Metis: An Integrated Morphing Engine CPU to Protect Against Side Channel Attacks

Power consumption and electromagnetic emissions analyses are well established attack avenues for secret values extraction in a large range of embedded devices. Countermeasures against these attacks are approached at different levels, from modified logic styles, to changes in the software implementations. In this work, we propose a microarchitectural modification to a compact RISC-V SoC, the OpenTitan open source silicon root of trust, providing a code morphing countermeasure against power and electromagnetic emissions side channel attacks. Our approach allows the countermeasure to be applied transparently, without the need for any software modification to the cryptographic primitive running on OpenTitan. Our microarchitecture integration of a morphing engine also allows us to provide transparent protection to memory operations. We validate our approach through measurements on an actual FPGA prototype on a Xilinx Artix-7. Our integrated morphing engine increases the FPGA resource consumption by less than 8%, plus the resources required by an RNG of choice, with respect to the original OpenTitan SoC. Our design shows a side channel attack resistance improvement of at least 250× in the Measurements-To-Disclose metric with respect to the unprotected design. We benchmark the performance of our proposed architecture on all the ISO/IEC standard symmetric block ciphers, including, among the other AES, reducing the execution time overhead by 21× to 141× with respect to a continuously morphing software solution.