ip core protection using voltage controlled side channel
play

IP Core Protection using Voltage-Controlled Side-Channel Receivers - PowerPoint PPT Presentation

Mar 31, 2024 •201 likes •335 views

IP Core Protection using Voltage-Controlled Side-Channel Receivers Peter Samarin 1 , 2 , Kerstin Lemke-Rust 1 , and Christof Paar 2 Bonn-Rhein-Sieg University of Applied Sciences 1 Ruhr-Universitt Bochum 2 Germany Bonn-Rhein-Sieg University of

  1. IP Core Protection using Voltage-Controlled Side-Channel Receivers Peter Samarin 1 , 2 , Kerstin Lemke-Rust 1 , and Christof Paar 2 Bonn-Rhein-Sieg University of Applied Sciences 1 Ruhr-Universität Bochum 2 Germany Bonn-Rhein-Sieg University of Applied Sciences

  2. IP Protection on FPGAs (cell yyy (cellType generic) (view schematic_ (viewType netlist) (interface self-developed (port CLEAR (direction INPUT)) (port CLOCK (direction INPUT)) ... ) (contents (instance I_36_1 (viewRef view1 (cellRef dff_4))) (instance (rename I_36_3 "I$3") (viewRef view1 (cellRef addsub_4))) ... (net CLEAR (joined (portRef CLEAR) (portRef aset (instanceRef I_36_1)) IP IP IP (portRef aset (instanceRef I_36_3)))) 1 2 3 Netlist stolen 010101001001010101111011101000101110101000010011010100100011011111 010101001010100100010100100101010010010101011110111010001011101010 IP IP IP 000100110101001000110111110101010010101001000101001001010100100101 010111101110100010111010100001001101010010001101111101010100101010 4 5 6 010001010010010101001001010101111011101000101110101000010011010100 100011011111010101001010100100010100100101010010010101011110111010 001011101010000100110101001000110111110101010010101001000101001001 010100100101010111101110100010111010100001001101010010001101111101 010100101010010001010010010101001001010101111011101000101110101000 010011010100100011011111010101001010100100010100100101010010010101 legally 011110111010001011101010000100110101001000110111110101010010101001 000101001001010100100101010111101110100010111010100001001101010010 IP IP IP 001101111101010100101010010001010010010101001001010101111011101000 obtained 7 8 9 101110101000010011010100100011011111010101001010100100010100100101 010010010101011110111010001011101010000100110101001000110111110101 010010101001000101001001010100100101010111101110100010111010100001 001101010010001101111101010100101010010001010010 Bitstream FPGA How to detect illegally used cores in the field ? Challenges Bitstreams are encrypted IP cores are parts of larger systems May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 1 / 11

  3. IP Protection using Side-Channels Leakage circuit shift if "1" LFSR 1 0 1 0 1 0 Sequence generator Width: 16 Width: 32 Width: 64 Verification Measure the power consumption Correlate the known LFSR sequence to the measurement (Becker et al., 2010) May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 2 / 11

  4. Our Contribution Establish an input side channel to individual IP Cores using voltage modulation (Sun et al., 2011) used temperature (several bits/s) 5 4 Supply voltage (V) 3 2 1 0 0 100 200 300 400 Time ( µ s) May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 3 / 11

  5. Voltage-Based Side-Channel Receivers sampled number of oscillation Vcc oscillations counter rising falling + - - same previous rst number of oscillations ring data valid Manchester oscillator coding data PLL / DCM FPGA 1 Supply voltage control 3 Voltage levels: V reset , V 0 , V 1 (V 2 is not used) 2 Detection of changes in supply voltage Ring oscillator sampled by a fixed clock Relative threshold to find rising and falling edges Manchester coding May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 4 / 11

  6. IP Protection IP IP IP 1 2 3 IP IP IP 4 5 6 IP IP IP 7 8 9 FPGA Embed an SC-receiver into each protected IP core Send commands to protected IP cores May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 5 / 11

  7. Verification 3 input data Original Authentication 1 en zeros IP core en 0 Normal operation 2 FSM secret T urn o ff the core 2 codeword SC receiver Set output data to zeros 2 Protected IP core FSM 1 Send a core-dependent secret codeword 2 Send commands, observe the behavior of the chip: Turn off the core Set output data to zeros Return to normal operation Deselect core 3 If the behavior is unusual then stop, else goto step 2 May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 6 / 11

