Abstract
Side channel analysis (SCA) attacks on soft processor systems (such as RISC-V and LEON3) are typically performed on FPGA prototyping boards. For the first time, this paper presents a RISC-V-based soft processor SCA framework (referred to as SRISC) to perform power-based, electromagnetic radiation-based and execution time-based SCA attacks against cryptographic algorithms and to test countermeasures on soft processor systems. The proposed SRISC framework is demonstrated on a commercial side-channel analysis attack board, SASEBO-GIII (referred to as SRISC-SASEBO). SRISC consists of hardware modules to calculate cryptographic operations using hardware circuits.
As a case study to test the implementation of a countermeasure, a balanced AES countermeasure is discussed to show the effectiveness of building hybrid countermeasures (which use both hardware and software components–hardware/software co-design) to reduce the information leakage to mitigate power analysis attacks. The software implementation of the balanced AES countermeasure revealed 14 bytes (of 16 bytes) of the secret key in 18,000 encryptions. The balanced hybrid AES countermeasure revealed only eight bytes (of 16 bytes) of the secret key for the same number of encryptions making software-hardware co-design countermeasures more promising to mitigate power analysis attack vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
SRISC github repository. (2023). https://github.com/dnjayasinghe/SRISC
Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_4
Arora, A., Ambrose, J.A., Peddersen, J., Parameswaran, S.: A double-width algorithmic balancing to prevent power analysis side channel attacks in AES. In: ISVLSI 2013, pp. 76–83 (2013). https://doi.org/10.1109/ISVLSI.2013.6654626
Asanović., et al.: The rocket chip generator. Tech. Rep. UCB/EECS-2016-17, EECS Department, University of California, Berkeley (2016). http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-17.html
Barthe, L., Benoit, P., Torres, L.: Investigation of a masking countermeasure against side-channel attacks for RISC-based processor architectures. In: FPL 2010, pp. 139–144 (2010)
Bernstein, D.J.: Cache-timing attacks on AES. Tech. rep. (2005)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.J. (eds.) CHES 2004, vol. 3156, pp. 16–29 (2004)
of California Berkeley, U.: How can i parameterize my rocket chip (2019). https://github.com/chipsalliance/rocket-chip#-how-can-i-parameterize-my-rocket-chip
Canright, D.: A very compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_32
De Cherisey, E., Guilley, S., Rioul, O., Jayasinghe, D.: Template attacks with partial profiles and Dirichlet priors: application to timing attacks. HASP 2016 (2016). https://doi.org/10.1145/2948618.2948625
De Mulder, E., Gummalla, S., Hutter, M.: Protecting RISC-V against side-channel attacks, pp. 45:1–45:4. DAC 2019 (2019)
De Mulder, E., Gummalla, S., Hutter, M.: How to protect RISC-V against side-channel attacks? (2018). https://content.riscv.org/wp-content/uploads/2018/12/How-to-protect-RISC-V-Side-Channel-Attack-Elke-Samatha-and-Michael.pdf
EMEA, R.G.S.: Designing a custom AXI-lite slave peripheral (2014). https://cas.tudelft.nl/Education/courses/et4351/SILICA_Xilinx_Designing_a_custom_axi_slave_rev1.pdf
Foundation, R.V.: RISC-V cores (2019). https://riscv.org/risc-v-cores
Gaspar, L., Fischer, V., Bossuet, L., Fouquet, R.: Secure extension of FPGA general purpose processors for symmetric key cryptography with partial reconfiguration capabilities. ACM Trans. Reconfigurable Technol. Syst. 5(3), 16:1–16:13 (2012). https://doi.org/10.1145/2362374.2362380
Groß, H., Jelinek, M., Mangard, S., Unterluggauer, T., Werner, M.: Concealing secrets in embedded processors designs. In: CARDIS 2016, pp. 89–104 (2016)
Jayasinghe, D., Ragel, R., Ambrose, J., Ignjatovic, A., Parameswaran, S.: Advanced modes in AES: are they safe from power analysis based side channel attacks? In: ICCD 2014, pp. 173–180 (2014). https://doi.org/10.1109/ICCD.2014.6974678
Karri, R., Wu, K., Mishra, P., Kim, Y.: Fault-based side-channel cryptanalysis tolerant Rijndael symmetric block cipher architecture. In: DFT 2001, pp. 427–435 (2001)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis, pp. 388–397. CRYPTO 1999 (1999)
Lab./UEC, S.: Sakura-x (2019). http://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-X.html
LowRISC: Lowrisc version 0.2 overview (2015). https://www.lowrisc.org/docs/untether-v0.2/overview/
lowRISC: BBL: Berkeley boot loader (2019). https://www.lowrisc.org/docs/build-berkeley-boot-loader/
Mane, S., Taha, M., Schaumont, P.: Efficient and side-channel-secure block cipher implementation with custom instructions on FPGA. In: FPL 2012, pp. 20–25 (2012)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks. Springer, Boston, MA (2007). https://doi.org/10.1007/978-0-387-38162-6
Muhammad Arsath, C.R.: A framework for evaluation of side-channel leakage in a RISC-V processor (2018). https://content.riscv.org/wp-content/uploads/2018/07/1000-19.07.18-Muhammad-Arsath-Chester-Rebeiro-IIT-Madras.pdf
Tillich, S., Kirschbaum, M., Szekely, A.: SCA-resistant embedded processors: The next generation, pp. 211–220. ACSAC 2010 (2010)
Tiri, K., Verbauwhede, I.: A digital design flow for secure integrated circuits. Trans. Comp.-Aided Des. Integ. Cir. Sys. 25(7), 1197–1208 (2006)
Weiß, M., Heinz, B., Stumpf, F.: A Cache Timing Attack on AES in Virtualization Environments, pp. 314–328 (2012)
Xilinx: Cost-optimized portfolio product tables and product selection guide 2015. https://www.xilinx.com/support/documentation/selection-guides/ultrascale-plus-fpga-product-selection-guide.pdf
Xilinx: AXI interconnect PG059 (2017). https://www.xilinx.com/support/documentation/ip_documentation/axi_interconnect/v2_1/pg059-axi-interconnect.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Jayasinghe, D., Parameswaran, S. (2024). SRISC: Open Source Soft Processor Side Channel Analysis Attack Framework Using RISC-V. In: Herath, D., Date, S., Jayasinghe, U., Narayanan, V., Ragel, R., Wang, J. (eds) Asia Pacific Advanced Network. APANConf 2023. Communications in Computer and Information Science, vol 1995. Springer, Cham. https://doi.org/10.1007/978-3-031-51135-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-51135-6_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51134-9
Online ISBN: 978-3-031-51135-6
eBook Packages: Computer ScienceComputer Science (R0)