnerability Assessment Using Information Flow Tracking and Pattern Generation
Recommendations
A weakest-adversary security metric for network configuration security analysis
QoP '06: Proceedings of the 2nd ACM workshop on Quality of protectionA security metric measures or assesses the extent to which a system meets its security objectives. Since meaningful quantitative security metrics are largely unavailable, the security community primarily uses qualitative metrics for security. In this ...
Divided We Stand, United We Fall: Security Analysis of Some SCA+SIFA Countermeasures Against SCA-Enhanced Fault Template Attacks
Advances in Cryptology – ASIACRYPT 2021AbstractProtection against Side-Channel (SCA) and Fault Attacks (FA) requires two classes of countermeasures to be simultaneously embedded in a cryptographic implementation. It has already been shown that a straightforward combination of SCA and FA ...
Off-Path TCP Exploits of the Mixed IPID Assignment
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications SecurityIn this paper, we uncover a new off-path TCP hijacking attack that can be used to terminate victim TCP connections or inject forged data into victim TCP connections by manipulating the new mixed IPID assignment method, which is widely used in Linux ...
Comments