  8. Experimental Setup May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 7 / 11

  9. A Proof-of-Concept Implementation Monitor PC RS-232 4-bits VGA AES-128 128-bits LFSR Digilent board with a Spartan 3 (XC3S200) FPGA 1 50MHz external clock Voltage control by a breadboard circuit Voltage levels V reset = 0V, V 0 = 2.8V, V 1 = 3.2V Transmission rate 2.4 KBits/s 32-Bit codewords 1 http://store.digilentinc.com/spartan-3-board-retired/ May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 8 / 11

  10. The Price to Pay Codeword size (bits) N. of slices 32 49 64 70 80 81 128 111 Need to try several codewords (in the worst case all) Cannot measure once and try them all just on the data Cores without clock cannot be protected More recent work on SASEBO-GII board 2 Spartan 3 FPGA for control Virtex 5 (XC5VLX50) FPGA for measurements Same breadboard circuit didn’t work (voltage regulator) 2 http://satoh.cs.uec.ac.jp/SASEBO/en/board/sasebo-g2.html May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 9 / 11

  11. Summary and Future Work Voltage-controlled side-channel receiver on FPGAs IP protection of individual cores Strong proof of IP ownership Other applications Hardware trojans triggered by a codeword Protection against counterfeits Future work Testing other FPGAs and boards Adressing voltage regulators Two-way side-channel communication May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 10 / 11

  12. References Becker, G., Kasper, M., Moradi, A., and Paar, C. (2010). Side-channel based watermarks for integrated circuits. In Hardware-Oriented Security and Trust (HOST), 2010 IEEE International Symposium on , pages 30–35. Sun, J., Bittner, R., and Eguro, K. (2011). FPGA side-channel receivers. In Proceedings of the 19th ACM/SIGDA International Symposium on Field Programmable Gate Arrays , FPGA ’11, pages 267–276, New York, NY, USA. ACM. May 4, 2016 P. Samarin, K. Lemke-Rust, C. Paar IP Core Protection using Voltage-Controlled Side-Channel Receivers 11 / 11

Recommend

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
Ohms Law in Data Centers: A Voltage Side Channel for Timing Power Attacks Mohammad A. Islam and

Ohms Law in Data Centers: A Voltage Side Channel for Timing Power Attacks Mohammad A. Islam and

Ohms Law in Data Centers: A Voltage Side Channel for Timing Power Attacks Mohammad A. Islam and Shaolei Ren UC Riverside Acknowledgement: This work was supported in part by the U.S. NSF under grants CNS-1551661 and ECCS-1610471. Cloud data

1.15k views • 75 slides
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz MIT CSAIL Microsoft Research Security is a big concern in cloud adoption Why are cache-based side channel

588 views • 38 slides
Power Plant and Transmission System Protection Coordination Phase Distance (21) and

Power Plant and Transmission System Protection Coordination Phase Distance (21) and

Power Plant and Transmission System Protection Coordination Phase Distance (21) and Voltage-Controlled or Voltage-Restrained Overcurrent Protection (51V) NERC Protection Coordination Webinar Series June 16, 2010 Phil Tatro Jon Gardell

1.28k views • 55 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel Research Dr. M. Elisabeth Oswald Reader, EPSRC Leadership Fellow University of Bristol Roadmap

280 views • 25 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

622 views • 21 slides
Over voltage protection of the Power Supply System for the PXD detector. 1. Some definitions -

Over voltage protection of the Power Supply System for the PXD detector. 1. Some definitions -

Over voltage protection of the Power Supply System for the PXD detector. 1. Some definitions - voltage transient and power surge. 2. LT4356-1, LT4356-3 Surge Stoppers from LINEAR TECHNOLOGY 3. Transient Voltage Suppression (TVS) diodes 4.

782 views • 24 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Active damping of oscillations in LC-filter for line connected, current controlled, PWM voltage

Active damping of oscillations in LC-filter for line connected, current controlled, PWM voltage

Active damping of oscillations in LC-filter for line connected, current controlled, PWM voltage source converters Authors: Olve Mo, Magnar Hernes, Kjell Ljkelsy SINTEF ENERGY RESEARCH, Norway Paper presented at EPE 2003, Toulouse SINTEF

349 views • 11 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut Kandemir Pennsylvania State University Cache Side Channels Process Data CPU Cache Program Side

390 views • 20 slides
Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel Snooping Scenario: Ann the Attacker works in a building across the street from Victor the Victim. Late one night Ann can see Victor hard at work in

727 views • 44 slides

More recommend