Increasing the Security of Hardware Designs against Side-Channel Attacks
Information leakage through physical channels has become a major factor in embedded hardware security. Standardized cryptographic algorithms are provably secure against black-box adversaries. However, over the last two decades, secret information was repeatedly demonstrated to be extracted by analysis of the information that leaks from side channels. Side channels denotes physical signals (channels that do not carry digital data) and attacks which utilize side channel information are called gray-box attacks. Power Analysis, PA (power supply monitoring) attacks are the most common and easiest side-channel-attacks (SCAs). Cyber-security deals with protecting logical level information leakage (faults or mis-design in e.g. software, communication, system and protocol) whereas, hardware-security deals with preventing information leakage from hardware physical implementation (underlined by SCAs, fault analysis etc.). The letter is not yet well treated or sufficiently understood.
In this talk, the problem of mitigating powerful gray-box power analysis attacks is discussed. The challenge is to design countermeasures where a bounded-resource adversary (limited storage and processing complexity, bounded physical access and abilities) will not be able to collect and process the side-channel information to extract the secret information. Unfortunately, currently there are no circuit level solutions with these properties.
A first and fundamental step in this direction will be discussed through several examples: a systematic design approach that utilizes internal signals to spread information-carrying energy within the clock period in a specific way. It addresses the problem of information leakage through both the combinational parts and the synchronous parts of the system: Data-Dependent-Delays (DDD) are embedded into combinational paths in a specific way that reduces and spreads information-leakage from all intermediate variables and substantially amplifies the data-dependent noise. Unlike existing higher-level countermeasures, this approach conceals information within the clock cycle (intra-cycle), at a time resolution of tens of piko seconds. The security level of synchronous systems is addressed as well; in general, statistical power analysis attacks require the synchronization of power measurements and assume that intermediate variables bits are computed simultaneously or instantaneously. The Pseudo-Asynchronous (pAsynch) design invalidates these assumptions. It combines the security advantages of asynchronous circuits with the ease of synchronous design.
* The work was carried out towards the PhD degree in the Faculty of Engineering, Bar-Ilan University, under a joint supervision of Prof. Alexander Fish and Dr. Osnat Keren.