Debayan Das

Harshit Saurabh, Anupam Golder, Samarth Shivakumar Titti et al.

This paper presents SNOW-SCA, the first power side-channel analysis (SCA) attack of a 5G mobile communication security standard candidate, SNOW-V, running on a 32-bit ARM Cortex-M4 microcontroller. First, we perform a generic known-key correlation (KKC) analysis to identify the leakage points. Next, a correlation power analysis (CPA) attack is performed, which reduces the attack complexity to two key guesses for each key byte. The correct secret key is then uniquely identified utilizing linear discriminant analysis (LDA). The profiled SCA attack with LDA achieves 100% accuracy after training with $<200$ traces, which means the attack succeeds with just a single trace. Overall, using the \textit{combined CPA and LDA attack} model, the correct secret key byte is recovered with <50 traces collected using the ChipWhisperer platform. The entire 256-bit secret key of SNOW-V can be recovered incrementally using the proposed SCA attack. Finally, we suggest low-overhead countermeasures that can be used to prevent these SCA attacks.

Mahadev Sunil Kumar, Arnab Raha, Debayan Das et al.

Distributed deep neural networks (DNNs) have become central to modern computer vision, yet their deployment on resource-constrained edge devices remains hindered by substantial parameter counts, computational demands, and the probability of device failure. Here, we present an approach to the efficient deployment of distributed DNNs that jointly respect hardware limitations, preserve task performance, and remain robust to partial system failures. Our method integrates structured model pruning with a multi-objective optimization framework to tailor network capacity for heterogeneous device constraints, while explicitly accounting for device availability and failure probability during deployment. We demonstrate this framework using Multi-View Convolutional Neural Networks (MVCNN), a state-of-the-art architecture for 3D object recognition, by quantifying the contribution of individual views to classification accuracy and allocating pruning budgets accordingly. Experimental results show that the resulting models satisfy user-specified bounds on accuracy and memory footprint, even under multiple simultaneous device failures. The inference time is reduced by factors up to 4.7x across diverse simulated device configurations. These findings suggest that performance-aware, view-adaptive, and failure-resilient compression provides a viable pathway for deploying complex vision models in distributed edge environments.

Archisman Ghosh, J. M. B. Mera, Angshuman Karmakar et al.

National Institute of Standard & Technology (NIST) is currently running a multi-year-long standardization procedure to select quantum-safe or post-quantum cryptographic schemes to be used in the future. Saber is the only LWR based algorithm to be in the final of Round 3. This work presents a Saber ASIC which provides 1.37X power-efficient, 1.75x lower area, and 4x less memory implementation w.r.t. other SoA PQC ASIC. The energy-hungry multiplier block is 1.5x energyefficient than SoA.

Josef Danial, Debayan Das, Anupam Golder et al.

This work presents a Cross-device Deep-Learning based Electromagnetic (EM-X-DL) side-channel analysis (SCA), achieving >90% single-trace attack accuracy on AES-128, even in the presence of significantly lower signal-to-noise ratio (SNR), compared to the previous works. With an intelligent selection of multiple training devices and proper choice of hyperparameters, the proposed 256-class deep neural network (DNN) can be trained efficiently utilizing pre-processing techniques like PCA, LDA, and FFT on the target encryption engine running on an 8-bit Atmel microcontroller. Finally, an efficient end-to-end SCA leakage detection and attack framework using EM-X-DL demonstrates high confidence of an attacker with <20 averaged EM traces.

Archisman Ghosh, Debayan Das, Shreyas Sen

Mathematically-secure cryptographic algorithms leak significant side channel information through their power supplies when implemented on a physical platform. These side channel leakages can be exploited by an attacker to extract the secret key of an embedded device. The existing state-of-the-art countermeasures mainly focus on the power balancing, gate-level masking, or signal-to-noise (SNR) reduction using noise injection and signature attenuation, all of which suffer either from the limitations of high power/area overheads, performance degradation or are not synthesizable. In this article, we propose a generic low-overhead digital-friendly power SCA countermeasure utilizing physical Time-Varying Transfer Functions (TVTF) by randomly shuffling distributed switched capacitors to significantly obfuscate the traces in the time domain. System-level simulation results of the TVTF-AES implemented in TSMC 65nm CMOS technology show > 4000x MTD improvement over the unprotected implementation with nearly 1.25x power and 1.2x area overheads, and without any performance degradation.

