Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures

Similar documents
Countermeasures against EM Analysis

HOST Differential Power Attacks ECE 525

Hiding Higher-Order Leakages in Hardware

A physical level perspective

Countermeasures against EM Analysis for a Secured FPGA-based AES Implementation

Instruction Set Overview

ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.

Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel?

ECE260: Fundamentals of Computer Engineering

The Nios II Family of Configurable Soft-core Processors

ECE 2300 Digital Logic & Computer Organization. Caches

RISC Pipeline. Kevin Walsh CS 3410, Spring 2010 Computer Science Cornell University. See: P&H Chapter 4.6

The embedded security challenge: Protecting bits at rest

Designing a Pipelined CPU

Computer and Hardware Architecture II. Benny Thörnberg Associate Professor in Electronics

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

What is Pipelining. work is done at each stage. The work is not finished until it has passed through all stages.

Side channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut

Slides for Lecture 15

Computer Systems Architecture Spring 2016

Breaking the Bitstream Decryption of FPGAs

Basic FPGA Architectures. Actel FPGAs. PLD Technologies: Antifuse. 3 Digital Systems Implementation Programmable Logic Devices

Lecture Topics. Announcements. Today: Data and Control Hazards (P&H ) Next: continued. Exam #1 returned. Milestone #5 (due 2/27)

Lecture 15: Pipelining. Spring 2018 Jason Tang

Organic Computing. Dr. rer. nat. Christophe Bobda Prof. Dr. Rolf Wanka Department of Computer Science 12 Hardware-Software-Co-Design

ARM processor organization

The Processor. Z. Jerry Shi Department of Computer Science and Engineering University of Connecticut. CSE3666: Introduction to Computer Architecture

COMP2611: Computer Organization. The Pipelined Processor

Masking the Energy Behavior of DES Encryption

Pipelining. Pipeline performance

Implementation Tradeoffs for Symmetric Cryptography

Power Analysis Attacks

Micro-Architectural Attacks and Countermeasures

cs470 - Computer Architecture 1 Spring 2002 Final Exam open books, open notes

Masking as a Side-Channel Countermeasure in Hardware

Processor Architecture. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Midnight Laundry. IC220 Set #19: Laundry, Co-dependency, and other Hazards of Modern (Architecture) Life. Return to Chapter 4

Fast dynamic and partial reconfiguration Data Path

What is Pipelining? Time per instruction on unpipelined machine Number of pipe stages

Parallelism via Multithreaded and Multicore CPUs. Bradley Dutton March 29, 2010 ELEC 6200

ORCA FPGA- Optimized VectorBlox Computing Inc.

COSC 6385 Computer Architecture - Pipelining

Processor Architecture

Very High-Order Masking: Efficient Implementation and Security Evaluation

Pipelining! Advanced Topics on Heterogeneous System Architectures. Politecnico di Milano! Seminar DEIB! 30 November, 2017!

CSE A215 Assembly Language Programming for Engineers

Correlated Power Noise Generator as a Low Cost DPA Countermeasures to Secure Hardware AES Cipher

A Study of the Speedups and Competitiveness of FPGA Soft Processor Cores using Dynamic Hardware/Software Partitioning

The Processor Pipeline. Chapter 4, Patterson and Hennessy, 4ed. Section 5.3, 5.4: J P Hayes.

COMPUTER ORGANIZATION AND DESIGN

! Program logic functions, interconnect using SRAM. ! Advantages: ! Re-programmable; ! dynamically reconfigurable; ! uses standard processes.

