Weize Yu

Leveraging on-chip voltage regulators as a countermeasure against side-channel attacks

Side-channel attacks have become a significant threat to the integrated circuit security. Circuit level techniques are proposed in this paper as a countermeasure against side-channel attacks. A distributed on-chip power delivery system consisting of multi-level switched capacitor (SC) voltage converters is proposed where the individual interleaved stages are turned on and turned off either based on the workload information or pseudo-randomly to scramble the power consumption profile. In the case that the changes in the workload demand do not trigger the power delivery system to turn on or off individual stages, the active stages are reshuffled with so called converter-reshuffling to insert random spikes in the power consumption profile. An entropy based metric is developed to evaluate the security-performance of the proposed converter-reshuffling technique as compared to three other existing on-chip power delivery schemes. The increase in the power trace entropy with CoRe scheme is also demonstrated with simulation results to further verify the theoretical analysis.

A Voltage Regulator-Assisted Lightweight AES Implementation Against DPA Attacks

In this paper, the mathematical foundations of the security implications of utilizing various on-chip voltage converters as a countermeasure against differential power analysis (DPA) attacks are investigated. An exhaustive mathematical analysis of a recently proposed converter-reshuffling (CoRe) technique is presented where measurement to disclose (MTD) is used to compare the security of the proposed on-chip CoRe regulator with the security of conventional on-chip voltage regulators. A DPA-resistant and lightweight advanced encryption standard (AES) engine implementation that leverages the CoRe technique is proposed. The impact of the centralized and distributed placement of the voltage regulators on the security of a pipelined AES engine is explored. The security implications of the relationship between the clock frequency of the device under attack and the switching frequency of the voltage regulator are investigated. As compared to an unprotected AES engine, the MTD value of the proposed improved pipelined AES engine with a centralized on-chip CoRe regulator is enhanced over 9100 times.

Exploiting Voltage Regulators to Enhance Various Power Attack Countermeasures

The security implications of on-chip voltage regulation on the effectiveness of various voltage/frequency scaling-based countermeasures such as random dynamic voltage and frequency scaling (RDVFS), random dynamic voltage scaling (RDVS), and aggressive voltage and frequency scaling (AVFS) are investigated. The side-channel leakage mechanisms of different on-chip voltage regulator topologies are mathematically analyzed and verified with circuit level simulations. Correlation coefficient between the input data and monitored power consumption of a cryptographic circuit is used as the security metric to compare the impact of different on-chip voltage regulators when implemented with the aforementioned countermeasures. As compared to a cryptographic circuit without countermeasure, the RDVFS technique implemented with an on-chip switched-capacitor voltage converter reduces the correlation coefficient over 80 percent and over 92 percent against differential and leakage power analysis attacks, respectively, through masking the leakage of the clock frequency and supply voltage information in the monitored power profile.

Charge-Withheld Converter-Reshuffling: A Countermeasure Against Power Analysis Attacks

Converter-reshuffling (CoRe) technique has recently been proposed as a power-efficient countermeasure against differential power analysis (DPA) attacks by randomly reshuffling the individual stages within a multiphase switched-capacitor voltage converter. This randomized reshuffling of the converter stages inserts noise to the monitored power profile and prevents an attacker from extracting the correct input power data. The total number of activated phases within a switch period, however, still correlates with the dynamic power consumption of the workload. To break the one-to-one relationship between the monitored and actual power consumption, a charge-withheld CoRe technique is proposed in this brief by utilizing the flying capacitors to withhold a random amount of charge for a random time period. As compared to the conventional CoRe technique, the proposed charge-withheld CoRe technique eliminates the possibility of having a zero power trace entropy (PTE) even under machine-learning-based DPA attacks. The average PTE of the monitored power profile is increased ~46.1% with a 64-phase charge-withheld CoRe technique.

Time-Delayed Converter-Reshuffling: An Efficient and Secure Power Delivery Architecture

In this letter, a time-delayed converter-reshuffling (CoRe) technique is proposed as a countermeasure against machine learning based differential power analysis (DPA) attacks where the attacker can synchronize the sampling frequency with the operating frequency of the device under attack. The proposed time-delayed CoRe technique exploits the distributed nature of multiphase switched capacitor voltage converters where half of the converter stages are delayed to eliminate the risk of having zero power trace entropy (PTE) under machine learning based DPA attacks. A high PTE value is maintained (above 3.2 for a 64-phase time-delayed CoRe technique) regardless of the phase difference between the attackers sampling rate and the operating frequency. In addition, the minimum PTE value of the proposed time-delayed CoRe technique is enhanced from zero to ~ 3 by inserting a certain time-delay to half of the converter stages.

