25.3 A 128b AES Engine with Higher Resistance to Power and Electromagnetic Side-Channel Attacks Enabled by a Security-Aware Integrated All-Digital Low-Dropout Regulator

Singh, Arvind; Kar, Monodeep; Mathew, Sanu; Rajan, Anand Prem; De, Vivek; Mukhopadhyay, Saibal

doi:10.1109/isscc.2019.8662344

Cited by 39 publications

(15 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, unlike our proposed ideas, they cannot be applied to various designs, such as single-core processors and cryptographic hardware accelerators. In [23], [44]- [46], DPA-resistant AES cores equipped with various hiding countermeasures were introduced. These countermeasures provide significant improvement in terms of the number of traces required to reveal the secret key.…”

Section: Results Comparisonmentioning

confidence: 99%

Exploiting the Back-Gate Biasing Technique as a Countermeasure Against Power Analysis Attacks

Dao

Hoang

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Fully depleted silicon-on-insulator (FD-SOI) technology is renowned for its back-gate bias voltage controllability. It allows devices fabricated with FD-SOI technology to be optimized for low power consumption or high performance with proper back-gate biases, depending on the required application. This article proposes using the back-gate biasing technique in novel countermeasures against power analysis attacks. Theoretical explanations are discussed, and realistic differential power analysis (DPA) attacks, targeting AES-128 encryption on a 65-nm STOB 32-bit RISC-V microcontroller, are conducted to justify the proposed idea. The experimental results show that when compared with applying no bias, applying our first proposal, which involves using forward back-gate bias, not only improves the test device performance but also enhances its resistance to DPA attacks. Moreover, vulnerability to DPA attacks is kept unchanged when a reverse back-gate bias is applied to achieve low power consumption. The DPA resistance is even more vital when combining the back-gate bias technique with a lower supply voltage. The number of power traces required to retrieve the secret key successfully increases by 14.5 times in the best case. Even better DPA resistance can be obtained when the back-gate bias of the targeted microcontroller is dynamically randomized, as suggested by our second proposal of a random dynamic back-gate bias (RDBB). When RDBB is applied, the number of power traces required to retrieve the secret key successfully significantly increases by 33.4 times. INDEX TERMS Side-channel attacks, differential power analysis, countermeasure, back-gate biasing, FD-SOI, SOTB, RISC-V.

show abstract

Section: Results Comparisonmentioning

confidence: 99%

Exploiting the Back-Gate Biasing Technique as a Countermeasure Against Power Analysis Attacks

Dao

Hoang

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Simple power analysis (SPA) and differential power analysis (DPA) are the frequently-used methods to obtain the cryptographic algorithm power signatures, then lead to the cipher key extractions [ 21 ]. A similar solution also works with electromagnetic emissions [ 22 ] instead of analyzing the power signature; the chip electromagnetic signature is studied like DPA, and the ciphering key is extracted. Indeed, it is not possible to address all the embedded system security issues in one proposition.…”

Section: Preliminariesmentioning

confidence: 99%

High-Efficiency Parallel Cryptographic Accelerator for Real-Time Guaranteeing Dynamic Data Security in Embedded Systems

et al. 2021

View full text Add to dashboard Cite

Dynamic data security in embedded systems is raising more and more concerns in numerous safety-critical applications. In particular, the data exchanges in embedded Systems-on-Chip (SoCs) using main memory are exposing many security vulnerabilities to external attacks, which will cause confidential information leakages and program execution failures for SoCs at key points. Therefore, this paper presents a security SoC architecture with integrating a four-parallel Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) cryptographic accelerator for achieving high-efficiency data processing to guarantee data exchange security between the SoC and main memory against bus monitoring, off-line analysis, and data tampering attacks. The architecture design has been implemented and verified on a Xilinx Virtex-5 Field Programmable Gate Array (FPGA) platform. Based on evaluation of the cryptographic accelerator in terms of performance overhead, security capability, processing efficiency, and resource consumption, experimental results show that the parallel cryptographic accelerator does not incur significant performance overhead on providing confidentiality and integrity protections for exchanged data; its average performance overhead reduces to as low as 2.65% on typical 8-KB I/D-Caches, and its data processing efficiency is around 3 times that of the pipelined AES-GCM construction. The reinforced SoC under the data tampering attacks and benchmark tests confirms the effectiveness against external physical attacks and satisfies a good trade-off between high-efficiency and hardware overhead.

show abstract

“…Typically, filters are found and reported by ad hoc experimentation (trial and error), and parameters are set without any clear selection criterion, or alternatively they are optimized by heuristic methods. For several examples of the large range of band-pass (BP) filters, see [12][13][14], low-pass (LP) filters were recommended in [13,15], high-pass (HP) filters in [16,17] and band-stop (BS) filters [14].…”

Section: We Can Do Better With Ovssamentioning

confidence: 99%

“…For the two, the SCA literature tends to suggest heuristic optimization techniques to pre-process the traces and reduce the noise or filter the raw traces. There are many meta-parameters including the bandwidth and frequency ranges of a filter, its shape, and the domain it is manipulating [12][13][14][15][16][17] (e.g., time, frequency or other domains, such as the wavelet domain [15,18]). Filters are utilized extensively in the field and in particular in the side-channel related literature.…”

Section: Introductionmentioning

confidence: 99%

Improved Filtering Techniques for Single- and Multi-Trace Side-Channel Analysis

2021

View full text Add to dashboard Cite

Side-channel analysis (SCA) attacks constantly improve and evolve. Implementations are therefore designed to withstand strong SCA adversaries. Different side channels exhibit varying statistical characteristics of the sensed or exfiltrated leakage, as well as the embedding of different countermeasures. This makes it crucial to improve and adapt pre-processing and denoising techniques, and abilities to evaluate the adversarial best-case scenario. We address two popular SCA scenarios: (1) a single-trace context, modeling an adversary that captures only one leakage trace, and (2) a multi-trace (or statistical) scenario, that models the classical SCA context. Given that horizontal attacks, localized electromagnetic attacks and remote-SCA attacks are becoming evermore powerful, both scenarios are of interest and importance. In the single-trace context, we improve on existing Singular Spectral Analysis (SSA) based techniques by utilizing spectral property variations over time that stem from the cryptographic implementation. By adapting overlapped-SSA and optimizing over the method parameters, we achieve a significantly shorter computation time, which is the main challenge of the SSA-based technique, and a higher information gain (in terms of the Signal-to-Noise Ratio (SNR)). In the multi-trace context, a profiling strategy is proposed to optimize a Band-Pass Filter (BPF) based on a low-computational cost criterion, which is shown to be efficient for unprotected and low protection level countermeasures. In addition, a slightly more computationally intensive optimized ’shaped’ filter is presented that utilizes a frequency-domain SNR-based coefficient thresholding. Our experimental results exhibit significant improvements over a set of various implementations embedded with countermeasures in hardware and software platforms, corresponding to varying baseline SNR levels and statistical leakage characteristics.

show abstract

25.3 A 128b AES Engine with Higher Resistance to Power and Electromagnetic Side-Channel Attacks Enabled by a Security-Aware Integrated All-Digital Low-Dropout Regulator

Cited by 39 publications

References 5 publications

Exploiting the Back-Gate Biasing Technique as a Countermeasure Against Power Analysis Attacks

Exploiting the Back-Gate Biasing Technique as a Countermeasure Against Power Analysis Attacks

High-Efficiency Parallel Cryptographic Accelerator for Real-Time Guaranteeing Dynamic Data Security in Embedded Systems

Improved Filtering Techniques for Single- and Multi-Trace Side-Channel Analysis

Contact Info

Product

Resources

About