STELLAR: A Generic EM Side-Channel Attack Protection through Ground-Up Root-cause Analysis

The threat of side-channels is becoming increasingly prominent for resource-constrained internet-connected devices. While numerous power side-channel countermeasures have been proposed, a promising approach to protect the non-invasive electromagnetic side-channel attacks has been relatively scarce. Today’s availability of high-resolution electromagnetic (EM) probes mandates the need for a low-overhead solution to protect EM side-channel analysis (SCA) attacks. This work, for the first time, performs a white-box analysis to root-cause the origin of the EM leakage from an integrated circuit. System-level EM simulations with Intel 32 nm CMOS technology interconnect stack, as an example, reveals that the EM leakage from metals above layer 8 can be detected by an external non-invasive attacker with the commercially available state-of-the-art EM probes. Equipped with this ‘white-box’ understanding, this work proposes STELLAR: Signature aTtenuation Embedded CRYPTO with Low-Level metAl Routing, which is a two-stage solution to eliminate the critical signal radiation from the higher-level metal layers. Firstly, we propose routing the entire cryptographic core within the local lower-level metal layers, whose leakage cannot be picked up by an external attacker. Then, the entire crypto IP is embedded within a Signature Attenuation Hardware (SAH) which in turn suppresses the critical encryption signature before it routes the current signature to the highly radiating top-level metal layers. System-level implementation of the STELLAR hardware with local lower-level metal routing in TSMC 65 nm CMOS technology, with an AES-128 encryption engine (as an example cryptographic block) operating at 40 MHz, shows that the system remains secure against EM SCA attack even after 1M encryptions, with 67% energy efficiency and 1.23× area overhead compared to the unprotected AES.

[1]  Santosh Ghosh,et al.  ASNI: Attenuated Signature Noise Injection for Low-Overhead Power Side-Channel Attack Immunity , 2018, IEEE Transactions on Circuits and Systems I: Regular Papers.

[2]  Sanu Mathew,et al.  8.1 Improved power-side-channel-attack resistance of an AES-128 core via a security-aware integrated buck voltage regulator , 2017, 2017 IEEE International Solid-State Circuits Conference (ISSCC).

[3]  Amir Moradi,et al.  Hardware Masking, Revisited , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[4]  Daniel Genkin,et al.  Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation , 2015, CHES.

[5]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[6]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[7]  Lionel Torres,et al.  Near-Field Mapping System to Scan in Time Domain the Magnetic Emissions of Integrated Circuits , 2008, PATMOS.

[8]  Shreyas Sen,et al.  High efficiency power side-channel attack immunity using noise injection in attenuated signature domain , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[9]  Tim Güneysu,et al.  Generic Side-Channel Countermeasures for Reconfigurable Devices , 2011, CHES.

[10]  Daniel Genkin,et al.  ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs , 2016, CT-RSA.

[11]  Yu-ichi Hayashi,et al.  EM Attack Is Non-invasive? - Design Methodology and Validity Verification of EM Attack Sensor , 2014, CHES.

[12]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[13]  Alessandro Trifiletti,et al.  Three-Phase Dual-Rail Pre-charge Logic , 2006, CHES.

[14]  Takeshi Sugawara,et al.  Development of an on-chip micro shielded-loop probe to evaluate performance of magnetic film to protect a cryptographic LSI from electromagnetic analysis , 2010, 2010 IEEE International Symposium on Electromagnetic Compatibility.

[15]  Vivek De,et al.  Integrated all-digital low-dropout regulator as a countermeasure to power attack in encryption engines , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[16]  Lionel Torres,et al.  Evaluation on FPGA of triple rail logic robustness against DPA and DEMA , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[17]  S. Yang,et al.  AES-Based Security Coprocessor IC in 0.18-$muhbox m$CMOS With Resistance to Differential Power Analysis Side-Channel Attacks , 2006, IEEE Journal of Solid-State Circuits.

[18]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[19]  FRANÇOIS-XAVIER STANDAERT,et al.  An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays , 2006, Proceedings of the IEEE.

[20]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[21]  Mark Y. Liu,et al.  A 32nm logic technology featuring 2nd-generation high-k + metal-gate transistors, enhanced channel strain and 0.171μm2 SRAM cell size in a 291Mb array , 2008, 2008 IEEE International Electron Devices Meeting.

[22]  David Blaauw,et al.  Securing Encryption Systems With a Switched Capacitor Current Equalizer , 2010, IEEE Journal of Solid-State Circuits.

[23]  J. Jopling,et al.  High performance 32nm logic technology featuring 2nd generation high-k + metal gate transistors , 2009, 2009 IEEE International Electron Devices Meeting (IEDM).

[24]  Eric Peeters,et al.  Power and electromagnetic analysis: Improved model, consequences and comparisons , 2007, Integr..

[25]  Amit Kumar,et al.  Efficient simulation of EM side-channel attack resilience , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[26]  Jean-Louis Lacoume,et al.  A Proposition for Correlation Power Analysis Enhancement , 2006, CHES.

[27]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[28]  Colin O'Flynn,et al.  A Framework for Embedded Hardware Security Analysis , 2017 .

[29]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[30]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[31]  Zhizhang Chen,et al.  ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research , 2014, COSADE.

[32]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[33]  Ingrid Verbauwhede,et al.  Consolidating Masking Schemes , 2015, CRYPTO.

[34]  B. Preneel,et al.  Electromagnetic Analysis Attack on an FPGA Implementation of an Elliptic Curve Cryptosystem , 2005, EUROCON 2005 - The International Conference on "Computer as a Tool".