Power consumption and electromagnetic emissions analyses are well established attack avenues for secret values extraction in a large range of embedded devices. Countermeasures against these attacks are approached at different levels, from modified logic styles, to changes in the software implementations. In this work, we propose a microarchitectural modification to a compact RISC-V SoC, the OpenTitan open source silicon root of trust, providing a code morphing countermeasure against power and electromagnetic emissions side channel attacks. Our approach allows the countermeasure to be applied transparently, without the need for any software modification to the cryptographic primitive running on OpenTitan. Our microarchitecture integration of a morphing engine also allows us to provide transparent protection to memory operations. We validate our approach through measurements on an actual FPGA prototype on a Xilinx Artix-7. Our integrated morphing engine increases the FPGA resource consumption by less than 8%, plus the resources required by an RNG of choice, with respect to the original OpenTitan SoC. Our design shows a side channel attack resistance improvement of at least 250× in the Measurements-To-Disclose metric with respect to the unprotected design. We benchmark the performance of our proposed architecture on all the ISO/IEC standard symmetric block ciphers, including, among the other AES, reducing the execution time overhead by 21× to 141× with respect to a continuously morphing software solution.

Metis: An Integrated Morphing Engine CPU to Protect Against Side Channel Attacks

Antognazza, Francesco;Barenghi, Alessandro;Pelosi, Gerardo
2021

Abstract

Power consumption and electromagnetic emissions analyses are well established attack avenues for secret values extraction in a large range of embedded devices. Countermeasures against these attacks are approached at different levels, from modified logic styles, to changes in the software implementations. In this work, we propose a microarchitectural modification to a compact RISC-V SoC, the OpenTitan open source silicon root of trust, providing a code morphing countermeasure against power and electromagnetic emissions side channel attacks. Our approach allows the countermeasure to be applied transparently, without the need for any software modification to the cryptographic primitive running on OpenTitan. Our microarchitecture integration of a morphing engine also allows us to provide transparent protection to memory operations. We validate our approach through measurements on an actual FPGA prototype on a Xilinx Artix-7. Our integrated morphing engine increases the FPGA resource consumption by less than 8%, plus the resources required by an RNG of choice, with respect to the original OpenTitan SoC. Our design shows a side channel attack resistance improvement of at least 250× in the Measurements-To-Disclose metric with respect to the unprotected design. We benchmark the performance of our proposed architecture on all the ISO/IEC standard symmetric block ciphers, including, among the other AES, reducing the execution time overhead by 21× to 141× with respect to a continuously morphing software solution.
File in questo prodotto:
File Dimensione Formato  
09424552.pdf

accesso aperto

Descrizione: Articolo principale
: Publisher’s version
Dimensione 1.57 MB
Formato Adobe PDF
1.57 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11311/1178088
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 1
social impact