Presentation is loading. Please wait.

Presentation is loading. Please wait.

An EDA-Friendly Protection Scheme against Side-Channel Attacks Ali Galip Bayrak 1 Nikola Velickovic 1, Francesco Regazzoni 2, David Novo 1, Philip Brisk.

Published byMildred Norton Modified over 9 years ago

Similar presentations

Presentation on theme: "An EDA-Friendly Protection Scheme against Side-Channel Attacks Ali Galip Bayrak 1 Nikola Velickovic 1, Francesco Regazzoni 2, David Novo 1, Philip Brisk."— Presentation transcript:

1 An EDA-Friendly Protection Scheme against Side-Channel Attacks Ali Galip Bayrak 1 Nikola Velickovic 1, Francesco Regazzoni 2, David Novo 1, Philip Brisk 3 and Paolo Ienne 1

2 Side-Channel Attacks Cryptographic Processing Unit Cryptographic Processing Unit Secret Key Physical Device Plaintext Ciphertext Physical Observable (e.g., power consumption) f(plaintext, key) ~ power KNOWN RECOVER KNOWN 2

3 Protection Schemes Main Idea: f(plaintext, key) power How?Constant or random power consumption 3 Examples SoftwareHardware Constant- SABL (Tiri et al. 2002) MCML (Toprak et al. 2005) Random Dummy operation insertion Masking (Coron et al. 2000) MDPL (Popp et al. 2005) iMDPL (Popp et al. 2007) GALS (Gurkaynak et al. 2005) RCDD (Boey et al. 2010) SIRO (Zafar et al. 2010)

4 Motivation Area: 2X (SABL) – 20X (iMDPL) Energy: 3.5X (WDDL) – 18X (MDPL) Non-CMOS (SABL, MCML) Algorithm specific (GALS) Technology dependent (WDDL, MDPL) Fixed overhead (almost all) 4 Low cost Fully automated Tradeoff Security vs. Efficiency

5 Unprotected Circuit Combinatorial Circuit D D D D Q Q Q Q CLK Q all Input Output 5

6 Protected Circuit Combinatorial Circuit D D D D Q Q Q Q Input Output CLK Clock Randomization RCLK 0 RCLK 1 RCLK 2 RCLK 3 RCLK 0 Q all RCLK 1 RCLK 2 RCLK 3 6

7 Protected Circuit RCLK 0 Q all RCLK 1 RCLK 2 RCLK 3 T orig Δ T protected 7

8 Clock Randomization CLK 0 CLK 1 CLK 2 CLK N-1 δ 2δ (N-1)δ =Δ … … … Delayed Clocks MUX RCLK i Random Clocks Safe Clock Switching Zone RND 8

9 Protected Circuit Combinatorial Circuit D D D Q Q Q Input Output CLK Clock Randomization RCLK 0 RCLK 1 RCLK M-1 RCLK 0 Q all RCLK 1 RCLK 2 RCLK 3 9 … …

10 Automated Design Flow High-Level Description (VHDL/Verilog) clock renaming random clock generatio n code Code Modification Modified High-Level Description Logic Synthesis timing constraints Synthesized Circuit Place & Route Protected IC Layout RCLK(i) := MUX(CLK,RND,..) if (rising_edge(CLK)) if (rising_edge(RCLK(2))) create_clock … RCLK[0] set_clock_uncertainty … DELTA RCLK[0] 10

11 Experimental Setup FPGA experiments: Platform: SASEBO (Side-channel Attack Standard Evaluation Board) G-II. Two Xilinx FPGAs: Virtex-5 and Spartan- 3A. Toolchain: Xilinx ISE 14. ASIC experiments: Technology: 65nm STM CMOS standard cell library. Toolchain: Synopsys Design Compiler for synthesis, Cadence Encounter for placement and routing, Mentor Graphics Modelsim for simulations and Synopsys Nanosim for power estimation. 11

12 Experimental Setup AES-128 implementation Design parameters: N: number of delayed clocks. M: number of random clocks. Δ:total amount of delay. Performance parameters (normalized for unprotected): Security, Area, Speed and Energy 12

13 # Clocks vs. Security M (number of random clocks) = 8 ✔ [AES-specific] Bigger N (number of delayed clocks) ✔ >300X security improvement 13

14 Total Delay vs. Security Bigger Δ for a fixed N ✔ Bigger N for a fixed Δ ✔ ? 70X secure for N=Δ=16 300X secure for N=16, Δ=64 14

15 Total Delay vs. Area 8% overhead for 70X security point (Δ=16) 15% overhead for 300X security point (Δ=64) 15

16 Total Delay vs. Speed 2.3X slowdown for 70X security point (Δ=16) 7X slowdown for 300X security point (Δ=64) 16

17 Comparison 17 For the embedded systems subject to power analysis attacks, area and energy are much more important than speed!

