Digital-Friendly EM/Power Side-Channel Attack Resilience for Legacy and Post-Quantum Crypto

Archisman Ghosh (8428161)

08 August 2024

<p dir="ltr">The proliferation of internet-connected embedded devices in contemporary computing environments has raised significant concerns regarding data security and confidentiality. Most embedded devices rely on computationally secure cryptographic algorithms to address these imperatives. However, despite the mathematical assurances, the physical implementation of these algorithms introduces vulnerabilities. Specifically, side-channel analysis (SCA) attacks exploit information leakage through various channels, including power consumption, electromagnetic (EM) radiation, timing, cache hits and misses, and other observable characteristics. </p><p dir="ltr">Previous research has introduced the concept of attenuating information-sensitive signatures using an analog cascoded current source for power delivery, coupled with an analog biased PMOS-based local negative feedback mechanism to stabilize the internal node. While this approach achieves robust signature suppression, resulting in higher minimum traces to disclosure (MTD) and enhanced security, it remains limited by its analog nature, making it less adaptable across different technology nodes. This thesis proposes a digital-friendly signature suppression technique that employs a digital cascoded current source and leverages a Ring-oscillator-based bleed path. These digital countermeasures can be further enhanced through time-domain obfuscation techniques. Our work demonstrates a state-of-the-art MTD of 1.25 billion traces for an AES-256 implementation. However, these countermeasures lack provable security guarantees, so continuous stress testing is essential for widespread deployment. Different intelligent attacks can be exploited on these physical countermeasures. Notably, this thesis also presents an intelligent attack on signature attenuation-based physical countermeasures and introduces an attack detector. Developing an intelligent attack detector is an integral part of the commercial adoption of physical countermeasures. </p><p dir="ltr">Next, generic physical countermeasures are often deployed in the $V_{DD}$ port as power side channel analysis is carried out through the $V_{DD}$ port. However, any digital circuit has two standard ports, namely $V_{DD}$ and clock port, and countermeasure through the clock port is mainly unexplored except for the system-level clock randomization technique. Even the clock-randomization technique is rendered ineffective in the presence of post-processing techniques. This thesis introduces a side channel resilience technique by introducing a larger slew at the clock, thereby improving MTD by $100\times$.</p><p dir="ltr">Next, these physical countermeasures do not come with any provable security guarantee. Hence, it is important to stress-test the countermeasures. This thesis does so and finds an exploitable point to reduce MTD by 1000$\times$. An attack detector of such an attack is also proposed.</p><p dir="ltr">Further, an attack detection strategy against side-channel analysis (SCA) or fault injection attacks (FIA) is also required. A detection and mitigation approach often gives us the option of duty-cycled countermeasures, hence reducing the energy overhead. This thesis proposes and analyzes a self-aware inductive loop-based attack detection strategy to detect SCA and FIA and enhance the signature attenuation countermeasures. </p><p dir="ltr">Finally, we explore opportunities for integrating these lightweight generic techniques into recently standardized Post-Quantum Cryptographic (PQC) cores. Specifically, we present an optimized implementation of the Saber PQC core, a NIST standardization finalist, achieving the lowest area and energy consumption. Future work could involve deploying lightweight PQC cores with synthesizable physical countermeasures to enhance security against quantum algorithms and physical side-channel attacks.</p>

Analog electronics and interfaces

Cryptography

Hardware security

Hardware Security

AES-256

Saber

Signature Attenuation Hardware

time varying transfer function

Countermeasure

Side channel attack

energy-effiiency

Digital

Advanced EM/Power Side-Channel Attacks and Low-overhead Circuit-level Countermeasures

Debayan Das (11178318)

27 July 2021

<div>The huge gamut of today’s internet-connected embedded devices has led to increasing concerns regarding the security and confidentiality of data. To address these requirements, most embedded devices employ cryptographic algorithms, which are computationally secure. Despite such mathematical guarantees, as these algorithms are implemented on a physical platform, they leak critical information in the form of power consumption, electromagnetic (EM) radiation, timing, cache hits and misses, and so on, leading to side-channel analysis (SCA) attacks. Non-profiled SCA attacks like differential/correlational power/EM analysis (DPA/CPA/DEMA/CEMA) are direct attacks on a single device to extract the secret key of an encryption algorithm. On the other hand, profiled attacks comprise of building an offline template (model) using an identical device and the attack is performed on a similar device with much fewer traces.</div><div><br></div><div>This thesis focusses on developing efficient side-channel attacks and circuit-level low-overhead generic countermeasures. A cross-device deep learning-based profiling power side-channel attack (X-DeepSCA) is proposed which can break the secret key of an AES-128 encryption engine running on an Atmel microcontroller using just a single power trace, thereby increasing the threat surface of embedded devices significantly. Despite all these advancements, most works till date, both attacks as well as countermeasures, treat the crypto engine as a black box, and hence most protection techniques incur high power/area overheads.</div><div><br></div><div>This work presents the first white-box modeling of the EM leakage from a crypto hardware, leading to the understanding that the critical correlated current signature should not be passed through the higher metal layers. To achieve this goal, a signature attenuation hardware (SAH) is utilized, embedding the crypto core locally within the lower metal layers so that the critical correlated current signature is not passed through the higher metals, which behave as efficient antennas and its radiation can be picked up by a nearby attacker. Combination of the 2 techniques – current-domain signature suppression and local lower metal routing shows >350x signature attenuation in measurements on our fabricated 65nm test chip, leading to SCA resiliency beyond 1B encryptions, which is a 100x improvement in both EM and power SCA protection over the prior works with comparable overheads. Moreover, this is a generic countermeasure and can be utilized for any crypto core without any performance degradation.</div><div><br></div><div>Next, backed by our physics-level understanding of EM radiation, a digital library cell layout technique is proposed which shows >5x reduction in EM SCA leakage compared to the traditional digital logic gate layout design. Further, exploiting the magneto-quasistatic (MQS) regime of operation for the present-day CMOS circuits, a HFSS-based framework is proposed to develop a pre-silicon EM SCA evaluation technique to test the vulnerability of cryptographic implementations against such attacks during the design phase itself.</div><div><br></div><div>Finally, considering the continuous growth of wearable and implantable devices around a human body, this thesis also analyzes the security of the internet-of-body (IoB) and proposes electro-quasistatic human body communication (EQS-HBC) to form a covert body area network. While the traditional wireless body area network (WBAN) signals can be intercepted even at a distance of 5m, the EQS-HBC signals can be detected only up to 0.15m, which is practically in physical contact with the person. Thus, this pioneering work proposing EQS-HBC promises >30x improvement in private space compared to the traditional WBAN, enhancing physical security. In the long run, EQS-HBC can potentially enable several applications in the domain of connected healthcare, electroceuticals, augmented and virtual reality, and so on. In addition to these physical security guarantees, side-channel secure cryptographic algorithms can be augmented to develop a fully secure EQS-HBC node.</div>

Circuits and Systems

Microelectronics and Integrated Circuits

Computer System Security

Electromagnetic Security

Hardware Security

Mixed-Signal Circuit design for security

Generic Low-overhead countermeasure

Signature Attenuation Hardware

STELLAR

X-DeepSCA