skip to main content


Title: Circuit Masking Schemes: New Hope for Backside Probing Countermeasures?
Sensitive data can be extracted by mounting physical attacks, e.g., photon emission analysis, micro-probing, etc., on integrated circuits (ICs). In this paper, our ultimate goal is to examine provable security approaches that increase the number of simultaneous probes needed to perform probing in order to see how they can complement physical anti-probing countermeasures. Commonly applied mathematical models for probing attacks have employed randomized bits to mask the input, and modified computations. As the number of masks increases, the number of probes needed to extract the secret data increases linearly, assuming noise-free conditions. In another attempt, noisy leakage models have been developed to better mimic real-world scenarios, but their complexity is a major drawback. Hence, extensive research has been performed to show connections between noisy leakage models and probing models. The goal of this survey is to relate the notion of masking with physical backside attack countermeasures, which are limited in practice. To this end, our first milestone is to unify provable probing and side-channel models in order to develop and realize more practical countermeasures.  more » « less
Award ID(s):
1717392
PAR ID:
10173592
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
SRC TECHCON
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. The threats of physical side-channel attacks and their countermeasures have been widely researched. Most physical side-channel attacks rely on the unavoidable influence of computation or storage on current consumption or voltage drop on a chip. Such data-dependent influence can be exploited by, for instance, power or electromagnetic analysis. In this work, we introduce a novel non-invasive physical side-channel attack, which exploits the data-dependent changes in the impedance of the chip. Our attack relies on the fact that the temporarily stored contents in registers alter the physical characteristics of the circuit, which results in changes in the die's impedance. To sense such impedance variations, we deploy a well-known RF/microwave method called scattering parameter analysis, in which we inject sine wave signals with high frequencies into the system's power distribution network (PDN) and measure the echo of the signals. We demonstrate that according to the content bits and physical location of a register, the reflected signal is modulated differently at various frequency points enabling the simultaneous and independent probing of individual registers. Such side-channel leakage challenges the t-probing security model assumption used in masking, which is a prominent side-channel countermeasure. To validate our claims, we mount non-profiled and profiled impedance analysis attacks on hardware implementations of unprotected and high-order masked AES. We show that in the case of the profiled attack, only a single trace is required to recover the secret key. Finally, we discuss how a specific class of hiding countermeasures might be effective against impedance leakage. 
    more » « less
  2. null (Ed.)
    In a poisoning attack, an adversary with control over a small fraction of the training data attempts to select that data in a way that induces a corrupted model that misbehaves in favor of the adversary. We consider poisoning attacks against convex machine learning models and propose an efficient poisoning attack designed to induce a specified model. Unlike previous model-targeted poisoning attacks, our attack comes with provable convergence to any attainable target classifier. The distance from the induced classifier to the target classifier is inversely proportional to the square root of the number of poisoning points. We also provide a lower bound on the minimum number of poisoning points needed to achieve a given target classifier. Our method uses online convex optimization, so finds poisoning points incrementally. This provides more flexibility than previous attacks which require a priori assumption about the number of poisoning points. Our attack is the first model-targeted poisoning attack that provides provable convergence for convex models, and in our experiments, it either exceeds or matches state-of-the-art attacks in terms of attack success rate and distance to the target model. 
    more » « less
  3. Abstract

    Protecting sensitive logic functions in ASICs requires side-channel countermeasures. Many gate-level masking styles have been published, each with pros and cons. Some styles such as RSM, GLUT, and ISW are compact but can feature 1st-order leakage. Some other styles, such as TI, DOM, and HPC are secure at the 1st-order but incur significant overheads in terms of performance. Another requirement is that security shall be ensured even when the device is aged. Pre-silicon security evaluation is now a normatively approved method to characterize the expected resiliency against attacks ahead of time. However, in this regard, there is still a fragmentation in terms of leakage models, Points of Interest (PoI) selection, attack order, and distinguishers. Accordingly, in this paper we focus on such factors as they affect the success of side-channel analysis attacks and assess the resiliency of the state-of-the-art masking styles in various corners. Moreover, we investigate the impact of device aging as another factor and analyze its influence on the success of side-channel attacks targeting the state-of-the-art masking schemes. This pragmatic evaluation enables risk estimation in a complex PPA (Power, Performance, and Area) and security plane while also considering aging impacts into account. For instance, we explore the trade-off between low-cost secure styles attackable at 1st-order vs high-cost protection attackable only at 2nd-order.

     
    more » « less
  4. Security-critical applications on integrated circuits (ICs) are threatened by microprobing attacks that extract sensitive information through focused ion beam (FIB) based milling. Existing countermeasures, such as active shield, analog shield and t-private circuit, have proven to be inefficient and provide limited resistance. In this paper, we propose a FIB-aware anti-probing physical design flow to reduce the vulnerability of security-critical nets in a design. Results show that our proposed technique can reduce the vulnerable exposed area on critical nets to probing attack by 90% in AES and DES modules with only 5% area overhead. 
    more » « less
  5. After the discovery of data leakage from cryptographic algorithm implementations, there has been a need to counter or hide the data that allow adversaries to capture the cryptographic key. To explore side-channel attack methods or countermeasures, it is important for researchers to understand what side-channels are and how they are produced. There have been numerous surveys in which the side-channel attacks and countermeasures are surveyed, but little to no research about the side-channels themselves. This paper addresses this gap in the existing literature by developing a taxonomy for side-channels, classified by the manner in which they are produced. Following the proposed model, some of the common side-channel analysis attack methods are discussed and we show where the side-channel would fit in the proposed model. 
    more » « less