18 Conclusions Fully automated design-flow. Platform and technology agnostic. Can be applied to any given implementation. Does not need security expertise. Less overhead than competing countermeasures. Area and energy efficient. Security increase is drastic. More than 300X with modest overhead. 18

Download ppt "An EDA-Friendly Protection Scheme against Side-Channel Attacks Ali Galip Bayrak 1 Nikola Velickovic 1, Francesco Regazzoni 2, David Novo 1, Philip Brisk."

Similar presentations

Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
Architectural Improvement for Field Programmable Counter Array: Enabling Efficient Synthesis of Fast Compressor Trees on FPGA Alessandro Cevrero 1,2 Panagiotis.

Architectural Improvement for Field Programmable Counter Array: Enabling Efficient Synthesis of Fast Compressor Trees on FPGA Alessandro Cevrero 1,2 Panagiotis.
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
The Cost of Fixing Hold Time Violations in Sub-threshold Circuits Yanqing Zhang, Benton Calhoun University of Virginia Motivation and Background Power.

The Cost of Fixing Hold Time Violations in Sub-threshold Circuits Yanqing Zhang, Benton Calhoun University of Virginia Motivation and Background Power.
Graduate Computer Architecture I Lecture 15: Intro to Reconfigurable Devices.

Graduate Computer Architecture I Lecture 15: Intro to Reconfigurable Devices.
EECE579: Digital Design Flows

EECE579: Digital Design Flows
Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.

Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.
Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.

Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.
Evolution of implementation technologies

Evolution of implementation technologies
ASIC vs. FPGA – A Comparisson Hardware-Software Codesign Voin Legourski.

ASIC vs. FPGA – A Comparisson Hardware-Software Codesign Voin Legourski.
On-Line Adjustable Buffering for Runtime Power Reduction Andrew B. Kahng Ψ Sherief Reda † Puneet Sharma Ψ Ψ University of California, San Diego † Brown.

On-Line Adjustable Buffering for Runtime Power Reduction Andrew B. Kahng Ψ Sherief Reda † Puneet Sharma Ψ Ψ University of California, San Diego † Brown.
ECE 699: Lecture 2 ZYNQ Design Flow.

ECE 699: Lecture 2 ZYNQ Design Flow.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
Implementation of DSP Algorithm on SoC. Characterization presentation Student : Einat Tevel Supervisor : Isaschar Walter Accompany engineer : Emilia Burlak.

Implementation of DSP Algorithm on SoC. Characterization presentation Student : Einat Tevel Supervisor : Isaschar Walter Accompany engineer : Emilia Burlak.
Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.

Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.
Yehdhih Ould Mohammed Moctar1 Nithin George2 Hadi Parandeh-Afshar2

Yehdhih Ould Mohammed Moctar1 Nithin George2 Hadi Parandeh-Afshar2
156 / MAPLD 2005 Rollins 1 Reducing Energy in FPGA Multipliers Through Glitch Reduction Nathan Rollins and Michael J. Wirthlin Department of Electrical.

156 / MAPLD 2005 Rollins 1 Reducing Energy in FPGA Multipliers Through Glitch Reduction Nathan Rollins and Michael J. Wirthlin Department of Electrical.
April 15, 20031 Synthesis of Signal Processing on FPGA Hongtao

April 15, Synthesis of Signal Processing on FPGA Hongtao
Accuracy-Configurable Adder for Approximate Arithmetic Designs

Accuracy-Configurable Adder for Approximate Arithmetic Designs
Philip Brisk 2 Paolo Ienne 2 Hadi Parandeh-Afshar 1,2 1: University of Tehran, ECE Department 2: EPFL, School of Computer and Communication Sciences Efficient.

Philip Brisk 2 Paolo Ienne 2 Hadi Parandeh-Afshar 1,2 1: University of Tehran, ECE Department 2: EPFL, School of Computer and Communication Sciences Efficient.

Similar presentations

Ads by Google