scholarly journals Balancing the Leakage Currents in Nanometer CMOS Logic—A Challenging Goal

2021 ◽  
Vol 11 (15) ◽  
pp. 7143
Author(s):  
Bijan Fadaeinia ◽  
Thorben Moos ◽  
Amir Moradi
Keyword(s):  
Process Variations ◽  
Advanced Technology ◽  
Side Channel ◽  
Leakage Currents ◽  
Protection Mechanism ◽  
Information Theoretic ◽  
Nanometer Cmos ◽  
Standard Cells ◽  
Analysis Technique ◽  
Static Power

The imbalance of the currents leaked by CMOS standard cells when different logic values are applied to their inputs can be exploited as a side channel to recover the secrets of cryptographic implementations. Traditional side-channel countermeasures, primarily designed to thwart the dynamic leakage behavior, were shown to be much less powerful against this static threat. Thus, a special protection mechanism called Balanced Static Power Logic (BSPL) has been proposed very recently. Essentially, fundamental standard cells are re-designed to balance their drain-source leakage current independent of the given input. In this work, we analyze the BSPL concept in more detail and reveal several design issues that limit its effectiveness as a universal logic library. Although balancing drain-source currents remains a valid approach even in more advanced technology generations, we show that it is conceptually insufficient to achieve a fully data-independent leakage behavior in smaller geometries. Instead, we suggest an alternative approach, so-called improved BSPL (iBSPL). To evaluate the proposed method, we use information theoretic analysis. As an attack strategy, we have chosen Moments-Correlating DPA (MCDPA), since this analysis technique does not depend on a particular leakage model and allows a fair comparison. Through these evaluation methods, we show iBSPL demands fewer resources and delivers better balance in the ideal case as well as in the presence of process variations.

scholarly journals SC-DDPL as a Countermeasure against Static Power Side-Channel Attacks

Cryptography ◽  
2021 ◽  
Vol 5 (3) ◽  
pp. 16
Author(s):  
Davide Bellizia ◽  
Riccardo Della Sala ◽  
Giuseppe Scotti
Keyword(s):  
Integrated Circuits ◽  
Cmos Technology ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Key Recovery ◽  
Security Metrics ◽  
Nanometer Cmos ◽  
Secret Keys ◽  
Static Power ◽  
Cmos Implementation

With the continuous scaling of CMOS technology, which has now reached the 3 nm node at production level, static power begins to dominate the power consumption of nanometer CMOS integrated circuits. A novel class of security attacks to cryptographic circuits which exploit the correlation between the static power and the secret keys was introduced more than ten years ago, and, since then, several successful key recovery experiments have been reported. These results clearly demonstrate that attacks exploiting static power (AESP) represent a serious threat for cryptographic systems implemented in nanometer CMOS technologies. In this work, we analyze the effectiveness of the Standard Cell Delay-based Precharge Logic (SC-DDPL) style in counteracting static power side-channel attacks. Experimental results on an FPGA implementation of a compact PRESENT crypto-core show that the SC-DDPL implementation allows a great improvement of all the security metrics with respect to the standard CMOS implementation and other state-of-the-art countermeasures such as WDDL and MDPL.

scholarly journals Countermeasures against Static Power Attacks

2021 ◽  
pp. 780-805
Author(s):  
Thorben Moos ◽  
Amir Moradi
Keyword(s):  
Process Variations ◽  
Cost Effective ◽  
Design Flow ◽  
Sensitive Information ◽  
Standard Cell ◽  
Aging Effects ◽  
Cell Library ◽  
Effective Option ◽  
Static Power ◽  
Power Attacks

In recent years it has been demonstrated convincingly that the standby power of a CMOS chip reveals information about the internally stored and processed data. Thus, for adversaries who seek to extract secrets from cryptographic devices via side-channel analysis, the static power has become an attractive quantity to obtain. Most works have focused on the destructive side of this subject by demonstrating attacks. In this work, we examine potential solutions to protect circuits from silently leaking sensitive information during idle times. We focus on countermeasures that can be implemented using any common digital standard cell library and do not consider solutions that require full-custom or analog design flow. In particular, we evaluate and compare a set of five distinct standard-cell-based hiding countermeasures, including both, randomization and equalization techniques. We then combine the hiding countermeasures with state-of-the-art hardware masking in order to amplify the noise level and achieve a high resistance against attacks. An important part of our contribution is the proposal and evaluation of the first ever standard-cell-based balancing scheme which achieves perfect data-independence on paper, i.e., in absence of intra-die process variations and aging effects. We call our new countermeasure Exhaustive Logic Balancing (ELB). While this scheme, applied to a threshold implementation, provides the highest level of resistance in our experiments, it may not be the most cost effective option due to the significant resource overhead associated. All evaluated countermeasures and combinations thereof are applied to a serialized hardware implementation of the PRESENT block cipher and realized as cryptographic co-processors on a 28nm CMOS ASIC prototype. Our experimental results are obtained through real-silicon measurements of a fabricated die of the ASIC in a temperature-controlled environment using a source measure unit (SMU). We believe that our elaborate comparison serves as a useful guideline for hardware designers to find a proper tradeoff between security and cost for almost any application.

scholarly journals Information Theoretic Modeling and Analysis for Global Interconnects With Process Variations

2011 ◽  
Vol 19 (3) ◽  
pp. 397-410 ◽  
Author(s):  
Stojan Z. Denic ◽  
Bane Vasic ◽  
Charalambos D. Charalambous ◽  
Jifeng Chen ◽  
Janet M. Wang
Keyword(s):  
Process Variations ◽  
Modeling And Analysis ◽  
Information Theoretic ◽  
Global Interconnects

scholarly journals Comprehensive Study of Side-Channel Attack on Emerging Non-Volatile Memories

