Abstract
Signal hiding countermeasures have been extensively investigated in the early side-channel attacks' literature. Due to design and physical imperfections, their stand-alone use only leads to a limited reduction of the attacks' complexity. As a result, more algorithmic countermeasures providing a more formal cost vs. security tradeoff (e.g., shuffling and masking) have gained more attention. Yet, since the cost associated with these is high, designers aim at combining countermeasures, leveraging the strength of each. In this manuscript, we demonstrate that by asking less to both signal hiding and algorithmic countermeasures (as stand-alone), we can develop combined countermeasures that indeed provide higher security at lower cost. For this purpose, we show how we can stack signal reduction and amplitude randomization techniques with ultra low cost automatic design flows and standard tools, and reach attractive security levels in combination with masking. Concretely, we examine two natural strategies for signal hiding and their combination: namely WDDL and a simple, local, scalable and easy-to-implement noise generation engine. A 65nm technology ASIC is evaluated with multiple isolated AES cores, leveraging recent information theoretic bounds which are connected to masking security proofs, significantly reducing the side-channel information leakage. We further quantify performance gains for masked designs.
Original language | English |
---|---|
Article number | 9131818 |
Pages (from-to) | 4904-4917 |
Number of pages | 14 |
Journal | IEEE Transactions on Circuits and Systems I: Regular Papers |
Volume | 67 |
Issue number | 12 |
DOIs | |
State | Published - Dec 2020 |
Bibliographical note
Publisher Copyright:© 2004-2012 IEEE.
Keywords
- DPA
- Differential power analysis
- dual-rail logic styles
- hardware security
- information theoretic metrics
- masking
- noise emulation
- randomization
- side-channel signal hiding
- worst-case security evaluation