Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Lightweight Countermeasures Against Static Power Side-Channel Attacks

Jitendra Bhandari, Mohammed Nabeel, Likhitha Mankali, Ozgur Sinanoglu, Ramesh Karri, Johann Knechtel

TL;DR

This work addresses static power side-channel attacks (S-PSCA) on cryptographic hardware by introducing a lightweight defense that combines security-aware synthesis using low- and high-Vt cells with runtime random switching between paths built from different driver strengths. The core idea is to transform state registers into entangled, multi-path primitives whose leakage patterns are unpredictable, thereby significantly increasing the attack effort required for successful CPA analyses. Gate-level simulations on a 28nm AES design show up to 96× more traces are needed for disclosure, while area overhead remains modest (about 1.06×). Compared with prior art, the approach offers stronger resilience with lower overhead in a technology-accurate evaluation framework, paving the way for practical deployment and future measurement campaigns across additional cores.

Abstract

This paper presents a novel defense strategy against static power side-channel attacks (PSCAs), a critical threat to cryptographic security. Our method is based on (1) carefully tuning high-Vth versus low-Vth cell selection during synthesis, accounting for both security and timing impact, and (2), at runtime, randomly switching the operation between these cells. This approach serves to significantly obscure static power patterns, which are at the heart of static PSCAs. Our experimental results on a commercial 28nm node show a drastic increase in the effort required for a successful attack, namely up to 96 times more traces. When compared to prior countermeasures, ours incurs little cost, making it a lightweight defense.

Lightweight Countermeasures Against Static Power Side-Channel Attacks

TL;DR

This work addresses static power side-channel attacks (S-PSCA) on cryptographic hardware by introducing a lightweight defense that combines security-aware synthesis using low- and high-Vt cells with runtime random switching between paths built from different driver strengths. The core idea is to transform state registers into entangled, multi-path primitives whose leakage patterns are unpredictable, thereby significantly increasing the attack effort required for successful CPA analyses. Gate-level simulations on a 28nm AES design show up to 96× more traces are needed for disclosure, while area overhead remains modest (about 1.06×). Compared with prior art, the approach offers stronger resilience with lower overhead in a technology-accurate evaluation framework, paving the way for practical deployment and future measurement campaigns across additional cores.

Abstract

This paper presents a novel defense strategy against static power side-channel attacks (PSCAs), a critical threat to cryptographic security. Our method is based on (1) carefully tuning high-Vth versus low-Vth cell selection during synthesis, accounting for both security and timing impact, and (2), at runtime, randomly switching the operation between these cells. This approach serves to significantly obscure static power patterns, which are at the heart of static PSCAs. Our experimental results on a commercial 28nm node show a drastic increase in the effort required for a successful attack, namely up to 96 times more traces. When compared to prior countermeasures, ours incurs little cost, making it a lightweight defense.
Paper Structure (15 sections, 3 figures, 4 tables)

This paper contains 15 sections, 3 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background and Motivation
  3. Related Work
  4. Methodology
  5. Proposed Defense Against S-PSCA
  6. Implementation Details
  7. Design Implementation
  8. Simulation-Based Power Analysis
  9. Sampling-Based CPA Attack
  10. Experiments
  11. Setup
  12. Results I: LVT Tuning Only
  13. Results II: LVT and Driver-Strength Tuning
  14. Comparison to Prior Art
  15. Conclusion

Figures (3)

  • Figure 1: Baseline AES design under CPA attack. Shown are average numbers of power traces required until disclosure with 90% success rate across a varying number of LVT cells (versus HVT and RVT cells) employed in the state registers that are grouped into bytes.
  • Figure 2: Circuitry primitive for the proposed lightweight countermeasure scheme. The control signal (CTL) is connected to a random binary number generator. The dashed line indicates the option of using only the lower path.
  • Figure 3: Flow diagram for implementation as well as assessment of our lightweight masking scheme. Note that GLS is short for gate-level simulation.