Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
126 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

RandOhm: Mitigating Impedance Side-channel Attacks using Randomized Circuit Configurations (2401.08925v3)

Published 17 Jan 2024 in cs.CR

Abstract: Physical side-channel attacks can compromise the security of integrated circuits. Most physical side-channel attacks (e.g., power or electromagnetic) exploit the dynamic behavior of a chip, typically manifesting as changes in current consumption or voltage fluctuations where algorithmic countermeasures, such as masking, can effectively mitigate them. However, as demonstrated recently, these mitigation techniques are not entirely effective against backscattered side-channel attacks such as impedance analysis. In the case of an impedance attack, an adversary exploits the data-dependent impedance variations of the chip power delivery network (PDN) to extract secret information. In this work, we introduce RandOhm, which exploits a moving target defense (MTD) strategy based on the partial reconfiguration (PR) feature of mainstream FPGAs and programmable SoCs to defend against impedance side-channel attacks. We demonstrate that the information leakage through the PDN impedance could be significantly reduced via runtime reconfiguration of the secret-sensitive parts of the circuitry. Hence, by constantly randomizing the placement and routing of the circuit, one can decorrelate the data-dependent computation from the impedance value. Moreover, in contrast to existing PR-based countermeasures, RandOhm deploys open-source bitstream manipulation tools on programmable SoCs to speed up the randomization and provide real-time protection. To validate our claims, we apply RandOhm to AES ciphers realized on 28-nm FPGAs. We analyze the resiliency of our approach by performing non-profiled and profiled impedance analysis attacks and investigate the overhead of our mitigation in terms of delay and performance.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (43)
  1. FPGA-Patch: Mitigating remote side-channel attacks on FPGAs using dynamic patch generation. In 2023 IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED). IEEE, 1–6.
  2. Hideharu Amano. 2018. Principles and structures of FPGAs. Springer.
  3. Electrons Vs. Photons: Assessment of Circuit’s Activity Requirements for E-Beam and Optical Probing Attacks. In ISTFA 2023. ASM International, 339–345.
  4. Md Sadik Awal and Md Tauhidur Rahman. 2023. Disassembling Software Instruction Types through Impedance Side-channel Analysis. In 2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, 227–237.
  5. Acoustic {{\{{Side-Channel}}\}} attacks on printers. In 19th USENIX Security Symposium (USENIX Security 10).
  6. Side-channel power resistance for encryption algorithms using implementation diversity. Cryptography 4, 2 (2020), 13.
  7. Protection Against Physical Attacks Through Self-Destructive Polymorphic Latch. In 2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD). IEEE, 1–9.
  8. Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. Cryptology ePrint Archive (2016).
  9. Tim Güneysu and Amir Moradi. 2011. Generic side-channel countermeasures for reconfigurable devices. In International workshop on cryptographic hardware and embedded systems. Springer, 33–48.
  10. Securing cryptographic circuits by exploiting implementation diversity and partial reconfiguration on FPGAs. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 260–263.
  11. Localized electromagnetic analysis of cryptographic implementations. In Topics in Cryptology–CT-RSA 2012: The Cryptographers’ Track at the RSA Conference 2012, San Francisco, CA, USA, February 27–March 2, 2012. Proceedings. Springer, 231–244.
  12. Michael Hutter and Jörn-Marc Schmidt. 2014. The temperature side channel and heating fault attacks. In Smart Card Research and Advanced Applications: 12th International Conference, CARDIS 2013, Berlin, Germany, November 27-29, 2013. Revised Selected Papers 12. Springer, 219–235.
  13. Echo TEMPEST: EM Information Leakage Induced by IEMI for Electronic Devices. IEEE Transactions on Electromagnetic Compatibility (2023).
  14. Bitfiltrator: A general approach for reverse-engineering Xilinx bitstream formats. In 2022 32nd International Conference on Field-Programmable Logic and Applications (FPL). IEEE, 01–08.
  15. Keysight. 2023. Keysight Documentations. https://www.keysight.com/us/en/product/E5080A/e5080a-ena-vector-network-analyzer.html
