Framework and countermeasures for cache and power based attacks

Abstract

Advancements in technology, the need for automation and ease of manufacturability, have made embedded systems ubiquitous. One of the preeminent challenges in embedded systems is maintaining the privacy of sensitive information being passed and keeping it secure. Security is taken care of by the deployment of state-of-the-art cryptographic algorithms to encrypt confidential data, which is then decrypted at the receiving end. Some embedded systems are increasingly attacked by adversaries for financial gain, or to obtain personal information. Internal computations are often revealed by external manifestations such as processing time~\cite{kelsey00hamDPA}, power consumption~\cite{kocher98DPATechInfo}, electromagnetic emission~\cite{quisquater01EM} and faults~\cite{Biham97differentialfault}. Such manifestations can be exploited by an adversary to obtain secret keys of cryptographic algorithms, and the process of obtaining secret keys using this mechanism is called a Side Channel Attack (SCA).

SCAs~\cite{SCA_1,SCA_2} are categorized based on the characteristics used for the attack. Two of the main side channel attacks are cache based attacks and power based attacks. Cache based side channel attacks are built using cache behavior of the system when data is exchanged between the processor and the main memory. A Cache is a smaller and faster memory placed between the processor and main memory and stores the information needed for computations in the processor to reduce memory transaction time. Cache based attacks are further classified as time-driven attacks~\cite{Kocher96timingattacks} and access-driven attacks~\cite{Page02theoreticaluse}. Time-driven attacks use the encryption time during the execution of cryptographic algorithm in the processor while access-driven attacks are performed when the adversary gets access to the data stored in the cache. Power based attacks are mounted by measuring power variations during the encryption/decryption of a cryptographic algorithm. A successful recovery of the secret key allows the adversary to fake identities and gain benefits. Power based attacks are classified into Simple Power Analysis (SPA) and Differential Power Analysis (DPA) attacks. In SPA~\cite{Kocher:1999:DPA:646764.703989}, internal data is retrieved directly by analyzing the power magnitude, while in DPA~\cite{mangard2007power}, much advanced statistical analysis is performed to predict the secret key.

Several solutions exist to counter both cache based and power based side channel attacks. Cache attacks can be avoided by using architectural modifications~\cite{Wang07newcache,Page_countermeasure1}, time skewing~\cite{Page_countermeasure}, cache warming~\cite{Page_countermeasure}, use of maximum cache line size~\cite{Page_countermeasure},etc. The countermeasures used against power based attacks are masking~\cite{Messerges:2000:SAF:647935.740925}, sense amplifier based logic~\cite{Dynamic_differential_CMOS_logic}, wave dynamic differential logic~\cite{Tiri05aside-channel,Tiri_Intel,tiri04ASIC}, dual rail circuits~\cite{Sokolov:2005:DAD:1048716.1048837}, etc. Existing techniques to counter cache based and power based attacks are either costly in terms of power and area or involve much complexity, hence lack practicality.

In this thesis, the author has implemented a fast trace-driven cache attack, and incorporated this attack into a flexible framework containing an extensible processor. The processor used is the Tensilica s Xtensa LX2 with modifiable architecture which allows changes in cache architecture, instruction set and addition of extra hardware. On the framework, the author implemented a hardware/software countermeasure and has shown that it is difficult to differentiate the cache misses for differing encryptions. The processor with the countermeasure is 30\% more energy efficient, 17\% more power efficient and 15\% faster when compared to processor without the countermeasure. However, there is an area overhead of 7.6\%.

To protect the system from power based side channel attack, the author proposed a double width algorithmic balancing using a single core to obfuscate power variations resulting in a DPA resistant system. The countermeasure only includes code/algorithmic modifications, hence can be easily deployed in any embedded system with a 16 bit wide (or wider) processor. The DPA attack is demonstrated on the Double Width Single Core (DWSC) solution. The attack proved unsuccessful in finding the secret key. The instruction memory size overhead is only 16.6\% and the data memory increases by 15.8\%. The future extensions of the above two countermeasures involve the merging of both and improvements to combat both cache based and power based side channel attacks in one system.