Skip to main content
SpringerLink
Log in

Protecting Secure ICs Against Side-Channel Attacks by Identifying and Quantifying Potential EM and Leakage Hotspots at Simulation Stage

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12910))

Abstract

For many years EM Side-Channel Attacks, which exploit the statistical link between the magnetic field radiated by secure ICs and the data they process, are a critical threat. Indeed, attackers need to find only one hotspot (position of the EM probe over the IC surface) where there is an exploitable leakage to compromise the security of the IC and its data. As a result, designing secure ICs robust against these attacks is incredibly difficult because designers must ensure there is no exploitable hotspot over the whole IC surface. This task is all the more difficult as there is no CAD tool to compute the magnetic field radiated by ICs and hence no methodology to detect hotspots at the design stages. In addition, simulations are noise-free and that makes correlation maps useless in identifying potential hotspots. Within this context, this paper introduces a flow allowing predicting the EM radiations of ICs as well as two different methodologies to disclose coordinates of an IC where an attacker can break the security. The first one aims at identifying and quantifying the potential risks of EM hotspots at the surface of ICs, i.e. positions where to place an EM probe to capture a leakage. The second aims at locating leakage hotspots in ICs, i.e. areas in circuits from where these leakages originate.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Artusi, R., Verderio, P., Marubini, E.: Bravais-pearson and spearman correlation coefficients: meaning, test of hypothesis and confidence interval. Int. J. Biol. Mark. 17(2), 148–151 (2002). https://doi.org/10.1177/172460080201700213. pMID: 12113584

  2. Bobko, P.: Correlation and Regression: Applications for Industrial Organizational Psychology and Management, 2nd edn. Sage Publications, Thousand Oaks (2001)

    Google Scholar 

  3. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  4. Diop, I., Carbone, M., Ordas, S., Linge, Y., Liardet, P.Y., Maurine, P.: Collision for estimating SCA measurement quality and related applications. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 143–157. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31271-2_9

    Chapter  Google Scholar 

  5. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_21

    Chapter  Google Scholar 

  6. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85053-3_27

    Chapter  Google Scholar 

  7. He, M.T., Park, J., Nahiyan, A., Vassilev, A., Jin, Y., Tehranipoor, M.M.: RTL-PSC: automated power side-channel leakage assessment at register-transfer level. CoRR abs/1901.05909 (2019). arXiv:1901.05909

  8. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  9. Kumar, A., Scarborough, C., Yilmaz, A., Orshansky, M.: Efficient simulation of EM side-channel attack resilience. In: Parameswaran, S. (ed.) 2017 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2017, Irvine, CA, USA, 13–16 November 2017, pp. 123–130. IEEE (2017). https://doi.org/10.1109/ICCAD.2017.8203769

  10. Lomné, V., Maurine, P., Torres, L., Ordas, T., Lisart, M., Toublanc, J.: Modeling time domain magnetic emissions of ICs. In: van Leuken, R., Sicard, G. (eds.) PATMOS 2010. LNCS, vol. 6448, pp. 238–249. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-17752-1_24

    Chapter  Google Scholar 

  11. Menichelli, F., Menicocci, R., Olivieri, M., Trifiletti, A.: High-level side-channel attack modeling and simulation for security-critical systems on chips. IEEE Trans. Dependable Secur. Comput. 5(3), 164–176 (2008). https://doi.org/10.1109/TDSC.2007.70234

    Article  Google Scholar 

  12. Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44499-8_19

    Chapter  Google Scholar 

  13. Nahiyan, A., et al.: SCRIPT: a CAD framework for power side-channel vulnerability assessment using information flow tracking and pattern generation. ACM Trans. Design Autom. Electron. Syst. 25(3), 26:1–26:27 (2020). https://doi.org/10.1145/3383445

  14. Ordas, T., Lisart, M., Sicard, E., Maurine, P., Torres, L.: Near-field mapping system to scan in time domain the magnetic emissions of integrated circuits. In: Svensson, L., Monteiro, J. (eds.) PATMOS 2008. LNCS, vol. 5349, pp. 229–236. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-95948-9_23

