Santosh Ghosh

Archisman Ghosh, J. M. B. Mera, Angshuman Karmakar et al.

National Institute of Standard & Technology (NIST) is currently running a multi-year-long standardization procedure to select quantum-safe or post-quantum cryptographic schemes to be used in the future. Saber is the only LWR based algorithm to be in the final of Round 3. This work presents a Saber ASIC which provides 1.37X power-efficient, 1.75x lower area, and 4x less memory implementation w.r.t. other SoA PQC ASIC. The energy-hungry multiplier block is 1.5x energyefficient than SoA.

Josef Danial, Debayan Das, Anupam Golder et al.

This work presents a Cross-device Deep-Learning based Electromagnetic (EM-X-DL) side-channel analysis (SCA), achieving >90% single-trace attack accuracy on AES-128, even in the presence of significantly lower signal-to-noise ratio (SNR), compared to the previous works. With an intelligent selection of multiple training devices and proper choice of hyperparameters, the proposed 256-class deep neural network (DNN) can be trained efficiently utilizing pre-processing techniques like PCA, LDA, and FFT on the target encryption engine running on an 8-bit Atmel microcontroller. Finally, an efficient end-to-end SCA leakage detection and attack framework using EM-X-DL demonstrates high confidence of an attacker with <20 averaged EM traces.

Josef Danial, Debayan Das, Santosh Ghosh et al.

Electromagnetic (EM) side-channel analysis (SCA) is a prominent tool to break mathematically-secure cryptographic engines, especially on resource-constrained IoT devices. Presently, to perform EM SCA on an embedded IoT device, the entire chip is manually scanned and the MTD (Minimum Traces to Disclosure) analysis is performed at each point on the chip to reveal the secret key of the encryption algorithm. However, an automated end-to-end framework for EM leakage localization, trace acquisition, and attack has been missing. This work proposes SCNIFFER: a low-cost, automated EM Side Channel leakage SNIFFing platform to perform efficient end-to-end Side-Channel attacks. Using a leakage measure such as TVLA, or SNR, we propose a greedy gradient-search heuristic that converges to one of the points of highest EM leakage on the chip (dimension: N x N) within O(N) iterations, and then perform Correlational EM Analysis (CEMA) at that point. This reduces the CEMA attack time by ~N times compared to an exhaustive MTD analysis, and >20x compared to choosing an attack location at random. We demonstrate SCNIFFER using a low-cost custom-built 3-D scanner with an H-field probe (<$500) compared to >$50,000 commercial EM scanners, and a variety of microcontrollers as the devices under attack. The SCNIFFER framework is evaluated for several cryptographic algorithms (AES-128, DES, RSA) running on both an 8-bit Atmega microcontroller and a 32-bit ARM microcontroller to find a point of high leakage and then perform a CEMA at that point.

Monodeep Kar, Arvind Singh, Sanu Mathew et al.

Modern high-performance as well as power-constrained System-on-Chips (SoC) are increasingly using hardware accelerated encryption engines to secure computation, memory access, and communication operations. The electromagnetic (EM) emission from a chip leaks information of the underlying logical operations and can be collected using low-cost non-invasive measurements. EM based side-channel attacks (EMSCA) have emerged as a major threat to security of encryption engines in a SoC. This paper presents the concept of Blindsight where a high-frequency inductive voltage regulator (IVR) integrated on the same chip with an encryption engine is used to increase resistance against EMSCA. High-frequency (~100MHz) IVRs are present in modern microprocessors to improve energy-efficiency. We show that an IVR with a randomized control loop (R-IVR) can reduce EMSCA as the integrated inductance acts as a strong EM emitter and blinds an adversary from EM emission of the encryption engine. The EM measurements are performed on a test-chip containing two architectures of a 128-bit Advanced Encryption Standard (AES) engine powered by a high-frequency R-IVR and under two attack scenarios, one, where an adversary gains complete physical access of the target device and the other, where the adversary is only in proximity of the device. In both attack modes, an adversary can observe information leakage in Test Vector Leakage Assessment (TVLA) test in a baseline IVR (B-IVR, without control loop randomization). However, we show that EM emission from the R-IVR blinds the attacker and significantly reduces SCA vulnerability of the AES engine. A range of practical side-channel analysis including TVLA, Correlation Electromagnetic Analysis (CEMA), and a template based CEMA shows that R-IVR can reduce information leakage and prevent key extraction even against a skilled adversary.

Debayan Das, Shovan Maity, Saad Bin Nasir et al.

With the advancement of technology in the last few decades, leading to the widespread availability of miniaturized sensors and internet-connected things (IoT), security of electronic devices has become a top priority. Side-channel attack (SCA) is one of the prominent methods to break the security of an encryption system by exploiting the information leaked from the physical devices. Correlational power attack (CPA) is an efficient power side-channel attack technique, which analyses the correlation between the estimated and measured supply current traces to extract the secret key. The existing countermeasures to the power attacks are mainly based on reducing the SNR of the leaked data, or introducing large overhead using techniques like power balancing. This paper presents an attenuated signature AES (AS-AES), which resists SCA with minimal noise current overhead. AS-AES uses a shunt low-drop-out (LDO) regulator to suppress the AES current signature by 400x in the supply current traces. The shunt LDO has been fabricated and validated in 130 nm CMOS technology. System-level implementation of the AS-AES along with noise injection, shows that the system remains secure even after 50K encryptions, with 10x reduction in power overhead compared to that of noise addition alone.