Wednesday, October 10, 2012

Embedded Systems Week: Day 3 (Wednesday)

The by far best talk on Embedded Systems Security so far was given today by Nikil Dutt on "LRCG: Latch-based Random Clock-Gating for Preventing Power Analysis Side-Channel Attacks" which is joint work with K. Tanimura. The authors propose a time randomization against power analysis attacks which can be applied to ASIC implementations and have evaluated their proposal with simulated traces.

The main idea is to use latches (L) instead of Flip-Flops (FF):
traditional model: 
in -> FF -> Circuit -> loop to FF /out
new model: 
in -> LA -> Circuit1 -> LB -> Circuit2 -> loop to LA / out
where Circuit1 and Circuit2 together implement the same functionality as Circuit (i.e. one round of AES). The latches are not triggered by the clock (clk) signal directly but by
LA: not(clk XOR rand)
LB:     clk XOR rand 
where rand is a random bit which stays constant during the entire AES computation and is updated only with each new plaintext. Most imprtantly, this can be applied to slices of the circuit, e.g. with four slices corresponding to one column of the MixColumn operation. Thus they can start computation either in Circuit1 or Circuit2 depending on rand with different rand for each slice. Additionally, the authors modified the Synopsis Design Compiler for greater ease of implementation.

Using traces obtained from Synopsis NanoSim (post synthesis) and Synopsis' standard library SAED_EDK 90nm the authors generated overhead estimations and power consumption traces for four different implementations: an unprotected baseline, an implementation using this countermeasure and two comparison implementations using masking and WDDL respectively. The overhead estimations show that this is, both in area and energy consumption, a very efficient countermeasure.

They used the simulated power traces to run simple DPA and CPA attacks against all four implementations. Unlike the three comparison implementations, they failed to break their proposed countermeasure using up to 8192 traces. (The somewhat random number of traces was motivated by the considerable amount of time needed to generate the simulated traces.) On the one hand, these results are promising. On the other hand, power analysis results obtained from simulated traces are inherently unreliable but alas, one can not always tape-out a new chip. Also, the attacks do not use any of the fairly well established trace-alignment techniques; trace-alignment may very well defeat this countermeasure. To conclude, I believe this is an interesting idea deserving further research and evaluation.

No comments:

Post a Comment