An EDA-Friendly Protection Scheme against Side-Channel Attacks Ali Galip Bayrak 1 Nikola Velickovic 1, Francesco Regazzoni 2, David Novo 1, Philip Brisk.

Slides:

Advertisements

Similar presentations

Statistical Tools Flavor Side-Channel Collision Attacks

Advertisements

Architectural Improvement for Field Programmable Counter Array: Enabling Efficient Synthesis of Fast Compressor Trees on FPGA Alessandro Cevrero 1,2 Panagiotis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

The Cost of Fixing Hold Time Violations in Sub-threshold Circuits Yanqing Zhang, Benton Calhoun University of Virginia Motivation and Background Power.

Graduate Computer Architecture I Lecture 15: Intro to Reconfigurable Devices.

EECE579: Digital Design Flows

Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.

Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.

Evolution of implementation technologies

ASIC vs. FPGA – A Comparisson Hardware-Software Codesign Voin Legourski.

On-Line Adjustable Buffering for Runtime Power Reduction Andrew B. Kahng Ψ Sherief Reda † Puneet Sharma Ψ Ψ University of California, San Diego † Brown.

ECE 699: Lecture 2 ZYNQ Design Flow.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Implementation of DSP Algorithm on SoC. Characterization presentation Student : Einat Tevel Supervisor : Isaschar Walter Accompany engineer : Emilia Burlak.

Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.

Yehdhih Ould Mohammed Moctar1 Nithin George2 Hadi Parandeh-Afshar2

156 / MAPLD 2005 Rollins 1 Reducing Energy in FPGA Multipliers Through Glitch Reduction Nathan Rollins and Michael J. Wirthlin Department of Electrical.

April 15, Synthesis of Signal Processing on FPGA Hongtao

Accuracy-Configurable Adder for Approximate Arithmetic Designs

Philip Brisk 2 Paolo Ienne 2 Hadi Parandeh-Afshar 1,2 1: University of Tehran, ECE Department 2: EPFL, School of Computer and Communication Sciences Efficient.

Power Reduction for FPGA using Multiple Vdd/Vth

Written By: Kris Tiri and Ingrid Verbauwhede Presented By: William Whitehouse.

LOPASS: A Low Power Architectural Synthesis for FPGAs with Interconnect Estimation and Optimization Harikrishnan K.C. University of Massachusetts Amherst.

ASIC/FPGA design flow. FPGA Design Flow Detailed (RTL) Design Detailed (RTL) Design Ideas (Specifications) Design Ideas (Specifications) Device Programming.

Enhancing FPGA Performance for Arithmetic Circuits Philip Brisk 1 Ajay K. Verma 1 Paolo Ienne 1 Hadi Parandeh-Afshar 1,2 1 2 University of Tehran Department.

Synthesis Presented by: Ms. Sangeeta L. Mahaddalkar ME(Microelectronics) Sem II Subject: Subject:ASIC Design and FPGA.

1 Rapid Estimation of Power Consumption for Hybrid FPGAs Chun Hok Ho 1, Philip Leong 2, Wayne Luk 1, Steve Wilton 3 1 Department of Computing, Imperial.

Lessons Learned The Hard Way: FPGA  PCB Integration Challenges Dave Brady & Bruce Riggins.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

Centro de Electrónica Industrial (CEI) | Universidad Politécnica de Madrid | | Side Channel Attack (SCA) is a special attak method.

ASIP Architecture for Future Wireless Systems: Flexibility and Customization Joseph Cavallaro and Predrag Radosavljevic Rice University Center for Multimedia.

1 Extending Atmel FPGA Flow Nikos Andrikos TEC-EDM, ESTEC, ESA, Netherlands DAUIN, Politecnico di Torino, Italy NPI Final Presentation 25 January 2013.

A Flexible DSP Block to Enhance FGPA Arithmetic Performance

CSE 494: Electronic Design Automation Lecture 2 VLSI Design, Physical Design Automation, Design Styles.

Heterogeneous FPGA architecture and CAD Peter Jamieson Supervisor: Jonathan Rose.

Fully Pipelined FPU for OR1200

VHDL Project Specification Naser Mohammadzadeh. Schedule  due date: Tir 18 th 2.

1 Towards Optimal Custom Instruction Processors Wayne Luk Kubilay Atasu, Rob Dimond and Oskar Mencer Department of Computing Imperial College London HOT.