Josef Danial, Debayan Das, Santosh Ghosh et al.

Electromagnetic (EM) side-channel analysis (SCA) is a prominent tool to break mathematically-secure cryptographic engines, especially on resource-constrained IoT devices. Presently, to perform EM SCA on an embedded IoT device, the entire chip is manually scanned and the MTD (Minimum Traces to Disclosure) analysis is performed at each point on the chip to reveal the secret key of the encryption algorithm. However, an automated end-to-end framework for EM leakage localization, trace acquisition, and attack has been missing. This work proposes SCNIFFER: a low-cost, automated EM Side Channel leakage SNIFFing platform to perform efficient end-to-end Side-Channel attacks. Using a leakage measure such as TVLA, or SNR, we propose a greedy gradient-search heuristic that converges to one of the points of highest EM leakage on the chip (dimension: N x N) within O(N) iterations, and then perform Correlational EM Analysis (CEMA) at that point. This reduces the CEMA attack time by ~N times compared to an exhaustive MTD analysis, and >20x compared to choosing an attack location at random. We demonstrate SCNIFFER using a low-cost custom-built 3-D scanner with an H-field probe (<$500) compared to >$50,000 commercial EM scanners, and a variety of microcontrollers as the devices under attack. The SCNIFFER framework is evaluated for several cryptographic algorithms (AES-128, DES, RSA) running on both an 8-bit Atmega microcontroller and a 32-bit ARM microcontroller to find a point of high leakage and then perform a CEMA at that point.

Shovan Maity, Mingxuan He, Mayukh Nath et al.

Human Body Communication (HBC) has emerged as an alternative to radio wave communication for connecting low power, miniaturized wearable and implantable devices in, on and around the human body which uses the human body as the communication channel. Previous studies characterizing the human body channel has reported widely varying channel response much of which has been attributed to the variation in measurement setup. This calls for the development of a unifying bio physical model of HBC supported by in depth analysis and an understanding of the effect of excitation, termination modality on HBC measurements. This paper characterizes the human body channel up to 1MHz frequency to evaluate it as a medium for broadband communication. A lumped bio physical model of HBC is developed, supported by experimental validations that provides insight into some of the key discrepancies found in previous studies. Voltage loss measurements are carried out both with an oscilloscope and a miniaturized wearable prototype to capture the effects of non common ground. Results show that the channel loss is strongly dependent on the termination impedance at the receiver end, with up to 4dB variation in average loss for different termination in an oscilloscope and an additional 9 dB channel loss with wearable prototype compared to an oscilloscope measurement. The measured channel response with capacitive termination reduces low frequency loss and allows flat band transfer function down to 13 KHz, establishing the human body as a broadband communication channel. Analysis of the measured results and the simulation model shows that (1) high impedance (2) capacitive termination should be used at the receiver end for accurate voltage mode loss measurements of the HBC channel at low frequencies.

Shovan Maity, Debayan Das, Baibhab Chatterjee et al.

Human Body Communication (HBC) has recently emerged as an alternative to radio frequency transmission for connecting devices on and in the human body with order(s) of magnitude lower energy. The communication between these devices can give rise to different scenarios, which can be classified as wearable-wearable, wearable-machine, machine-machine interactions. In this paper, for the first time, the human body channel characteristics is measured for a wide range of such possible scenarios (14 vs. a few in previous literature) and classified according to the form-factor of the transmitter and receiver. The effect of excitation/termination configurations on the channel loss is also explored, which helps explain the previously unexplained wide variation in HBC Channel measurements. Measurement results show that wearable-wearable interaction has the maximum loss (upto -50 dB) followed by wearable-machine and machinemachine interaction (min loss of 0.5 dB), primarily due to the small ground size of the wearable devices. Among the excitation configurations, differential excitation is suitable for small channel length whereas single ended is better for longer channel.

Baibhab Chatterjee, Debayan Das, Shovan Maity et al.

