Gate-level Leakage Assessment and Mitigation

Kathuria, Tarun

22 July 2019

Side-channel leakage, caused by imperfect implementation of cryptographic algorithms in hardware, has become a serious security threat for connected devices that generate and process sensitive data. This side-channel leakage can divulge secret information in the form of power consumption or electromagnetic emissions. The side-channel leakage of a crytographic device is commonly assessed after tape-out on a physical prototype. This thesis presents a methodology called Gate-level Leakage Assessment (GLA), which evaluates the power-based side-channel leakage of an integrated circuit at design time. By combining side-channel leakage assessment with power simulations on the gate-level netlist, GLA is able to pinpoint the leakiest cells in the netlist in addition to assessing the overall side-channel vulnerability to side-channel leakage. As the power traces obtained from power simulations are noiseless, GLA is able to precisely locate the sources of side-channel leakage with fewer measurements than on a physical prototype. The thesis applies the methodology on the design of a encryption co-processor to analyze sources of side-channel leakage. Once the gate-level leakage sources are identified, this thesis presents a logic level replacement strategy for the leakage sources that can thwart side-channel leakage. The countermeasures presented selectively replaces gate-level cells with a secure logic style effectively removing the side-channel leakage with minimal impact in area. The assessment methodology along with the countermeasures demonstrated is a turnkey solution for IP module designers and is also applicable to larger system level designs. / Master of Science / Consider how a lie detector machine works. It looks for subtle changes in a person’s pulse to tell if the person is telling the truth. This unintentional divulgence of secret information is called a side-channel leakage. Integrated circuits reveal secret information in a similar way through their power consumption. This is caused by the transistors, used to build these integrated circuits, switching in concert with the secret data being processed by the integrated circuit. Typically, integrated circuits are evaluated for side-channel leakage only after they have been manufactured into a physical prototype. If the integrated circuit is found vulnerable it is too expensive to manufacture the prototype again with an updated design. This thesis presents a methodology, Gate-level Leakage Assessment (GLA) to evaluate integrated circuits for side-channel leakage during their design process even before they are manufactured. This methodology uses simulations to identify the specific transistors in the design that cause side-channel leakage. Moreover, this thesis presents a technique to selectively replace these problematic transistors in the design with an implementation that thwarts side channel leakage.

Side-channel leakage

Countermeasures

Power analysis attacks

Évaluation de méthodes faible consommation contre les attaques matérielles / Evaluation of low power methods against hardware attacks

Ordas, Sébastien

30 November 2015

La consommation des circuits intégrés n'a cessé d'augmenter cette dernière décennie. Avec l'augmentation du prix de l'énergie et la démocratisation des systèmes embarqués, des méthodes permettant de gérer le compromis consommation performance, comme la gestion dynamique de la fréquence et de la tension d'alimentation ou encore du potentiel de substrat, ont été élaborées. Ces méthodes, qui sont de plus en plus couramment mises en œuvre dans les systèmes intégrés, permettent de diminuer la consommation de ceux-ci, et mieux de gérer le compromis consommation performance. Certains de ces circuits, embarquant ces méthodes peuvent avoir à effectuer des opérations traitant des informations confidentielles. Il est donc nécessaire de s'interroger sur l'éventuel impact de ces sur la sécurité des systèmes intégrés. Dans ce contexte, les travaux de thèse reportés dans le présent document, ont eu pour objectif d'analyser la compatibilité de ces méthodes de gestion de la consommation avec la conception de circuits robustes aux attaques matérielles. Plus particulièrement, l'objectif a été de déterminer si ces techniques de conception faible consommation, constituent des obstacles réels ou bien facilitent les attaques matérielles par observation et perturbation exploitant le canal électromagnétique. Dans un premier temps, une étude sur l'efficacité des attaques par observation en présence de gestion aléatoire de la tension, de la fréquence et de la polarisation de substrat a été conduite. Dans un deuxième temps, l'impact de la gestion dynamique des tensions d'alimentation et de substrat sur la capacité à injecter des fautes par médium électromagnétique a été étudié. Ce document présente l'ensemble des résultats de ces analyses.Mots-clés : Attaques Matérielles, Attaques par Canaux Auxiliaires, Attaques par fautes, Canal électromagnétique, DVFS, Body-Biasing. / The consumption of integrated circuits has been increasing over the last decade. With the increase of energy prices and the democratization of embedded systems, methods to manage the consumption performance compromise, such as the dynamic management of the frequency and the supply voltage or the substrate potential, were developed. These methods, which are becoming more commonly implemented in integrated systems, allow to reduce the consumption of those latter, and to better manage the tradeoff between consumption and performance.Some of these circuits, embedding these methods, may have to perform some operations with confidential information. It is therefore necessary to consider the possible impact of these methods on the safety of the integrated systems. In this context, the work reported in this thesis aimed to analyze the compatibility of these methods of power management with the design of robust circuits to physical attacks.Specifically, the objective was to determine whether these low-power techniques constitute real obstacles or facilitate the attacks by observation or perturbation exploiting the electromagnetic channel. Initially, a study on the effectiveness of attacks by observation in the presence of random management of voltage, frequency and substrate polarization was done. Secondly, the impact of the dynamic management of supply voltages and substrate polarization on the ability to inject faults by electromagnetic medium was studied. This document presents the overall results of these analyzes. Keyword : Hardware Attacks, Side Channel Attacks, Faults Attacks, Electromagnetic canal, DVFS, Body-biasing

