30 likes | 155 Views
An Interleaved Dual-Core Structure for Resisting Concentrated EM Side Channel Attacks. W. He.
E N D
An Interleaved Dual-Core Structure for Resisting Concentrated EM Side Channel Attacks W. He Side Channel Attack (SCA) is a special attak method which reveals the confidential data by analying the data-dependent physical leakages from running chips (Microcontroller, Crypto-ASIC or FPGA). EM and power consumption are two major leakage sources. EM SCA poses more threats to conventional SCA coumtermeasures due to its distance-sensitivity. We developed unique circuit structure which resists EPE effects and sophisticated EM attacks. This structure depends on the interleaved dual-core placement while keeping identical routing nets which makes the concentrated EM analysis challenging. Project sponsored by Structural Protection Dual Rail Pre-charge Logic (DPL) A common way to balance the leakage variations is to use an extra mirror circuit that generates complementary power and EM leakages to flatten the whole variations. Theory Data-dependent Side Channel Leakage • Different behavior of CMOS cell consumes different amount of power. Changing current causes EM radiations. These minor power consumption and EM variations are therefore data-dependent and can be observed, recoreded by sophisticated measurements. Problems and Solutions Early Propagation Effect (EPE) Secrets revelation • Glitch • Skewed leakage compensation • Fluctuant switching edge • A group of estimated power/EM leakages are obtained depending on the possible keys. Then, statistical analysis is used to calculate the correlation coefficient between a large group of collected power/EM traces and the estimated power/EM values. The best matched correlation value reveals the real key being used in this crypto-algorithm. Solution: Pre-charge Absorbed DPL (PA-DPL) Separate dual core placement Suspicious against concentrated EM attack using tiny EM probe Key = f ( Power/EM(Estimated), Power/EM(real measured)) f: Pearson Correlation Coefficient Solution: Interleaved dual core Implementation of PA-DPL Attack Setup • Controlling routing path is difficult in FPGA implementation. Special technique is used to achieve identical routing for each complementary net pair. Separate dual core placement Interleaved dual core placement Identical routing pair Power Attack Setup EM Attack Setup • [1] He, W., De La Torre, E., Riesgo, T.: A Precharge-Absorbed DPL Logic for Reducing Early Propagation Effects on FPGA Implementations. In: 6th IEEE International Conference on ReConFigurable Computing and FPGAs (ReConfig’11), Cancun, Mexico (2011) • [2] He, W., De la Torre, E., Riesgo, T.: An Interleaved EPE-Immune PA-DPL Structure for Resisting Concentrated EM Side Channel Attacks on FPGA Implementation. In: 3rd International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE’12), Darmstadt, Germany (2012) Timing result – Net delay comparisons Net delay difference between net pair Net delay in original core Net delay in complementary core Net delay (ns) Net delay (ns) Net number Net number Net delay with identical routing technique Net delay without identical routing technique