Security-Adaptive Voltage Conversion as a Lightweight Countermeasure Against LPA Attacks

A voltage converter with adaptive security features is proposed as a lightweight countermeasure against leakage power analysis (LPA) attacks. When an LPA attack is sensed by the proposed security-adaptive (SA) voltage converter, a discharging resistor starts sinking redundant current to alter the signature of the load power dissipation. The power dissipation induced by the discharging resistor is scrambled by the SA voltage converter to maximize the amount of the inserted noise to the input power profile of the cryptographic against LPA attacks. As compared with a conventional cryptographic circuit that does not house any countermeasure, the lowest measurement-to-disclose value of a cryptographic circuit that employs the proposed voltage converter can be enhanced over 6145 times against LPA attacks.

ThermoGater: Thermally-Aware On-Chip Voltage Regulation

Tailoring the operating voltage to fine-grain temporal changes in the power and performance needs of the workload can effectively enhance power efficiency. Therefore, power-limited computing platforms of today widely deploy integrated (i.e., on-chip) voltage regulation which enables fast fine-grain voltage control. Voltage regulators convert and distribute power from an external energy source to the processor. Unfortunately, power conversion loss is inevitable and projected integrated regulator designs are unlikely to eliminate this loss even asymptotically. Reconfigurable power delivery by selective shut-down, i.e., gating, of distributed on-chip regulators in response to spatio-temporal changes in power demand can sustain operation at the minimum conversion loss. However, even the minimum conversion loss is sizable, and as conversion loss gets dissipated as heat, on-chip regulators can easily cause thermal emergencies due to their small footprint. Although reconfigurable distributed on-chip power delivery is emerging as a new design paradigm to enforce sustained operation at minimum possible power conversion loss, thermal implications have been overlooked at the architectural level. This paper hence provides a thermal characterization. We introduce ThermoGater, an architectural governor for a collection of practical, thermally-aware regulator gating policies to mitigate (if not prevent) regulator-induced thermal emergencies, which also consider potential implications for voltage noise. Practical ThermoGater policies can not only sustain minimum power conversion loss throughout execution effectively, but also keep the maximum temperature (thermal gradient) across chip within 0.6°C (0.3°C) on average in comparison to thermally-optimal oracular regulator gating, while the maximum voltage noise stays within 1.0% of the best case voltage noise profile.

False Key-Controlled Aggressive Voltage Scaling: A Countermeasure Against LPA Attacks

A false key-controlled aggressive voltage scaling (AVS) technique is proposed as a countermeasure against leakage power analysis (LPA) attacks. A random number of false keys are utilized to control the supply voltage scaling to mask the possible leakage of the information related to the correct key to a malicious attacker. Contrary to the random AVS technique, false key-controlled AVS technique can guarantee that the added false keys always exhibit higher correlation coefficients than that of the correct key even if sufficient number of plaintexts (>10 million) are enabled. As demonstrated with the simulation results, the measurement-to-disclose (MTD) value of a cryptographic circuit can be enhanced over ten million against LPA attacks by utilizing the proposed technique, while the MTD values of a conventional cryptographic circuit without countermeasure and one with random AVS are, respectively, less than 500 and 100,000.

A Lightweight Masked AES Implementation for Securing IoT Against CPA Attacks

A false key-based advanced encryption standard (AES) technique is proposed to prevent the stored secret key leaking from the substitution-box under correlation power analysis (CPA) attacks without significant power and area overhead. Wave dynamic differential logic (WDDL)-based XOR gates are utilized during the reconstruction stage to hide the intermediate data that may be highly correlated with the false key. After applying the false key and designing the reconstruction stage with the WDDL, the minimum measurement-to-disclose value for the proposed lightweight masked AES engine implementation becomes over 150 million against CPA attacks. As compared to an unprotected AES engine, the power, area, and performance overhead of the proposed AES implementation is negligible.

Implications of noise insertion mechanisms of different countermeasures against side-channel attacks

In this paper, the security implications of the noise insertion characteristics of different countermeasures against power analysis attacks are investigated. Through optimizing the selection of the type and sequence of the inserted noise, the security of a cryptographic circuit that has multiple countermeasures with varying noise insertion mechanisms can be improved. As demonstrated in this work, if the additive non-white noise and multiplicative noise are sequentially inserted into a cryptographic circuit, the correlation coefficient between the actual power dissipation of the cryptographic circuit and monitored power dissipation can be reduced over 37.6% under the same amount of inserted noise.