Designing a Pipelined CPU

Secure and Efficient Implementation of Symmetric Encryption Schemes using FPGAs

CPE300: Digital System Architecture and Design

ASSEMBLY LANGUAGE MACHINE ORGANIZATION

The Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance

SIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI

INVESTIGATION OF DPA RESISTANCE OF BLOCK RAMS IN FPGAS

Binary Adders. Ripple-Carry Adder

EITF20: Computer Architecture Part2.2.1: Pipeline-1

Instruction Level Parallelism. Appendix C and Chapter 3, HP5e

DLX Unpipelined Implementation

Implementation of a pipelined MIPS CPU with single cycle

Keywords: Soft Core Processor, Arithmetic and Logical Unit, Back End Implementation and Front End Implementation.

Department of Computer and IT Engineering University of Kurdistan. Computer Architecture Pipelining. By: Dr. Alireza Abdollahpouri

Efficiency and memory footprint of Xilkernel for the Microblaze soft processor

Full Datapath. Chapter 4 The Processor 2

RC-6 CRYPTOSYSTEM IN VHDL. BY:- Deepak Singh Samant

Laboratory Pipeline MIPS CPU Design (2): 16-bits version

Improving Performance: Pipelining

Pipelining: Hazards Ver. Jan 14, 2014

FPGA Implementation of MIPS RISC Processor

Novel Design of Dual Core RISC Architecture Implementation

SIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM)

CMPEN 331 Computer Organization and Design, Lab 4 Due Wednesday April 5, 2017 at 7:0 am (Drop box on Canvas)

CHAPTER 3 ASYNCHRONOUS PIPELINE CONTROLLER

Practical Electromagnetic Template Attack on HMAC

Cost efficient FPGA implementations of Min- Sum and Self-Corrected-Min-Sum decoders

Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs

Smart card Power Analysis: From Theory To Practice

Computer Architecture 计算机体系结构. Lecture 2. Instruction Set Architecture 第二讲 指令集架构. Chao Li, PhD. 李超博士

Basic FPGA Architecture Xilinx, Inc. All Rights Reserved

Chapter 4 The Processor 1. Chapter 4A. The Processor

CS 31: Intro to Systems Digital Logic. Kevin Webb Swarthmore College February 3, 2015

Pipelining Analogy. Pipelined laundry: overlapping execution. Parallelism improves performance. Four loads: Non-stop: Speedup = 8/3.5 = 2.3.

CENG 3531 Computer Architecture Spring a. T / F A processor can have different CPIs for different programs.

Side-Channel Attack against RSA Key Generation Algorithms

Vertex Shader Design I

The CPU Design Kit: An Instructional Prototyping Platform. for Teaching Processor Design. Anujan Varma, Lampros Kalampoukas

CPE300: Digital System Architecture and Design

Chapter 4. The Processor

RECONFIGURABLE SPI DRIVER FOR MIPS SOFT-CORE PROCESSOR USING FPGA

ECE260: Fundamentals of Computer Engineering

A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis

EITF20: Computer Architecture Part2.2.1: Pipeline-1

System-on Solution from Altera and Xilinx

INTRODUCTION TO FPGA ARCHITECTURE

Virtex-II Architecture. Virtex II technical, Design Solutions. Active Interconnect Technology (continued)

Using FPGA for Computer Architecture/Organization Education

CS 251, Winter 2018, Assignment % of course mark

Transcription:

Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures L. BARTHE, P. BENOIT, L. TORRES LIRMM - CNRS - University of Montpellier 2 FPL 10 - Tuesday 31 August, 2010 Milan, Italy

Context: Side-Channel Attacks / Attackers exploit the correlation between data and physical leakages in order to reveal the secrets Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 1 / 19

Topic of this Work Main objective Improving the robustness of embedded processors against Power and ElectroMagnetic Analysis Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 2 / 19

Topic of this Work Main objective Improving the robustness of embedded processors against Power and ElectroMagnetic Analysis Contributions A RISC pipeline threat model A new masking countermeasure for RISC-based processors Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 2 / 19

Topic of this Work Main objective Improving the robustness of embedded processors against Power and ElectroMagnetic Analysis Contributions A RISC pipeline threat model A new masking countermeasure for RISC-based processors Challenge Implement countermeasures without compromising requirements of embedded systems! Area Security Speed Power Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 2 / 19