Attaques

Side-Channel

Consommation

Injection de fautes

Attacks

Side-Channel

Power Consumption

Faults injection

ADVANCED LOW-COST ELECTRO-MAGNETIC AND MACHINE LEARNING SIDE-CHANNEL ATTACKS

Josef A Danial (9520181)

16 December 2020

Side-channel analysis (SCA) is a prominent tool to break mathematically secure cryptographic engines, especially on resource-constrained devices. SCA attacks utilize physical leakage vectors like the power consumption, electromagnetic (EM) radiation, timing, cache hits/misses, that reduce the complexity of determining a secret key drastically, going from 2¹²⁸ for brute force attacks to 2¹² for SCA in the case of AES-128. Additionally, EM SCA attacks can be performed non-invasively without any modifications to the target under attack, unlike power SCA. To develop defenses against EM SCA, designers must evaluate the cryptographic implementations against the most powerful side-channel attacks. In this work, systems and techniques that improve EM side-channel analysis have been explored, making it lower-cost and more accessible to the research community to develop better countermeasures against such attacks. The first chapter of this thesis presents SCNIFFER, a platform to perform efficient end-to-end EM SCA attacks. SCNIFFER introduces leakage localization – an often-overlooked step in EM attacks – into the loop of an attack. Following SCNIFFER, the second chapter presents a practical machine learning (ML) based EM SCA attack on AES-128. This attack addresses issues dealing with low signal-to-noise ratio (SNR) EM measurements, proposing training and pre-processing techniques to perform an efficient profiling attack. In the final chapter, methods for mapping from power to EM measurements, are analyzed, which can enable training a ML model with much lower number of encryption traces. Additionally, SCA evaluation of high-level synthesis (HLS) based cryptographic algorithms is performed, along with the study of futuristic neural encryption techniques.

Computer Engineering

Computer System Security

Hardware Security

Side-channel analysis

Side-channel attacks

Machine Learning

Electromagnetic Side-Channel Analysis for Hardware and Software Watermarking

Lakshminarasimhan, Ashwin

01 January 2011

With more and more ICs being used in sectors requiring confidentiality and integrity like payment systems, military, finance and health, there is a lot of concern in the security and privacy of ICs. The widespread adoption of Intellectual Property (IP) based designs for modern systems like system on chips has reduced the time to market and saved a lot of money for many companies. But this has also opened the gates for problems like product piracy, IP theft and fraud. It is estimated that billions of dollars are lost annually to illegal manufacturing of Integrated Circuits. A possible solution to this problem of IP theft is to insert small circuits which are like unique IDs that only the owner or the registered verifier will know and detect in case of any conflict. The circuits that are inserted are called watermarks and are in some cases kept very small so as to be hidden. In such cases, we would need detection schemes that work well even with very small watermarks. In this work, we use Electro-Magnetic (EM) based side-channels for the detection of watermarks. Since the 90s, Side-channel Analyses have attracted significant attention within the cryptographic community as they are able to obtain secret information from smart cards and ICs. The power side-channel analysis is a very powerful method but EM side-channels are very useful as they will not need a resistor in series to the power supply and just needs passive observation of the EM radiations emanated by the IC. This passive monitoring will be a big advantage in the case of automated watermark detection used by a verifier. In this work, we start with EM side-channel analysis on FPGA for smaller designs. We insert watermarks on a Micro-controller, Smartcard and an FPGA and detect these watermarks using EM side-channel information emanated from the Design under Test. We used environments with different levels of noise interference. We compare the watermarking application using EM side-channels and Power side-channels in these different setups. These watermarks are very small and are hard to attack or remove by an attacker through reverse engineering or side-channel information. Due to the robustness against such attacks and the easy access of EM side-channels when compared to power side-channels, the EM side-channel based watermarks will be a very good solution for the IP theft problem. EM side-channel based watermark detection supports automation which companies of IP cores can make use of. We also extended this work to EM Side-channel Trojans as the concepts are similar

