Power Side Channels in Security ICs: Hardware Countermeasures

Power side-channel attacks are a very effective cryptanalysis technique that can infer secret keys of security ICs by monitoring the power consumption. Since the emergence of practical attacks in the late 90s, they have been a major threat to many cryptographic-equipped devices including smart cards, encrypted FPGA designs, and mobile phones. Designers and manufacturers of cryptographic devices have in response developed various countermeasures for protection. Attacking methods have also evolved to counteract resistant implementations. This paper reviews foundational power analysis attack techniques and examines a variety of hardware design mitigations. The aim is to highlight exposed vulnerabilities in hardware-based countermeasures for future more secure implementations

NOVEL RESOURCE EFFICIENT CIRCUIT DESIGNS FOR REBOOTING COMPUTING

CMOS based computing is reaching its limits. To take computation beyond Moores law (the number of transistors and hence processing power on a chip doubles every 18 months to 3 years) requires research explorations in (i) new materials, devices, and processes, (ii) new architectures and algorithms, (iii) new paradigm of logic bit representation. The focus is on fundamental new ways to compute under the umbrella of rebooting computing such as spintronics, quantum computing, adiabatic and reversible computing. Therefore, this thesis highlights explicitly Quantum computing and Adiabatic logic, two new computing paradigms that come under the umbrella of rebooting computing. Quantum computing is investigated for its promising application in high-performance computing. The first contribution of this thesis is the design of two resource-efficient designs for quantum integer division. The first design is based on non-restoring division algorithm and the second one is based on restoring division algorithm. Both the designs are compared and shown to be superior to the existing work in terms of T-count and T-depth. The proliferation of IoT devices which work on low-power also has drawn interests to the rebooting computing. Hence, the second contribution of this thesis is proving that Adiabatic Logic is a promising candidate for implementation in IoT devices. The adiabatic logic family called Symmetric Pass Gate Adiabatic Logic (SPGAL) is implemented in PRESENT-80 lightweight algorithm. Adiabatic Logic is extended to emerging transistor devices

IDPAL – A Partially-Adiabatic Energy-Efficient Logic Family: Theory and Applications to Secure Computing

Low-power circuits and issues associated with them have gained a significant amount of attention in recent years due to the boom in portable electronic devices. Historically, low-power operation relied heavily on technology scaling and reduced operating voltage, however this trend has been slowing down recently due to the increased power density on chips. This dissertation introduces a new very-low power partially-adiabatic logic family called Input-Decoupled Partially-Adiabatic Logic (IDPAL) with applications in low-power circuits. Experimental results show that IDPAL reduces energy usage by 79% compared to equivalent CMOS implementations and by 25% when compared to the best adiabatic implementation. Experiments ranging from a simple buffer/inverter up to a 32-bit multiplier are explored and result in consistent energy savings, showing that IDPAL could be a viable candidate for a low-power circuit implementation. This work also shows an application of IDPAL to secure low-power circuits against power analysis attacks. It is often assumed that encryption algorithms are perfectly secure against attacks, however, most times attacks using side channels on the hardware implementation of an encryption operation are not investigated. Power analysis attacks are a subset of side channel attacks and can be implemented by measuring the power used by a circuit during an encryption operation in order to obtain secret information from the circuit under attack. Most of the previously proposed solutions for power analysis attacks use a large amount of power and are unsuitable for a low-power application. The almost-equal energy consumption for any given input in an IDPAL circuit suggests that this logic family is a good candidate for securing low-power circuits again power analysis attacks. Experimental results ranging from small circuits to large multipliers are performed and the power-analysis attack resistance of IDPAL is investigated. Results show that IDPAL circuits are not only low-power but also the most secure against power analysis attacks when compared to other adiabatic low-power circuits. Finally, a hybrid adiabatic-CMOS microprocessor design is presented. The proposed microprocessor uses IDPAL for the implementation of circuits with high switching activity (e.g. ALU) and CMOS logic for other circuits (e.g. memory, controller). An adiabatic-CMOS interface for transforming adiabatic signals to square-wave signals is presented and issues associated with a hybrid implementation and their solutions are also discussed