Traditional authentication in radio-frequency (RF) systems enable secure data communication within a network through techniques such as digital signatures and hash-based message authentication codes (HMAC), which suffer from key recovery attacks. State-of-the-art IoT networks such as Nest also use Open Authentication (OAuth 2.0) protocols that are vulnerable to cross-site-recovery forgery (CSRF), which shows that these techniques may not prevent an adversary from copying or modeling the secret IDs or encryption keys using invasive, side channel, learning or software attacks. Physical unclonable functions (PUF), on the other hand, can exploit manufacturing process variations to uniquely identify silicon chips which makes a PUF-based system extremely robust and secure at low cost, as it is practically impossible to replicate the same silicon characteristics across dies. Taking inspiration from human communication, which utilizes inherent variations in the voice signatures to identify a certain speaker, we present RF- PUF: a deep neural network-based framework that allows real-time authentication of wireless nodes, using the effects of inherent process variation on RF properties of the wireless transmitters (Tx), detected through in-situ machine learning at the receiver (Rx) end. The proposed method utilizes the already-existing asymmetric RF communication framework and does not require any additional circuitry for PUF generation or feature extraction. Simulation results involving the process variations in a standard 65 nm technology node, and features such as LO offset and I-Q imbalance detected with a neural network having 50 neurons in the hidden layer indicate that the framework can distinguish up to 4800 transmitters with an accuracy of 99.9% (~ 99% for 10,000 transmitters) under varying channel conditions, and without the need for traditional preambles.

Baibhab Chatterjee, Debayan Das, Shreyas Sen

Physical unclonable functions (PUF) in silicon exploit die-to-die manufacturing variations during fabrication for uniquely identifying each die. Since it is practically a hard problem to recreate exact silicon features across dies, a PUFbased authentication system is robust, secure and cost-effective, as long as bias removal and error correction are taken into account. In this work, we utilize the effects of inherent process variation on analog and radio-frequency (RF) properties of multiple wireless transmitters (Tx) in a sensor network, and detect the features at the receiver (Rx) using a deep neural network based framework. The proposed mechanism/framework, called RF-PUF, harnesses already existing RF communication hardware and does not require any additional PUF-generation circuitry in the Tx for practical implementation. Simulation results indicate that the RF-PUF framework can distinguish up to 10000 transmitters (with standard foundry defined variations for a 65 nm process, leading to non-idealities such as LO offset and I-Q imbalance) under varying channel conditions, with a probability of false detection < 10e-3

Debayan Das, Shovan Maity, Baibhab Chatterjee et al.

In this emerging data-driven world, secure and ubiquitous authentication mechanisms are necessary prior to any confidential information delivery. Biometric authentication has been widely adopted as it provides a unique and non-transferable solution for user authentication. In this article, the authors envision the need for an in-field, remote and on-demand authentication system for a highly mobile and tactical environment, such as critical information delivery to soldiers in a battlefield. Fingerprint-based in-field biometric authentication combined with the conventional password-based techniques would ensure strong security of critical information delivery. The proposed in-field fingerprint authentication system involves: (i) wearable fingerprint sensor, (ii) template extraction (TE) algorithm, (iii) data encryption, (iv) on-body and long-range communications, all of which are subject to energy constraints due to the requirement of small form-factor wearable devices. This paper explores the design space and provides an optimized solution for resource allocation to enable energy-efficient in-field fingerprint-based authentication. Using Human Body Communication (HBC) for the on-body data transfer along with the analytics (TE algorithm) on the hub allows for the maximum lifetime of the energy-sparse sensor. A custom-built hardware prototype using COTS components demonstrates the feasibility of the in-field fingerprint authentication framework.

Debayan Das, Shovan Maity, Saad Bin Nasir et al.

With the advancement of technology in the last few decades, leading to the widespread availability of miniaturized sensors and internet-connected things (IoT), security of electronic devices has become a top priority. Side-channel attack (SCA) is one of the prominent methods to break the security of an encryption system by exploiting the information leaked from the physical devices. Correlational power attack (CPA) is an efficient power side-channel attack technique, which analyses the correlation between the estimated and measured supply current traces to extract the secret key. The existing countermeasures to the power attacks are mainly based on reducing the SNR of the leaked data, or introducing large overhead using techniques like power balancing. This paper presents an attenuated signature AES (AS-AES), which resists SCA with minimal noise current overhead. AS-AES uses a shunt low-drop-out (LDO) regulator to suppress the AES current signature by 400x in the supply current traces. The shunt LDO has been fabricated and validated in 130 nm CMOS technology. System-level implementation of the AS-AES along with noise injection, shows that the system remains secure even after 50K encryptions, with 10x reduction in power overhead compared to that of noise addition alone.