Side-Channel Analysis

Electromagnetic side channel

Trojans

Watermarks

Electrical and Computer Engineering

Towards Comprehensive Side-channel Resistant Embedded Systems

Yao, Yuan

17 August 2021

Embedded devices almost involve every part of our lives, such as health condition monitoring, communicating with other people, traveling, financial transactions, etc. Within the embedded devices, our private information is utilized, collected and stored. Cryptography is the security mechanism within the embedded devices for protecting this secret information. However, cryptography algorithms can still be analyzed and attacked by malicious adversaries to steal secret data. There are different categories of attacks towards embedded devices, and the side-channel attack is one of the powerful attacks. Unlike analyzing the vulnerabilities within the cryptography algorithm itself in traditional attacks, the side-channel attack observes the physical effect signals while the cryptography algorithm runs on the device. These physical effects include the power consumption of the devices, timing, electromagnetic radiations, etc., and we call these physical effects that carry secret information side-channel leakage. By statistically analyzing these side-channel leakages, an attacker can reconstruct the secret information. The manifestation of side-channel leakage happens at the hardware level. Therefore, the designer has to ensure that the hardware design of the embedded system is secure against side-channel attacks. However, it is very arduous work. An embedded systems design including a large number of electronic components makes it very difficult to comprehensively capture every side-channel vulnerability, locate the root cause of the side-channel leakage, and efficiently fix the vulnerabilities. In this dissertation, we developed methodologies that can help designers detect and fix side-channel vulnerabilities within the embedded system design at low cost and early design stage. / Doctor of Philosophy / Side-channel leakage, which reveals the secret information from the physical effects of computing secret variables, has become a serious vulnerability in secure hardware and software implementations. In side-channel attacks, adversaries passively exploit variations such as power consumption, timing, and electromagnetic emission during the computation with secret variables to retrieve sensitive information. The side-channel attack poses a practical threat to embedded devices, an embedded device's cryptosystem without adequate protection against side-channel leakage can be easily broken by the side-channel attack. In this dissertation, we investigate methodologies to build up comprehensive side-channel resistant embedded systems. However, this is challenging because of the complexity of the embedded system. First, an embedded system integrates a large number of components. Even if the designer can make sure that each component is protected within the system, the integration of the components will possibly introduce new vulnerabilities. Second, the existing side-channel leakage evaluation of embedded system design happens post-silicon and utilizes the measurement on the prototype of the taped-out chip. This is too late for mitigating the vulnerability in the design. Third, due to the complexity of the embedded system, even though the side-channel leakage is detected, it is very hard to precisely locate the root cause within the design. Existing side-channel attack countermeasures are very costly in terms of design overhead. Without a method that can precisely identify the side-channel leakage source within the design, huge overhead will be introduced by blindly add the side-channel countermeasure to the whole design. To make the challenge even harder, the Power Distribution Network (PDN) where the hardware design locates is also vulnerable to side-channel attacks. It has been continuously demonstrated by researchers that attackers can place malicious circuits on a shared PDN with victim design and open the opportunities for the attackers to inject faults or monitoring power changes of the victim circuit. In this dissertation, we address the challenges mentioned above in designing a side-channel-resistant embedded system. We categorize our contributions into three major aspects—first, we investigating the effects of integration of security components and developing corresponding countermeasures. We analyze the vulnerability in a widely used countermeasure - masking, and identify that the random number transfer procedure is a weak link in the integration which can be bypassed by the attacker. We further propose a lightweight protection scheme to protect function calls from instruction skip fault attacks. Second, we developed a novel analysis methodology for pre-silicon side-channel leakage evaluation and root cause analysis. The methodology we developed enables the designer to detect the side-channel leakage at the early pre-silicon design stage, locate the leakage source in the design precisely to the individual gate and apply highly targeted countermeasure with low overhead. Third, we developed a multipurpose on-chip side-channel and fault monitoring extension - Programmable Ring Oscillator (PRO), to further guarantee the security of PDN. PRO can provide on-chip side-channel resistance, power monitoring, and fault detection capabilities to the secure design. We show that PRO as application-independent integrated primitives can provide side-channel and fault countermeasure to the design at a low cost.

