Return to search

Power analysis side channel attacks: the processor design-level context

The rapid increase in the use of embedded systems for performing secure transactions, has proportionally increased the security threats which are faced by such devices. Side channel attack, a sophisticated security threat to embedded devices like smartcards, mobile phones and PDAs, exploits the external manifestations like processing time, power consumption and electromagnetic emission to identify the internal computations. Power analysis attack, introduced by Kocher in 1998, is used by adversaries to eavesdrop on confidential data while the device is executing a secure transaction. The adversary observes the power trace dissipated/consumed by the chip during the encryption/decryption of the AES cryptographic program and predicts the secret key used for encryption by extracting necessary information from the power trace. Countermeasures proposed to overcome power analysis are data masking, table masking, current flattening, circuitry level solutions, dummy instruction insertions, balancing bit-flips, etc. All these techniques are either susceptible to multi-order side channel attacks, not sufficiently generic to cover all encryption algorithms, or burden the system with high area cost, run-time or energy consumption. The initial solution presented in this thesis is a HW/SW based randomised instruction injection technique, which infuses random instructions at random places during the execution of an application. Such randomisation obfuscates the secure information from the power profile, not allowing the adversary to extract the critical power segments for analysis. Further, the author devised a systematic method to measure the security level of a power sequence and used it to measure the number of random instructions needed, to suitably confuse the adversary. The proposed processor model costs 1.9% in additional area for a simplescalar processor, and costs on average 29.8% in runtime and 27.1% in additional energy consumption for six industry standard cryptographic algorithms. This design is extended to a processor architecture which automatically detects the execution of the most common encryption algorithms, starts to scramble the power waveform by adding randomly placed instructions with random register accesses, and stops injecting instructions when it is safe to do so. This approach has less overheads compared to previous solutions and avoids software instrumentation, allowing programmers with no special knowledge to use the system. The extended processor model costs an additional area of 1.2%, and an average of 25% in runtime and 28.5% in energy overheads for industry standard cryptographic algorithms. Due to the possibility of removing random injections using large number of samples (due to the random nature, a large number of samples will eliminate noise), the author proposes a multiprocessor 'algorithmic' balancing technique. This technique uses a dual processor architecture where two processors execute the same program in parallel, but with complementary intermediate data, thus balancing the bitflips. The second processor works in conjunction with the first processor for balancing only when encryption is performed, and both processors carry out independent tasks when no encryption is being performed. Both DES and AES cryptographic programs are investigated for balancing and the author shows that this technique is economical, while completely preventing power analysis attacks. The signature detection unit to capture encryption is also utilised, which is used in the instruction injection approach. This multiprocessor balancing approach reduces performance by 0.42% and 0.94% for AES and DES respectively. The hardware increase is 2X only when balancing is performed. Further, several future extensions for the balancing approach are proposed, by introducing random swapping of encryption iterations between cores. FPGA implementations of these processor designs are briefly described at the end of this thesis.

Identiferoai:union.ndltd.org:ADTP/258438
Date January 2009
CreatorsAmbrose, Jude Angelo, Computer Science & Engineering, Faculty of Engineering, UNSW
PublisherPublisher:University of New South Wales. Computer Science & Engineering
Source SetsAustraliasian Digital Theses Program
LanguageEnglish
Detected LanguageEnglish
Rightshttp://unsworks.unsw.edu.au/copyright, http://unsworks.unsw.edu.au/copyright

Page generated in 0.002 seconds