ABSTRACT
Side-channel attacks (SCAs) utilize the side-channel information leakage of devices to obtain sensitive information, which have become one of the most prominent threats to the security of embedded systems. Information leakage induced by data serialization effects is a critical problem in designing countermeasures against SCAs. In this paper, information leakage induced by data serialization effects in a general-purpose RISC CPU with a three-stage pipeline is studied. The side-channel analysis is based on the netlist-level simulation to guarantee a "clean room" environment. Based on the implementation of SCAs by using correlation power analysis (CPA) method, information leakage is significant in the CPU and the correct key is successfully guessed with the help of only tens of power traces. Three countermeasures based on software and hardware are proposed and compared with consideration of CPU security, performance and power consumption. After implementing the countermeasures, the information leakage is reduced significantly and the anti-attack ability of the CPU is improved (up to four orders of magnitude). Moreover, when the countermeasures are implemented in actual noisy environment, the CPU security will be further improved. Reasonable compromise needs to be made between the CPU security and implementation overhead to choose suitable SCA-resistant countermeasures under different conditions.
- P Kocher, J Jaffe and B Jun (1999). Differential Power Analysis, In: Wiener M. (eds) Advances in Cryptology --- CRYPTO' 99, pp. 388--397.Google Scholar
- D Oswald and C Paar (2011). Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World, Cryptographic Hardware and Embedded Systems-CHES 2011, vol. 6917, pp. 207--222.Google ScholarCross Ref
- J Balasch, B Gierlichs, O Reparaz and I Verbauwhede (2015). DPA, Bitslicing and Masking at 1 GHz, Cryptographic Hardware and Embedded Systems-CHES 2015, vol. 9293, pp. 599--619.Google Scholar
- K Tiri, M Akmal and I Verbauwhede (2002). A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards. Proceedings of the 28th European Solid-State Circuit Conference, Italy, Firenze, SEP 24--26.Google Scholar
- K Tiri and I Verbauwhede (2004). A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. Design, Automation and Test in Europe Conference and Exhibition (DATE 04), FRANCE, Paris, FEB 16--20.Google ScholarCross Ref
- W-W Han (2008). ASIC implementation of AES SBoxes, Computer Engineering and Design, vol. 29, pp. 2222--3.Google Scholar
- M Bucci, M Guglielmo, R Luzzi, et al. (2004). A power consumption randomization countermeasure for DPA-resistant cryptographic processors. 14th International Workshop on Power and Timing Modeling, Optimization and Simulation (PATMOS 2004), Greece, Santorini, SEP 15--17.Google ScholarCross Ref
- S Tillich, M Kirschbaum and A Szekely (2010). SCA-resistant embedded processors: the next generation. 26th Annual Computer Security Applications Conference (ACSAC), TX, Austin, DEC 06--10.Google ScholarDigital Library
- R Menicocci, A Trifiletti and F Trotta (2013). A logic level countermeasure against CPA side channel attacks on AES. 20th International Conference on Mixed Design of Integrated Circuits and Systems (MIXDES 2013), Poland, Gdynia, JUN 20--22.Google Scholar
- T Popp (2007). Power Analysis Attacks: Revealing the Secrets of Smart Cards: Springer Publishing Company, Incorporated.Google Scholar
- S Tillich, C Herbst and S Mangard (2007). Protecting AES Software Implementations on 32-Bit Processors Against Power Analysis. 5th International Conference on Applied Cryptography and Network Security, China, Zhuhai, JUN 05--08.Google ScholarDigital Library
- H Seuschek and S Rass (2015). Side-channel leakage models for RISC instruction set architectures from empirical data, 18th Euromicro Conference on Digital System Design (DSD), Portugal, Funchal, AUG 26--28.Google ScholarDigital Library
- D Zoni, A Barenghi, G Pelosi and W Fornaciari (2018). A Comprehensive Side-Channel Information Leakage Analysis of an In-Order RISC CPU Microarchitecture, ACM Transactions on Design Automation of Electronic Systems, vol. 23, no. 57.Google Scholar
- C Clavier, A Wurcker and M Damien (2014). Simple Power Analysis on AES Key Expansion Revisited, 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES), South Korea, Busan, SEP 23--26.Google ScholarDigital Library
- P Kocher, J Jaffe, B Jun and P Rohatgi (2011). Introduction to differential power analysis. Journal of Cryptographic Engineering, vol. 1, pp. 5--27.Google ScholarCross Ref
- B Liu, R Lysecky and J M Wang-Roveda (2018). Composable Template Attacks using Templates for Individual Architectural Components. 36th IEEE International Conference on Computer Design (ICCD), FL, Orlando, OCT 07--10.Google ScholarCross Ref
- W Shan, X Fu and Z Xu (2015). A Secure Reconfigurable Crypto IC with Countermeasures against SPA, DPA, and EMA. IEEE Transactions on Computer-aided Design of Integrated Circuits and Systems, vol. 34, pp. 1201--1205.Google ScholarDigital Library
Index Terms
- Countermeasures Against Information Leakage Induced by Data Serialization Effects in a RISC CPU
Recommendations
A Comprehensive Side-Channel Information Leakage Analysis of an In-Order RISC CPU Microarchitecture
Side-channel attacks are a prominent threat to the security of embedded systems. To perform them, an adversary evaluates the goodness of fit of a set of key-dependent power consumption models to a collection of side-channel measurements taken from an ...
Side-channel information leakage analysis and countermeasures in an embedded CPU microarchitecture
Highlights- Based on the implementation of the AES-128, a detailed analysis of side-channel information leakage in an embedded CPU and its components from the ...
AbstractSide-channel attacks (SCAs) have become a significant threat nowadays to cryptographic devices, especially central processing units (CPUs). Based on the implementation of AES-128, the side-channel information leakage analysis is ...
MAMBO–V: Dynamic Side-Channel Leakage Analysis on RISC–V
Detection of Intrusions and Malware, and Vulnerability AssessmentAbstractRISC–V is an emerging technology, with applications ranging from embedded devices to high-performance servers. Therefore, more and more security-critical workloads will be conducted with code that is compiled for RISC–V. Well-known ...
Comments