    Chapter  Google Scholar 

  15. Regazzoni, F., et al.: A simulation-based methodology for evaluating the dpa-resistance of cryptographic functional units with application to CMOS and MCML technologies. In: Blume, H., Gaydadjiev, G., Glossner, C.J., Knijnenburg, P.M.W. (eds.) Proceedings of the 2007 International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation (IC-SAMOS 2007), Samos, Greece, 16–19 July 2007, pp. 209–214. IEEE (2007). https://doi.org/10.1109/ICSAMOS.2007.4285753

  16. Regazzoni, F., et al.: A design flow and evaluation framework for DPA-resistant instruction set extensions. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 205–219. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_15

    Chapter  Google Scholar 

  17. Sijacic, D., Balasch, J., Yang, B., Ghosh, S., Verbauwhede, I.: Towards efficient and automated side channel evaluations at design time. In: Batina, L., Kühne, U., Mentens, N. (eds.) PROOFS 2018, 7th International Workshop on Security Proofs for Embedded Systems, colocated with CHES 2018, Amsterdam, The Netherlands, 13 September 2018. Kalpa Publications in Computing, vol. 7, pp. 16–31. EasyChair (2018). http://www.easychair.org/publications/paper/xPnF

  18. Specht, R., Heyszl, J., Sigl, G.: Investigating measurement methods for high-resolution electromagnetic field side-channel analysis. In: 2014 International Symposium on Integrated Circuits (ISIC), Singapore, 10–12 December 2014, pp. 21–24. IEEE (2014). https://doi.org/10.1109/ISICIR.2014.7029532

  19. Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_26

    Chapter  Google Scholar 

  20. Tiri, K., Verbauwhede, I.: A digital design flow for secure integrated circuits. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 25(7), 1197–1208 (2006). https://doi.org/10.1109/TCAD.2005.855939

  21. Vasselle, A., Maurine, P., Cozzi, M.: Breaking mobile firmware encryption through near-field side-channel analysis. In: Chang, C., Rührmair, U., Holcomb, D.E., Schaumont, P. (eds.) Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop, ASHES@CCS 2019, London, UK, 15 November 2019, pp. 23–32. ACM (2019). https://doi.org/10.1145/3338508.3359571

  22. Wei, L., Luo, B., Li, Y., Liu, Y., Xu, Q.: I know what you see: power side-channel attack on convolutional neural network accelerators. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, 03–07 December 2018, pp. 393–406. ACM (2018). https://doi.org/10.1145/3274694.3274696

Download references

Author information

Authors and Affiliations

  1. STMicroelectronics, Rousset, France

    Davide Poggi, Thomas Ordas & Alexandre Sarafianos

  2. University of Montpellier, LIRMM, Montpellier, France

    Davide Poggi & Philippe Maurine

Authors
  1. Davide Poggi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Philippe Maurine
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Ordas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alexandre Sarafianos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Davide Poggi , Philippe Maurine , Thomas Ordas or Alexandre Sarafianos .

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Shivam Bhasin

  2. Siemens AG, Munich, Germany

    Fabrizio De Santis

A Appendix

A Appendix

Equation 12 is obtained knowing that the SNR is defined as the ratio between the signal and noise variances. V(S) is computed starting from simulated traces and \(V(\eta )\) is given by Eq. 11. Detailed calculations below:

$$\begin{aligned}&V(\eta ) = V(S) \cdot \left[ \frac{\rho ^2}{\rho _{crit}^2}-1\right] \longrightarrow \frac{V(\eta )}{V(S)} = \left[ \frac{\rho ^2}{\rho _{crit}^2}-1\right] \nonumber \\&\longrightarrow \frac{V(S)}{V(\eta )} = SNR_{min} = \frac{\rho _{crit}^2}{\rho ^2-\rho _{crit}^2} \end{aligned}$$
(15)

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Poggi, D., Maurine, P., Ordas, T., Sarafianos, A. (2021). Protecting Secure ICs Against Side-Channel Attacks by Identifying and Quantifying Potential EM and Leakage Hotspots at Simulation Stage. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89915-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89914-1

  • Online ISBN: 978-3-030-89915-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation