Static Power SCA of Sub-100 nm CMOS ASICs and the Insecurity of Masking Schemes in Low-Noise Environments

Semiconductor technology scaling faced tough engineering challenges while moving towards and beyond the deep sub-micron range. One of the most demanding issues, limiting the shrinkage process until the present day, is the difficulty to control the leakage currents in nanometer-scaled field-effect transistors. Previous articles have shown that this source of energy dissipation, at least in case of digital CMOS logic, can successfully be exploited as a side-channel to recover the secrets of cryptographic implementations. In this work, we present the first fair technology comparison with respect to static power side-channel measurements on real silicon and demonstrate that the effect of down-scaling on the potency of this security threat is huge. To this end, we designed two ASICs in sub-100nm CMOS nodes (90 nm, 65 nm) and got them fabricated by one of the leading foundries. Our experiments, which we performed at different operating conditions, show consistently that the ASIC technology with the smaller minimum feature size (65 nm) indeed exhibits substantially more informative leakages (factor of ~10) than the 90nm one, even though all targeted instances have been derived from identical RTL code. However, the contribution of this work extends well beyond a mere technology comparison. With respect to the real-world impact of static power attacks, we present the first realistic scenarios that allow to perform a static power side-channel analysis (including noise reduction) without requiring control over the clock signal of the target. Furthermore, as a follow-up to some proof-of-concept work indicating the vulnerability of masking schemes to static powerattacks, we perform a detailed study on how the reduction of the noise level in static leakage measurements affects the security provided by masked implementations. As a result of this study, we do not only find out that the threat for masking schemes is indeed real, but also that common leakage assessment techniques, such as the Welch’s t-test, together with essentially any moment-based analysis of the leakage traces, is simply not sufficient in low-noise contexts. In fact, we are able to show that either a conversion (resp. compression) of the leakage order or the recently proposed X2 test need to be considered in assessment and attack to avoid false negatives.

[1]  Amir Moradi,et al.  Side-channel attacks from static power: When should we care? , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  A. Trifiletti,et al.  Leakage Power Analysis attacks: Well-defined procedure and first experimental results , 2009, 2009 International Conference on Microelectronics - ICM.

[3]  Amir Moradi,et al.  Leakage Detection with the x2-Test , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[4]  G.E. Moore,et al.  Cramming More Components Onto Integrated Circuits , 1998, Proceedings of the IEEE.

[5]  Howard M. Heys,et al.  Template attacks based on static power analysis of block ciphers in 45-nm CMOS environment , 2017, 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS).

[6]  Jean-Pierre Seifert,et al.  Simple Photonic Emission Analysis of AES - Photonic Side Channel Analysis for the Rest of Us , 2012, CHES.

[7]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[8]  Amir Moradi,et al.  Static Power Side-Channel Analysis - A Survey on Measurement Factors , 2018, IACR Cryptol. ePrint Arch..

[9]  François-Xavier Standaert,et al.  Composable Masking Schemes in the Presence of Physical Defaults and the Robust Probing Model , 2018, IACR Cryptol. ePrint Arch..

[10]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[11]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[12]  Saibal Mukhopadhyay,et al.  Leakage current mechanisms and leakage reduction techniques in deep-submicrometer CMOS circuits , 2003, Proc. IEEE.

[13]  Alessandro Trifiletti,et al.  Implementation of the PRESENT-80 block cipher and analysis of its vulnerability to Side Channel Attacks Exploiting Static Power , 2016, 2016 MIXDES - 23rd International Conference Mixed Design of Integrated Circuits and Systems.

[14]  Amir Moradi,et al.  Side-Channel Leakage through Static Power - Should We Care about in Practice? , 2014, CHES.

[15]  François-Xavier Standaert,et al.  How (not) to Use Welch's T-test in Side-Channel Security Evaluations , 2018, IACR Cryptol. ePrint Arch..

[16]  Michael Hutter,et al.  The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[17]  Rolf Landauer,et al.  Irreversibility and heat generation in the computing process , 1961, IBM J. Res. Dev..

[18]  Amir Moradi,et al.  Static power side-channel analysis of a threshold implementation prototype chip , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[19]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[20]  François-Xavier Standaert,et al.  Very High Order Masking: Efficient Implementation and Security Evaluation , 2017, IACR Cryptol. ePrint Arch..

[21]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[22]  Alessandro Trifiletti,et al.  Univariate Power Analysis Attacks Exploiting Static Dissipation of Nanometer CMOS VLSI Circuits for Cryptographic Applications , 2017, IEEE Transactions on Emerging Topics in Computing.

[23]  中嶋 純子,et al.  Cryptographic Hardware and Embedded Systems (CHES'99)国際会議参加報告 , 1999 .

[24]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[25]  Amir Moradi,et al.  On the Easiness of Turning Higher-Order Leakages into First-Order , 2017, COSADE.

[26]  Charles H. Bennett,et al.  Notes on Landauer's Principle, Reversible Computation, and Maxwell's Demon , 2002, physics/0210005.

[27]  R. Landauer,et al.  The Fundamental Physical Limits of Computation. , 1985 .

[28]  Wayne P. Burleson,et al.  Leakage-based differential power analysis (LDPA) on sub-90nm CMOS cryptosystems , 2008, 2008 IEEE International Symposium on Circuits and Systems.

[29]  Alessandro Trifiletti,et al.  Leakage Power Analysis attacks against a bit slice implementation of the Serpent block cipher , 2014, 2014 Proceedings of the 21st International Conference Mixed Design of Integrated Circuits and Systems (MIXDES).

[30]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[31]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[32]  M.A. Bayoumi,et al.  Leakage sources and possible solutions in nanometer CMOS technologies , 2005, IEEE Circuits and Systems Magazine.

[33]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[34]  Amir Moradi,et al.  Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations , 2015, CHES.

[35]  Mauro Olivieri,et al.  Impact of technology scaling on leakage power in nano-scale bulk CMOS digital standard cells , 2014, Microelectron. J..

[36]  S. Lloyd Ultimate physical limits to computation , 1999, Nature.

[37]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[38]  Alessandro Trifiletti,et al.  Effectiveness of Leakage Power Analysis Attacks on DPA-Resistant Logic Styles Under Process Variations , 2014, IEEE Transactions on Circuits and Systems I: Regular Papers.

[39]  S. Shiney Immaculate,et al.  Analysis of Leakage Power Attacks on DPA Resistant Logic Styles: A Survey , 2014 .