Presentation is loading. Please wait.

Presentation is loading. Please wait.

High-Level Synthesis for Side-Channel Defense

Similar presentations


Presentation on theme: "High-Level Synthesis for Side-Channel Defense"— Presentation transcript:

1 High-Level Synthesis for Side-Channel Defense
S. T. Choden Konigsmark, Deming Chen, Martin D. F. Wong University of Illinois at Urbana-Champaign July 10, 2017 ECE Main Slide

2 Introduction Internet of Things (IoT) introduces opportunities but also many challenges Highly resource constrained, security critical applications Security improvements need to be flexible and targeted Hardware implementations leak information Can be exploited through side-channel attacks Presence or absence of operations in power trace (SPA) Dynamic power consumption depends on many factors, e.g. capacitances, switching bits, etc. (DPA) Low-level techniques attempt to achieve input-independent power drain, resource intensive

3 Background Techniques to reduce information leakage Attack goal:
Dynamic differential logic (DDL) Wave dynamic differential logic (WDDL) creates standard building blocks to improve power consumption consistency Methods can be extended, e.g. through Double WDDL (DWDDL) Attack goal: Hostile application environment (e.g. IoT) where adversary has access to device Reveal user-specified secrets through differential power analysis, using physical access and large number of power traces

4 Synthesis Flow Overview of the side-channel leakage optimized synthesis flow. The flow combines typical HLS flows (orange) with analysis (blue) and culminates in leakage minimization operations (green).

5 Synthesis Flow Initial synthesis
Consume user-provided C-code with high-level annotations describing confidential variables First, compile into LLVM IR Derive of graph of confidential operations from initial annotations Continue with RTL synthesis without countermeasures as starting point for further analysis

6 Synthesis Flow (2)

7 Branch Balancing Identify conditionals depending on confidential values Attempt automatic mitigation by inserting matching dummy operations Log instructions for manual review Example of branch balancing. One branch of a conditional statement is supplemented with dummy instructions to minimize information leakage.

8 Leakage-Driven Allocation and Binding
Large multiplexors expensive – typically share only expensive FUs Allocation and binding are interweaved to maximize the efficiency of side-channel leakage reduction First, binding against most basic FU implementation Bind high risk operations (HRO) to common FUs Allocate resources to HRO FUs Estimate FU leakage as sum of leakages of operations bound to it

9 Leakage-Driven Allocation and Binding (2)

10 Leakage-Driven Allocation and Binding: Example
Example of leakage-driven binding. High risk operations are bound against one FU, while low risk instructions are bound against a different FU.

11 Experimental Evaluation
Implemented as extension of LegUp HLS tool Two passes: Security preparation and optimization Evaluation against: Base Reference Countermeasures applied at full design Modular Defense Countermeasures applied at module level Subset of CHStone benchmarks Addition: IoT benchmark with temperature calculations, presence of people based on sensor, and basic voice recognition Addition: SIMON benchmark, proposed for IoT security

12 Resource Target Per-benchmark upper resource limit
Leakage reduced on average by 72% compared to reference, 38% compared to modular synthesis Observation: Less delta to modular synthesis where confidential operations are constrained to module (e.g. GSM) Observation: Spread-out confidential operations bring full benefit of proposed synthesis (e.g. SIMON)

13 Resource Target (2) More stringent (lower) resource availability
Improvements to modular synthesis clearer – fine grained countermeasure application

14 Leakage Target Attempt to achieve given maximum leakage without resource constraints Low target leakage requires widespread countermeasures Less rigorous target shows more improvement potential

15 Conclusion Security as core requirement for IoT and Cloud
Countermeasures to DPA can be costly and optimization requires expert knowledge Automated synthesis flow Minimal user input required Leakage estimation through simulation and Hamming distance Fine-grained countermeasures introduced where needed Future directions Co-optimize for power consumption and operating speed Incorporate automatic masking for stronger defense

16 Thank You!


Download ppt "High-Level Synthesis for Side-Channel Defense"

Similar presentations


Ads by Google