Side-channel attacks and countermeasures in the design of secure IC's devices for cryptographic applications

Abstract--- A lot of devices which are daily used have to guarantee the retention of sensible data. Sensible data are ciphered by a secure key by which only the key holder can get the data. For this reason, to protect the cipher key against possible attacks becomes a main issue. The research activities in hardware cryptography are involved in finding new countermeasures against various attack scenarios and, in the same time, in studying new attack methodologies. During the PhD, three different logic families to counteract Power Analysis were presented and a novel class of attacks was studied. Moreover, two different activities related to Random Numbers Generators have been addressed

Combining Approximate Computing And Adiabatic Logic For Low-Power And Energy-Efficient Iot Edge Computing

The growing data-intensive applications that run on IoT edge devices require the circuit to be low-power consumption and energy-efficient for limited resources. As conventional Complementary Metal-Oxide-Semiconductor (CMOS) scales down to the nanometer technology node, it reaches its limits, such as leakage and power consumption. Adiabatic logic and approximate computing are emerging techniques for the low-power circuit. Adiabatic logic can recycle energy which is a promising solution for building energy-efficient circuits. However, the power clock scheme and dual-rail structure of adiabatic logic increase the overall area. Power consumption is further reduced by applying approximate computing while reducing the complexity and size of the circuit. Therefore, to investigate the benefits of approximate computing combined with adiabatic logic, we propose two adiabatic logic based approximate adders. The proposed approximate adders use the advantage of dual-rail logic to shrink the overall size and reduce energy consumption. The two proposed designs are True Sum Approximate Adder (TSAA) and True Carry-out Approximate Adder (TCAA). TSAA approximates the Carryout based on the accurate Sum, and TCAA approximates the Sum based on the precise Carryout. We performed simulations using 45nm technology in Cadence Spectre. Comparing with CMOS based accurate mirror adder (AMA) at 100 MHz, a power-saving of 83.26% and energy saving of 66.54% in PFAL based TSAA (PFAL: Positive Feedback Adiabatic Logic) is achieved. Further, we achieved a power saving of 87.22% and an energy saving of 74.43% in PFAL based TCAA compared to CMOS based accurate mirror adder (AMA). It is illustrated that PFAL based TCAA consumes 24.0% less power and energy per cycle compared to PFAL based TSAA. Further, we have proposed the True Sum Approximate Adder (TSAA) and the True Carry-out Approximate Adder (TCAA) that are energy-efficient and secured against DPA attacks. At 12.5 MHz operating frequency and 45 nm technology node, the DPA-resistant adiabatic TSAA and TCAA achieved power savings of 95.4% and 95.48%, energy savings of 90.80%, and 90.96% in comparison with the standard CMOS AMA

Transmission gate based dual rail logic for differential power analysis resistant circuits

Cryptographic devices with hardware implementation of the algorithms are increasingly being used in various applications. As a consequence, there is an increased need for security against the attacks on the cryptographic system. Among various attack techniques, side channel attacks pose a significant threat to the hardware implementation. Power analysis attacks are a type of side channel attack where the power leakage from the underlying hardware is used to eavesdrop on the hardware operation. Wave pipelined differential and dynamic logic (WDDL) has been found to be an effective countermeasure to power analysis. This thesis studies the use of transmission gate based WDDL implementation for the differential and dynamic logic. Although WDDL is an effective defense against power analysis, the number of gates needed for the design of a secure implementation is double the number of gates used for non-secure operations. In this thesis we propose transmission gate based structures for implementation of wave pipelined dynamic and differential logic to minimize the overhead of this defense against power analysis attacks. A transmission gate WDDL design methodology is presented, and the design and analysis of a secure multiplier is given. The adder structures are compared in terms of security effectiveness and silicon area overhead for three cases: unsecured logic implementation, standard gate WDDL, and transmission gate WDDL. In simulation, the transmission gate WDDL design is seen to have similar power consumption results compared to the standard gate WDDL; however, the transmission gate based circuit uses 10-50% fewer gates compared to the static WDDL