Introduction to FPGA Created & Presented By Ali Masoudi For Advanced Digital Communication Lab (ADC-Lab) At Isfahan University Of technology (IUT) Department.

Design Space Exploration for Application Specific FPGAs in System-on-a-Chip Designs Mark Hammerquist, Roman Lysecky Department of Electrical and Computer.

George Mason University ECE 448 – FPGA and ASIC Design with VHDL ASICs vs. FPGAs ECE 448 Lecture 15.

ECE 545 Project 2 Specification. Schedule of Projects (1) Project 1 RTL design for FPGAs (20 points) Due date: Tuesday, November 22, midnight (firm) Checkpoints:

ECE 545 Project 2 Specification. Project 2 (15 points) – due Tuesday, December 19, noon Application: cryptography OR digital signal processing optimized.

Introductory project. Development systems Design Entry –Foundation ISE –Third party tools Mentor Graphics: FPGA Advantage Celoxica: DK Design Suite Design.

Jun Seomun, Insup Shin, Youngsoo Shin Dept. of Electrical Engineering, KAIST DAC’ 10.

1 - CPRE 583 (Reconfigurable Computing): Reconfiguration Management Iowa State University (Ames) CPRE 583 Reconfigurable Computing Lecture 5: Wed 10/14/2009.

DPA Countermeasures by Improving the Window Method Kouichi Itoh, Jun Yajima, Masahiko Takenaka and Naoya Torii Workshop on Cryptographic Hardware and Embedded.

ASIC to FPGA Conversion Flow. Conversion Feasibility Flow Chart Design Rules Checking Feasibility Report RTL CodeQuick Conversion ASIC Netlist Fault coverage.

IMPLEMENTATION OF MIPS 64 WITH VERILOG HARDWARE DESIGN LANGUAGE BY PRAMOD MENON CET520 S’03.

1 Synthesizing Datapath Circuits for FPGAs With Emphasis on Area Minimization Andy Ye, David Lewis, Jonathan Rose Department of Electrical and Computer.

LOGIC OPTIMIZATION USING TECHNOLOGY INDEPENDENT MUX BASED ADDERS IN FPGA Project Guide: Smt. Latha Dept of E & C JSSATE, Bangalore. From: N GURURAJ M-Tech,

A High-Level Synthesis Flow for Custom Instruction Set Extensions for Application-Specific Processors Asia and South Pacific Design Automation Conference.

Uniformly-switching Logic for Cryptographic Hardware D. Maslov - University of Victoria, Canada I. L. Markov - University of Michigan, USA.

1 Information Security – Theory vs. Reality , Winter Lecture 3: Power analysis, correlation power analysis Lecturer: Eran Tromer.

Architecture and algorithm for synthesizable embedded programmable logic core Noha Kafafi, Kimberly Bozman, Steven J. E. Wilton 2003 Field programmable.

ASIC/FPGA design flow. Design Flow Detailed Design Detailed Design Ideas Design Ideas Device Programming Device Programming Timing Simulation Timing Simulation.

Philip Brisk 2 Paolo Ienne 2 Hadi Parandeh-Afshar 1,2 1: University of Tehran, ECE Department 2: EPFL, School of Computer and Communication Sciences Improving.

Real-Time System-On-A-Chip Emulation.  Introduction  Describing SOC Designs  System-Level Design Flow  SOC Implemantation Paths-Emulation and.

ECE 545 Project 1 Introduction & Specification Part I.

Click to edit Present’s Name Three Attacks, Many Process Variations and One Expansive Countermeasure International Workshop on Cybersecurity Darshana Jayasinghe,

On the Synthesis of Side-Channel resistant Cryptographic Modules Sorin Alexander Huss Integrated Circuits and Systems Lab Computer Science Department Technische.

Automatic Application of Power Analysis Countermeasures

Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser

Ali Galip Bayrak EPFL, Switzerland June 7th, 2011

Electronics for Physicists

Hardware Masking, Revisited

High-Level Synthesis for Side-Channel Defense

A Novel FPGA Logic Block for Improved Arithmetic Performance

ECE 699: Lecture 3 ZYNQ Design Flow.

