Download Brochure
Contact Us
Contact Us
Contact Us
Contact Sales
  • Company
  • About Us
  • Investor Relations
  • Community
  • Newsroom
  • Resources
  • Careers
Contact Us
All Synopsys
+ Silicon Design & Verification + Silicon IP + Software Integrity + About Us
Support
SolvNetPlus Software Integrity Customer Community
Global SItes
日本語 简体中文 繁體中文 Русский

Protecting Against Side-Channel Attacks with an Ultra-Low Power Processor

Subscribe to DesignWare Technical Bulletin

Author: Angela Raucher, Product Marketing Manager, ARC Processors, Synopsys

As additional security measures such as encryption and authentication are added to IoT applications, hackers must work harder to get the desired information or disrupt the operation of a network. How much effort and time they will spend will depend on the value of the information, making high-value targets especially vulnerable. This article focuses on techniques for protecting against side-channel attacks, which are attacks that rely on information from the physical implementation of security rather than exploiting a direct weakness in the security measures themselves.

To put it simply, perhaps your family is going out of town and you don’t want anyone to know. You don’t tell anyone you are leaving, you move your luggage to the car in the dead of night, and you leave some lights on in the house. Unfortunately, though, you may leave a trail of clues about your absence that your neighbors or criminals may pick up on to figure out the information without looking in your windows or breaking in. For example, there is a stack of newspapers on your front porch, the same lights are on day and night, and your dog that is always barking is somehow quiet. Using side-channel information to enable an attack is similar, although it requires a lot more effort than the simple example above. To protect against such an attack in an SoC, it is important to understand how the information is obtained and determine ways to prevent that from happening, and specifically some of the countermeasures that can be implemented in low-power IoT processors to diminish the threat.

As mentioned above, side-channel attacks rely on information that is gained based on the implementation of security, generally cryptographic functions. For an SoC, the information “leaked” includes timing information of operations, power consumption, and electromagnetic radiation. This information can reveal sensitive information such as cryptographic keys. As an example, let’s look at a side-channel analysis done on an RSA transaction. RSA is an asymmetric cryptographic standard commonly used in key exchange and uses modular exponentiation as a basis. In the example in Figure 1, RSA is implemented using a method where a square function is used if the key byte is odd, and square and multiply is used if the key byte is even. A would-be hacker will be able to measure a shorter peak for a 0 and a longer peak for a 1, making the secret key almost literally visible on the oscilloscope. Beyond this simple power analysis attack, there are more advanced attacks that record sample traces from multiple runs and apply statistical correlation on these to obtain the private key.

Figure 1: Example of Side-Channel Attack on a Crypto Function

Fortunately, careful design can obfuscate the information that can be gleaned from SoC timing, power consumption, and electromagnetic radiation. While there is no single magic bullet that can make a system safe from side-channel attacks, it is an important consideration for SoC designers if the system will perform sensitive operations such as cryptography.

If the system requirements include running cryptography software on a processor, either for area savings or in-field updates, it is critical to choose processor IP that includes side-channel resistant capabilities. Since the processor creates the information that could be leaked, it should be at the heart of the protection schemes. Some IoT applications, such as smart meters, will be deployed in the field for a long time (up to 20 years) and thus require the ability to be updated to the latest cryptography standards as they evolve. In fact, some standards already include requirements for side-channel attack resistance including ones that cover smart metering and embedded SIM applications. IoT applications generally also have stringent area and power budgets and require low overhead when adding security, so it’s key to have ultra-low power processors that incorporate side-channel protection features.

An example of side-channel resistant processor IP is Synopsys’ DesignWare® ARC® SEM security processors. These performance-, area-, and power-efficient processors focus on adding security to IoT and mobile SoCs with low overhead. The ARC SEM processors provide separation of secure and application code through SecureShield™, a trusted execution environment, and also include features to prevent malicious hardware, software, and physical attacks. Among these features are a few specifically targeted at side-channel attacks:

  • Uniform timing to remove data dependent instruction cycle count variations
  • Power flattening to remove power peaks/anomalies
  • Pipeline randomization for power and timing

These features are targeted at hiding information about sensitive operations, including when they are taking place or the data that is being processed. The concern is a hacker can use the information about the implementation of the cryptographic algorithms to decode the secret keys. Obfuscating timing and power information protects the data being processed from being uncovered through these methods. The two graphs below compare cycle averaged power when the randomized pipeline feature is turned off (Figure 2, left) and then when the feature is turned on (Figure 2, right) for an example “add” instruction. As you can see there is a strong correlation between the operands of the add instruction and its power consumption on the left, but when the pipeline randomization is on, no discernible pattern is present.

Figure 2 (left): Pipeline Randomization Off

Figure 2 (right): Pipeline Randomization On 

 

Another unique feature of the ARC processors is the ability to add user-supplied custom instructions through ARC Processor EXtension (APEX) technology. These instructions can be used to accelerate cryptography or to add dummy instructions that change timing signatures of sensitive operations. The instructions can be restricted, and thus known only to the chip developer, providing another way to prevent the comparison to known implementations and add another layer of protection from side-channel attacks to the system.

Beyond the techniques used in the processor to provide protection from side-channel attacks, there are also chip-level design choices that can help with prevention of side-channel attacks. Examples of these choices include electromagnetic shields, decoupling the main power supply from internal power supplies with buffering capacitance, and adding protection on the scan function used commonly in SoCs for testing purposes. As mentioned before, there is no magic bullet but taking care to include as many resistance features as is practical will help to extend the amount of time and effort required by potential hackers to the point where it isn’t feasible for them to perform their attacks.


Analog IP SelectorMemory & Logic IP Selector

Synopsys Helps Advance IBM's Vision for AI Compute Performance

TSMC Recognizes Synopsys Collaboration with Four OIP Partner of the Year Awards for IP and EDA Solutions

GLOBALFOUNDRIES Accelerating Innovation in IoT and Wearables with Adaptive Body Bias Feature on 22FDX Platform

Reducing Latency in Cloud Computing SoCs: CXL, CCIX and PCIe IP

AI SoC Case Study: Emerging Neural Networks Drive IP Innovation

Using IP to Make the Best Design Selections for HDMI and DisplayPort SoCs

PCI-SIG Fall Virtual DevCon 2020

ARC Processor Virtual Summit – Now Available On-Demand.

MIPI DevCon 2020

Linley Fall Processor Conference 2020

Samsung SAFE Forum 2020

International Test Conference 2020

Product Update: Broad Portfolio of DesignWare IP for Mobile SoCs

Synopsys and Intel Full System PCIe 5.0 Interoperability Success

112G SerDes Reliability

Demo: Low-Power Machine Learning Inference with ARC EM9D Processor IP

Demo: Inuitive NU4000 SoC with ARC EV Processor Running SLAM and CNN

How 5G is Influencing Silicon Design

Industrial IoT Opportunities in Semiconductors

Testing PCI Express 5.0 PHY Transmitter Performance Without Analysis Software

NSITEXE Reduces Custom Processor Development Time with ASIP Designer

Orbbec Achieves First-Pass Silicon Success for 3D Camera

SemiWiki: Parallel Based PHY IP for Die-to-Die Connectivity

Quantifying the Benefits of AI in Edge Computing

SemiEngineering: Automotive Gateway IP Enabling Scalable Automotive Platforms

NEW DWTB: Super Resolution with ARC EV, Cloud Computing, CXL, ECC in DDR, GPIO IP, ASIPs

Contact Us
More IP Resources