Side-Channel Attacks

Pre-silicon

Side-channel Leakage Source

Countermeasures

Simulation

Root Cause Analysis

Leakage Evaluation

Design Techniques for Side-channel Resistant Embedded Software

Sinha, Ambuj Sudhir

25 August 2011

Side Channel Attacks (SCA) are a class of passive attacks on cryptosystems that exploit implementation characteristics of the system. Currently, a lot of research is focussed towards developing countermeasures to side channel attacks. In this thesis, we address two challenges that are an inherent part of the efficient implementation of SCA countermeasures. While designing a system, design choices made for enhancing the efficiency or performance of the system can also affect the side channel security of the system. The first challenge is that the effect of different design choices on the side channel resistance of a system is currently not well understood. It is important to understand these effects in order to develop systems that are both secure and efficient. A second problem with incorporating SCA countermeasures is the increased design complexity. It is often difficult and time consuming to integrate an SCA countermeasure in a larger system. In this thesis, we explore that above mentioned problems from the point of view of developing embedded software that is resistant to power based side channel attacks. Our first work is an evaluation of different software AES implementations, from the perspective of side channel resistance, that shows the effect of design choices on the security and performance of the implementation. Next we present work that identifies the problems that arise while designing software for a particular type of SCA resistant architecture - the Virtual Secure Circuit. We provide a solution in terms of a methodology that can be used for developing software for such a system - and also demonstrate that this methodology can be conveniently automated - leading to swifter and easier software development for side channel resistant designs. / Master of Science

Bitslice Cryptography

Side Channel Attacks

Virtual Secure Circuit

Secure Embedded Systems

Side-channel Countermeasures

Physical design of cryptographic applications : constrained environments and power analysis resistance

Macé, François

24 April 2008

Modern cryptography responds to the need for security that has arisen with the emergence of communication appliances. However, its adapted integration in the wide variety of existing communication systems has opened new design challenges. Amongst them, this thesis addresses two in particular, related to hardware integration of cryptographic algorithms: constrained environments and side-channel security. In the context of constrained environments, we propose to study the interest of the Scalable Encryption Algorithm SEA for constrained hardware applications. We investigate both the FPGA and ASIC contexts and illustrate, using practical implementation results, the interest of this algorithm. Indeed, we demonstrate how hardware implementations can keep its high scalability properties while achieving interesting implementation figures in comparison to conventional algorithms such as the AES. Next, we deal with three complementary aspects related to side-channel resistance. We first propose a new class of dynamic and differential logic families achieving low-power performance with matched leakage of information to state of-the-art countermeasures. We then discuss a power consumption model for these logic styles and apply it to DyCML implementations. It is based on the use of the isomorphism existing between the gate structures of the implemented functions and the binary decision diagrams describing them. Using this model, we are not only able to predict the power consumption, and therefore attack such implementations, but also to efficiently choose the gate structures achieving the best resistance against this model. We finally study a methodology for the security evaluation of cryptographic applications all along their design and test phases. We illustrate the interest of such a methodology at different design steps and with different circuit complexity, using either simulations or power consumption measurements.

Cryptography

Side-Channel Attacks

Countermeasurs

Constrained Environments

Digital Circuit Design

On the Prevention of Cache-Based Side-Channel Attacks in a Cloud Environment

Godfrey, Michael

26 September 2013

As Cloud services become more commonplace, recent works have uncovered vulnerabilities unique to such systems. Specifi cally, the paradigm promotes a risk of information leakage across virtual machine isolation via side-channels. Unlike conventional computing, the infrastructure supporting a Cloud environment allows mutually dis- trusting clients simultaneous access to the underlying hardware, a seldom met requirement for a side-channel attack. This thesis investigates the current state of side-channel vulnerabilities involving the CPU cache, and identifi es the shortcomings of traditional defenses in a Cloud environment. It explores why solutions to non-Cloud cache-based side-channels cease to work in Cloud environments, and describes new mitigation techniques applicable for Cloud security. Speci cally, it separates canonical cache-based side-channel attacks into two categories, Sequential and Parallel attacks, based on their implementation and devises a unique mitigation technique for each. Applying these solutions to a canonical Cloud environment, this thesis demonstrates the validity of these Cloud-specifi c, cache-based side-channel mitigation techniques. Furthermore, it shows that they can be implemented, together, as a server-side approach to improve security without inconveniencing the client. Finally, it conducts a comparison of our solutions to the current state-of-the-art. / Thesis (Master, Computing) -- Queen's University, 2013-09-25 18:03:47.737