  16. Moving target and implementation diversity based countermeasures against side-channel attacks. In International Symposium on Applied Reconfigurable Computing. Springer, 188–202.
  17. Dirk Koch. 2012. Partial reconfiguration on FPGAs: architectures, tools and applications. Vol. 153. Springer Science & Business Media.
  18. Partial reconfiguration on FPGAs in practice—Tools and applications. In ARCS 2012. IEEE, 1–12.
  19. Differential power analysis. In Advances in Cryptology—CRYPTO’99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15–19, 1999 Proceedings 19. Springer, 388–397.
  20. Real-world snapshots vs. theory: Questioning the t-probing security model. In 2021 IEEE symposium on security and privacy (SP). IEEE, 1955–1971.
  21. Automatic Extraction of Secrets from the Transistor Jungle using {{\{{Laser-Assisted}}\}}{{\{{Side-Channel}}\}} Attacks. In 30th USENIX security symposium (USENIX security 21). 627–644.
  22. byteman: A Bitstream Manipulation Framework. In 2022 International Conference on Field-Programmable Technology (ICFPT). IEEE, 1–9.
  23. Power and fault analysis resistance in hardware through dynamic reconfiguration. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 346–362.
  24. Minicircuits. 2023. MiniCircuits Datasheets. https://www.mouser.com/datasheet/2/1030/CBL2FTSMNM-2b-2303455.pdf
  25. LeakyOhm: Secret Bits Extraction using Impedance Analysis. Cryptology ePrint Archive (2023).
  26. Thorben Moos. 2019. Static power SCA of sub-100 nm CMOS asics and the insecurity of masking schemes in low-noise environments. IACR Transactions on Cryptographic Hardware and Embedded Systems (2019), 202–232.
  27. Amir Moradi and Oliver Mischke. 2013. Comprehensive evaluation of AES dual ciphers as a side-channel countermeasure. In Information and Communications Security: 15th International Conference, ICICS 2013, Beijing, China, November 20-22, 2013. Proceedings 15. Springer, 245–258.
  28. Silicon Echoes: Non-Invasive Trojan and Tamper Detection using Frequency-Selective Impedance Analysis. Cryptology ePrint Archive (2023).
  29. Impedanceverif: On-chip impedance sensing for system-level tampering detection. IACR Transactions on Cryptographic Hardware and Embedded Systems (2022).
  30. NewAE. 2023a. CW305 Artix FPGA Target. https://rtfm.newae.com/Targets/CW30520Artix20FPGA
  31. NewAE. 2023b. NewAE Hardware Product. https://rtfm.newae.com/Capture/ChipWhisperer-Lite/
  32. Threshold implementations against side-channel attacks and glitches. In International conference on information and communications security. Springer, 529–545.
  33. BITMAN: A tool and API for FPGA bitstream manipulations. In Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017. IEEE, 894–897.
  34. Anup Kumar Raghavan and Peter Sutton. 2002. Jpg-a partial bitstream generation tool to support partial reconfiguration in virtex fpgas. In Parallel and Distributed Processing Symposium, International, Vol. 2. IEEE Computer Society, 6–pp.
  35. On the power of optical contactless probing: Attacking bitstream encryption of FPGAs. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1661–1674.
  36. Partitioning and scheduling with module merging on dynamic partial reconfigurable fpgas. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 13, 3 (2020), 1–24.
  37. Compact FPGA-based true and pseudo random number generators. In 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003. FCCM 2003. IEEE, 51–61.
  38. Kizheppatt Vipin and Suhaib A Fahmy. 2018. FPGA dynamic and partial reconfiguration: A survey of architectures, methods, and applications. ACM Computing Surveys (CSUR) 51, 4 (2018), 1–39.
  39. Martin Vuagnoux and Sylvain Pasini. 2009. Compromising electromagnetic emanations of wired and wireless keyboards.. In USENIX security symposium, Vol. 8. 1–16.
  40. Xilinx. 2023a. Xilinx 7 Series FPGAs Configurable Logic Block. https://www.eng.auburn.edu/~nelson/courses/elec4200/FPGA/ug4747SeriesCLB.pdf.
  41. Xilinx. 2023b. Xilinx Constraints Guide. https://www.xilinx.com/xilinx-14/cgd.pdf
  42. Xilinx. 2023c. Xilinx Introduction to Dynamic Function eXchange. https://docs.xilinx.com/r/en-US/ug909-vivado-partial-reconfiguration/Introduction-to-Dynamic-Function-eXchange.
  43. Muhammad Yasin and Ozgur Sinanoglu. 2017. Evolution of logic locking. In 2017 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC). IEEE, 1–6.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now