8.1 Improved power-side-channel-attack resistance of an AES-128 core via a security-aware integrated buck voltage regulator

Kar, Monodeep; Singh, Arvind; Mathew, Sanu; Rajan, Anand Prem; De, Vivek; Mukhopadhyay, Saibal

doi:10.1109/isscc.2017.7870301

Cited by 58 publications

(40 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The larger loop requires 20,000 samples to cross the 4.5 threshold. These results are consistent with the observation of authors in [20] which found that the B-IVR mode shows leakage in power signatures.…”

Section: B High Performance Aes (Hp-aes)supporting

confidence: 93%

“…Although the architecture presented in [20] is focused on protection against PSCA, we observe that the inductor current of an IVR is also a function of the IVR input current. As the EM emission from the inductor is also a direct function of the current flowing through it, the architecture presented in [20] is relevant to EMSCA as well. However the effect on EMSCA resistance of the system is not addressed by the authors in [20].…”

Section: Motivation and Contributionmentioning

confidence: 97%

“…A Side-Channel-Security-Aware IVR Figure 5 shows the overall architecture of a side-channelsecurity aware IVR architecture, as presented in [20]. The power stage of the IVR switches at 125MHz switching frequency and package-bondwires are used as inductance.…”

Section: Bmentioning

confidence: 99%

“…The design also contains an extra circuit called looprandomizer (LR), as described in [20]. LR inserts delay into IVR's control loop by delaying the power stage clock through a chain of delay-elements.…”

Section: Bmentioning

confidence: 99%

“…al. in [20] presented power side-channel attack (PSCA) results for two configurations of an inductive IVR, namely a baseline IVR (B-IVR) representing typical operating mode of any inductive IVR and randomized IVR (R-IVR) where the control loop of the IVR is randomized. In general the techniques for improving PSCA resistance are not guaranteed to be effective for improving EMSCA resistance.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Reducing Power Side-Channel Information Leakage of AES Engines Using Fully Integrated Inductive Voltage Regulator

Kar

Singh

Mathew

et al. 2018

IEEE J. Solid-State Circuits

Self Cite

View full text Add to dashboard Cite

Modern high-performance as well as powerconstrained System-on-Chips (SoC) are increasingly using hardware accelerated encryption engines to secure computation, memory access, and communication operations. The electromagnetic (EM) emission from a chip leaks information of the underlying logical operation being performed by the chip. As the EM information leakage can be collected using low-cost instruments and non-invasive measurements, EM based sidechannel attacks (EMSCA) have emerged as a major threat to security of encryption engines in a SoC. This paper presents the concept of Blindsight where an high-frequency inductive voltage regulator integrated on the same chip with an encryption engine is used to increase resistance against EMSCA. High-frequency (∼100MHz) inductive integrated voltage regulators (IVR) are present in modern microprocessors to improve energy-efficiency. We show that an IVR with a randomized control loop (R-IVR) can reduce EMSCA as the integrated inductance acts as a strong EM emitter and blinds an adversary from EM emission of the encryption engine. The measurements are performed on a prototype circuit board with a test-chip containing two architectures of a 128-bit Advanced Encryption Standard (AES) engine powered by a high-frequency (125MHz) R-IVR with wirebond inductor. The EM measurements are performed under two attack scenarios, one, where an adversary gains complete physical access of the target device (EMSCA with Physical Access) and the other, where the adversary is only in proximity of the device (Proximity EMSCA). The resistance to EMSCA is characterized considering a naive adversary as well as a skilled one with intelligent post-processing capabilities. In both attack modes, for a naive adversary, EM emission from a baseline IVR (B-IVR, without control loop randomization) increases EMSCA resistance compared to a standalone AES engine. However, a skilled adversary with intelligent post-processing can observe information leakage in Test Vector Leakage Assessment (TVLA) test. Subsequently, we show that EM emission from the R-IVR blinds the attacker and significantly reduces SCA vulnerability of the AES engine. A range of practical side-channel analysis including TVLA, Correlation Electromagnetic Analysis (CEMA), and a template based CEMA shows that R-IVR can reduce information leakage and prevent key extraction even against a skilled adversary.

show abstract

Section: B High Performance Aes (Hp-aes)supporting

confidence: 93%