2021 ◽  
Vol 11 (4) ◽  
pp. 38
Author(s):  
Mohammad Nasim Imtiaz Khan ◽  
Shivam Bhasin ◽  
Bo Liu ◽  
Alex Yuan ◽  
Anupam Chattopadhyay ◽  
...  
Keyword(s):  
High Performance ◽  
Spin Transfer Torque ◽  
Spin Transfer ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Static Power ◽  
High Scalability ◽  
Power Operation ◽  
Comprehensive Study

Emerging Non-Volatile Memories (NVMs) such as Magnetic RAM (MRAM), Spin-Transfer Torque RAM (STTRAM), Phase Change Memory (PCM) and Resistive RAM (RRAM) are very promising due to their low (static) power operation, high scalability and high performance. However, these memories bring new threats to data security. In this paper, we investigate their vulnerability against Side Channel Attack (SCA). We assume that the adversary can monitor the supply current of the memory array consumed during read/write operations and recover the secret key of Advanced Encryption Standard (AES) execution. First, we show our analysis of simulation results. Then, we use commercial NVM chips to validate the analysis. We also investigate the effectiveness of encoding against SCA on emerging NVMs. Finally, we summarize two new flavors of NVMs that can be resilient against SCA. To the best of our knowledge, this is the first attempt to do a comprehensive study of SCA vulnerability of the majority of emerging NVM-based cache.

scholarly journals Static Power SCA of Sub-100 nm CMOS ASICs and the Insecurity of Masking Schemes in Low-Noise Environments

2019 ◽  
pp. 202-232
Author(s):  
Thorben Moos
Keyword(s):  
Field Effect Transistors ◽  
Low Noise ◽  
Operating Conditions ◽  
Side Channel ◽  
Clock Signal ◽  
Channel Measurements ◽  
Security Threat ◽  
Technology Scaling ◽  
Static Power ◽  
Technology Comparison

Semiconductor technology scaling faced tough engineering challenges while moving towards and beyond the deep sub-micron range. One of the most demanding issues, limiting the shrinkage process until the present day, is the difficulty to control the leakage currents in nanometer-scaled field-effect transistors. Previous articles have shown that this source of energy dissipation, at least in case of digital CMOS logic, can successfully be exploited as a side-channel to recover the secrets of cryptographic implementations. In this work, we present the first fair technology comparison with respect to static power side-channel measurements on real silicon and demonstrate that the effect of down-scaling on the potency of this security threat is huge. To this end, we designed two ASICs in sub-100nm CMOS nodes (90 nm, 65 nm) and got them fabricated by one of the leading foundries. Our experiments, which we performed at different operating conditions, show consistently that the ASIC technology with the smaller minimum feature size (65 nm) indeed exhibits substantially more informative leakages (factor of ~10) than the 90nm one, even though all targeted instances have been derived from identical RTL code. However, the contribution of this work extends well beyond a mere technology comparison. With respect to the real-world impact of static power attacks, we present the first realistic scenarios that allow to perform a static power side-channel analysis (including noise reduction) without requiring control over the clock signal of the target. Furthermore, as a follow-up to some proof-of-concept work indicating the vulnerability of masking schemes to static powerattacks, we perform a detailed study on how the reduction of the noise level in static leakage measurements affects the security provided by masked implementations. As a result of this study, we do not only find out that the threat for masking schemes is indeed real, but also that common leakage assessment techniques, such as the Welch’s t-test, together with essentially any moment-based analysis of the leakage traces, is simply not sufficient in low-noise contexts. In fact, we are able to show that either a conversion (resp. compression) of the leakage order or the recently proposed X2 test need to be considered in assessment and attack to avoid false negatives.

scholarly journals Breaking Masked Implementations with Many Shares on 32-bit Software Platforms

2021 ◽  
pp. 202-234
Author(s):  
Olivier Bronchain ◽  
François-Xavier Standaert
Keyword(s):  
Positive Impact ◽  
Side Channel ◽  
Lightweight Cryptography ◽  
Key Recovery ◽  
Information Theoretic ◽  
Maximum Security ◽  
Software Implementations ◽  
Software Platforms ◽  
Security Evaluations ◽  
Security Guarantees

We explore the concrete side-channel security provided by state-of-theart higher-order masked software implementations of the AES and the (candidate to the NIST Lightweight Cryptography competition) Clyde, in ARM Cortex-M0 and M3 devices. Rather than looking for possibly reduced security orders (as frequently considered in the literature), we directly target these implementations by assuming their maximum security order and aim at reducing their noise level thanks to multivariate, horizontal and analytical attacks. Our investigations point out that the Cortex-M0 device has so limited physical noise that masking is close to ineffective. The Cortex-M3 shows a better trend but still requires a large number of shares to provide strong security guarantees. Practically, we first exhibit a full 128-bit key recovery in less than 10 traces for a 6-share masked AES implementation running on the Cortex-M0 requiring 232 enumeration power. A similar attack performed against the Cortex-M3 with 5 shares require 1,000 measurements with 244 enumeration power. We then show the positive impact of lightweight block ciphers with limited number of AND gates for side-channel security, and compare our attacks against a masked Clyde with the best reported attacks of the CHES 2020 CTF. We complement these experiments with a careful information theoretic analysis, which allows interpreting our results. We also discuss our conclusions under the umbrella of “backwards security evaluations” recently put forwards by Azouaoui et al. We finally extrapolate the evolution of the proposed attack complexities in the presence of additional countermeasures using the local random probing model proposed at CHES 2020.

Sign in / Sign up

Export Citation Format

Share Document