CPU Cache

Server Side Defense

Cloud Computing

Security

Side Channel

Side Channel Leakage Exploitation, Mitigation and Detection of Emerging Cryptosystems

Chen, Cong

26 March 2018

With the emerging computing technologies and applications in the past decades, cryptography is facing tremendous challenges in its position of guarding our digital world. The advent of quantum computers is potentially going to cease the dominance of RSA and other public key algorithms based on hard problems of factorization and discrete logarithm. In order to protect the Internet at post-quantum era, great efforts have been dedicated to the design of RSA substitutions. One of them is code- based McEliece public key schemes which are immune to quantum attacks. Meanwhile, new infrastructures like Internet of Things are bringing the world enormous benefits but, due to the resource-constrained nature, require compact and still reliable cryptographic solutions. Motivated by this, many lightweight cryptographic algorithms are introduced. Nevertheless, side channel attack is still a practical threat for implementations of these new algorithms if no countermeasures are employed. In the past decades two major categories of side channel countermeasures, namely masking and hiding, have been studied to mitigate the threat of such attacks. As a masking countermeasure, Threshold Implementation becomes popular in recent years. It is sound in providing provable side channel resistance for hardware-based cryptosystems but meanwhile it also incurs significant overheads which need further optimization for constrained applications. Masking, especially for higher order masking schemes, requires low signal-to-noise ratio to be effective which can be achieved by applying hiding countermeasures. In order to evaluate side channel resistance of countermeasures, several tools have been introduced. Due to its simplicity, TVLA is being accepted by academy and industry as a one-size-fit-all leakage detection methodolgy that can be used by non-experts. However, its effectiveness can be negatively impacted by environmental factors such as temperature variations. Thus, a robust and simple evaluation method is desired. In this dissertation, we first show how differential power analysis can efficiently exploit the power consumption of a McEliece implementation to recover the private key. Then, we apply Threshold Implementation scheme in order to protect from the proposed attack. This is, to the best of our knowledge, the first time of applying Threshold Implementation in a public key cryptosystem. Next, we investigate the reduction of shares in Threshold Implementation so as to bring down its overhead for constrained applications. Our study shows that Threshold Implementation using only two shares reduces the overheads while still provides reliable first-order resistance but in the meantime it also leaks a strong second-order leakage. We also propose a hiding countermeasure, namely balanced encoding scheme based on the idea of Dual- Rail Pre-charge logic style in hardwares. We show that it is effective to mitigate the leakage and can be combined with masking schemes to achieve better resistance. Finally, we study paired t-test versus Welch's t-test in the original TVLA and show its robustness against environmental noises. We also found that using moving average in computing t statistics can detect higher-order leakage faster.

post-quantum crypto

t-test

Threshold Implementations

Side channel attack

Lightweight Cryptography Meets Threshold Implementation: A Case Study for SIMON

Shahverdi, Aria

26 August 2015

"Securing data transmission has always been a challenge. While many cryptographic algorithms are available to solve the problem, many applications have tough area constraints while requiring high-level security. Lightweight cryptography aims at achieving high-level security with the benefit of being low cost. Since the late nineties and with the discovery of side channel attacks the approach towards cryptography has changed quite significantly. An attacker who can get close to a device can extract sensitive data by monitoring side channels such as power consumption, sound, or electromagnetic emanation. This means that embedded implementations of cryptographic schemes require protection against such attacks to achieve the desired level of security. In this work we combine a low-cost embedded cipher, Simon, with a stateof-the-art side channel countermeasure called Threshold Implementation (TI). We show that TI is a great match for lightweight cryptographic ciphers, especially for hardware implementation. Our implementation is the smallest TI of a block-cipher on an FPGA. This implementation utilizes 96 slices of a low-cost Spartan-3 FPGA and 55 slices a modern Kintex-7 FPGA. Moreover, we present a higher order TI which is resistant against second order attacks. This implementation utilizes 163 slices of a Spartan-3 FPGA and 95 slices of a Kintex-7 FPGA. We also present a state of the art leakage analysis and, by applying it to the designs, show that the implementations achieve the expected security. The implementations even feature a significant robustness to higher order attacks, where several million observations are needed to detect leakage."

cryptography

side-channel attacks

lightweight cryptography

SIMON

threshold implementation