EMERGING COMPUTING BASED NOVEL SOLUTIONS FOR DESIGN OF LOW POWER CIRCUITS

The growing applications for IoT devices have caused an increase in the study of low power consuming circuit design to meet the requirement of devices to operate for various months without external power supply. Scaling down the conventional CMOS causes various complications to design due to CMOS properties, therefore various non-conventional CMOS design techniques are being proposed that overcome the limitations. This thesis focuses on some of those emerging and novel low power design technique namely Adiabatic logic and low power devices like Magnetic Tunnel Junction (MTJ) and Carbon Nanotube Field Effect transistor (CNFET). Circuits that are used for large computations (multipliers, encryption engines) that amount to maximum part of power consumption in a whole chip are designed using these novel low power techniques

Power Profile Obfuscation using RRAMs to Counter DPA Attacks

Side channel attacks, such as Differential Power Analysis (DPA), denote a special class of attacks in which sensitive key information is unveiled through information extracted from the physical device executing a cryptographic algorithm. This information leakage, known as side channel information, occurs from computations in a non-ideal system composed of electronic devices such as transistors. Power dissipation is one classic side channel source, which relays information of the data being processed. DPA uses statistical analysis to identify data-dependent correlations in sets of power measurements. Countermeasures against DPA focus on hiding or masking techniques at different levels of design abstraction and are typically associated with high power and area cost. Emerging technologies such as Resistive Random Access Memory (RRAM), offer unique opportunities to mitigate DPAs with their inherent memristor device characteristics such as variability in write time, ultra low power (0.1-3 pJ/bit), and high density (4F2). In this research, an RRAM based architecture is proposed to mitigate the DPA attacks by obfuscating the power profile. Specifically, a dual RRAM based memory module masks the power dissipation of the actual transaction by accessing both the data and its complement from the memory in tandem. DPA attack resiliency for a 128-bit AES cryptoprocessor using RRAM and CMOS memory modules is compared against baseline CMOS only technology. In the proposed AES architecture, four single port RRAM memory units store the intermediate state of the encryption. The correlation between the state data and sets of power measurement is masked due to power dissipated from inverse data access on dual RRAM memory. A customized simulation framework is developed to design the attack scenarios using Synopsys and Cadence tool suites, along with a Hamming weight DPA attack module. The attack mounted on a baseline CMOS architecture is successful and the full key is recovered. However, DPA attacks mounted on the dual CMOS and RRAM based AES cryptoprocessor yielded unsuccessful results with no keys recovered, demonstrating the resiliency of the proposed architecture against DPA attacks

Mitigating Differential Power Analysis Attacks on AES using NeuroMemristive Hardware

Cryptographic algorithms such as the Advanced Encryption Standard (AES) are vulnerable to side channel attacks. AES was once thought to be impervious to attacks, but this proved to be true only for a mathematical model of AES, not a physical realization. Hard- ware implementations leak side channel information such as power dissipation. One of the practical SCA attacks is the Differential power analysis (DPA) attack, which statistically analyzes power measurements to find data-dependent correlations. Several countermeasures against DPA have been proposed at the circuit and logic level in conventional technologies. These techniques generally include masking the data inside the algorithm or hiding the power profile. Next generation processors bring in additional challenges to mitigate DPA attacks, by way of heterogeneity of the devices used in the hardware realizations. Neuromemristive systems hold potential in this domain and also bring new challenges to the hardware security of cryptosystems. In this exploratory work, a neuromemristive architecture was designed to compute an AES transformation and mitigate DPA attacks. The random power profile of the neuromemristive architecture reduces the correlations between data and power consumption. Hardware primitives, such as neuron and synapse circuits were developed along with a framework to generate neural networks in hardware. An attack framework was developed to run DPA attacks using different leakage models. A baseline AES cryptoprocessor using only CMOS technology was attacked successfully. The SubBytes transformation was replaced by a neuromemristive architecture, and the proposed designs were more resilient against DPA attacks at the cost of increased power consumption