Electronics for Physicists

Presentation transcript:

An EDA-Friendly Protection Scheme against Side-Channel Attacks Ali Galip Bayrak 1 Nikola Velickovic 1, Francesco Regazzoni 2, David Novo 1, Philip Brisk 3 and Paolo Ienne 1

Side-Channel Attacks Cryptographic Processing Unit Cryptographic Processing Unit Secret Key Physical Device Plaintext Ciphertext Physical Observable (e.g., power consumption) f(plaintext, key) ~ power KNOWN RECOVER KNOWN 2

Protection Schemes Main Idea: f(plaintext, key) power How?Constant or random power consumption 3 Examples SoftwareHardware Constant- SABL (Tiri et al. 2002) MCML (Toprak et al. 2005) Random Dummy operation insertion Masking (Coron et al. 2000) MDPL (Popp et al. 2005) iMDPL (Popp et al. 2007) GALS (Gurkaynak et al. 2005) RCDD (Boey et al. 2010) SIRO (Zafar et al. 2010)

Motivation Area: 2X (SABL) – 20X (iMDPL) Energy: 3.5X (WDDL) – 18X (MDPL) Non-CMOS (SABL, MCML) Algorithm specific (GALS) Technology dependent (WDDL, MDPL) Fixed overhead (almost all) 4 Low cost Fully automated Tradeoff Security vs. Efficiency

Unprotected Circuit Combinatorial Circuit D D D D Q Q Q Q CLK Q all Input Output 5

Protected Circuit Combinatorial Circuit D D D D Q Q Q Q Input Output CLK Clock Randomization RCLK 0 RCLK 1 RCLK 2 RCLK 3 RCLK 0 Q all RCLK 1 RCLK 2 RCLK 3 6

Protected Circuit RCLK 0 Q all RCLK 1 RCLK 2 RCLK 3 T orig Δ T protected 7

Clock Randomization CLK 0 CLK 1 CLK 2 CLK N-1 δ 2δ (N-1)δ =Δ … … … Delayed Clocks MUX RCLK i Random Clocks Safe Clock Switching Zone RND 8

Protected Circuit Combinatorial Circuit D D D Q Q Q Input Output CLK Clock Randomization RCLK 0 RCLK 1 RCLK M-1 RCLK 0 Q all RCLK 1 RCLK 2 RCLK 3 9 … …

Automated Design Flow High-Level Description (VHDL/Verilog) clock renaming random clock generatio n code Code Modification Modified High-Level Description Logic Synthesis timing constraints Synthesized Circuit Place & Route Protected IC Layout RCLK(i) := MUX(CLK,RND,..) if (rising_edge(CLK)) if (rising_edge(RCLK(2))) create_clock … RCLK[0] set_clock_uncertainty … DELTA RCLK[0] 10

Experimental Setup FPGA experiments: Platform: SASEBO (Side-channel Attack Standard Evaluation Board) G-II. Two Xilinx FPGAs: Virtex-5 and Spartan- 3A. Toolchain: Xilinx ISE 14. ASIC experiments: Technology: 65nm STM CMOS standard cell library. Toolchain: Synopsys Design Compiler for synthesis, Cadence Encounter for placement and routing, Mentor Graphics Modelsim for simulations and Synopsys Nanosim for power estimation. 11

Experimental Setup AES-128 implementation Design parameters: N: number of delayed clocks. M: number of random clocks. Δ:total amount of delay. Performance parameters (normalized for unprotected): Security, Area, Speed and Energy 12

# Clocks vs. Security M (number of random clocks) = 8 ✔ [AES-specific] Bigger N (number of delayed clocks) ✔ >300X security improvement 13

Total Delay vs. Security Bigger Δ for a fixed N ✔ Bigger N for a fixed Δ ✔ ? 70X secure for N=Δ=16 300X secure for N=16, Δ=64 14

Total Delay vs. Area 8% overhead for 70X security point (Δ=16) 15% overhead for 300X security point (Δ=64) 15

Total Delay vs. Speed 2.3X slowdown for 70X security point (Δ=16) 7X slowdown for 300X security point (Δ=64) 16

Comparison 17 For the embedded systems subject to power analysis attacks, area and energy are much more important than speed!

Conclusions Fully automated design-flow. Platform and technology agnostic. Can be applied to any given implementation. Does not need security expertise. Less overhead than competing countermeasures. Area and energy efficient. Security increase is drastic. More than 300X with modest overhead. 18