A Case Study: Xilinx s MicroBlaze A 32-bit RISC processor Soft-core processor Designed and supported by Xilinx for their FPGAs High level of flexibility Typical processor for embedded systems MicroBlaze s architecture Modified harvard architecture Classic RISC 5-stage pipeline Extra features: barrel shifter, cache memories etc. Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 3 / 19

A Case Study: Xilinx s MicroBlaze A 32-bit RISC processor Soft-core processor Designed and supported by Xilinx for their FPGAs High level of flexibility Typical processor for embedded systems MicroBlaze s architecture Modified harvard architecture Classic RISC 5-stage pipeline Extra features: barrel shifter, cache memories etc. Pipelining increases processor performance by increasing the instructions throughput What about security? Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 3 / 19

SCAs on the MicroBlaze Example: Data Encryption Standard (DES) Symmetric block cipher algorithm Standard software implementation using ANSI C code / mb-gcc L0 R0 K1 F L1 = R0 R1 = L0 F(0,K1) A DES Attack Model (Kocher) Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 4 / 19

SCAs on the MicroBlaze Example: Data Encryption Standard (DES) Symmetric block cipher algorithm Standard software implementation using ANSI C code / mb-gcc ANSI C L0 R0 K1 ASM F L1 = R0 R1 = L0 F(0,K1) A DES Attack Model (Kocher) Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 4 / 19

Concrete Evaluation: Acquisition Setup X-Y Table Oscilloscope EM Sensor Probe Low-Noise Amplifier Spartan-3 Board Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 5 / 19

Concrete Evaluation: DEMA Flow First step: data acquisition Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 6 / 19

Concrete Evaluation: DEMA Flow Second step: perform attacks First step: data acquisition Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 6 / 19

Concrete Evaluation: DEMA Flow Second step: perform attacks First step: data acquisition Last step: analyze results Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 6 / 19

Concrete Evaluation: DEMA Results Full key discovered with less than 500 electromagnetic traces Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 7 / 19

Concrete Evaluation: DEMA Results Full key discovered with less than 500 electromagnetic traces Voltage Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 7 / 19

Concrete Evaluation: DEMA Results Voltage Full key discovered with less than 500 electromagnetic traces - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 7 / 19

Concrete Evaluation: DEMA Results Full key discovered with less than 500 electromagnetic traces Voltage highest amplitude => guessed key - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 7 / 19

MicroBlaze s Datapath Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Instruction IF/ID Register File ID/EX ALU EX/MA Data MA/WB Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 8 / 19

The Pipeline Threat Model noitcurtsni yromem hctef noitcurtsni )FI( n IF SWI ID XOR n+1 n+2 n+3 n+4 n+5 retsiger elif edoced noitcurtsni )DI( IF/ID EX ULA etucexe )XE( ID/EX MA atad yromem ssecca yromem )AM( EX/MA MA/WB Voltage kcab-etirw )BW( WB - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 9 / 19

The Pipeline Threat Model noitcurtsni yromem hctef noitcurtsni )FI( n n+1 n+2 n+3 n+4 n+5 IF SWI... ID XOR SWI retsiger elif edoced noitcurtsni )DI( IF/ID EX ULA etucexe )XE( ID/EX XOR MA atad yromem ssecca yromem )AM( EX/MA MA/WB Voltage kcab-etirw )BW( WB - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 9 / 19

The Pipeline Threat Model noitcurtsni yromem hctef noitcurtsni )FI( n n+1 n+2 n+3 n+4 n+5 IF SWI... ID XOR SWI... XOR SWI retsiger elif edoced noitcurtsni )DI( IF/ID EX ULA etucexe )XE( ID/EX MA atad yromem ssecca yromem )AM( EX/MA XOR MA/WB Voltage kcab-etirw )BW( WB - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 9 / 19

The Pipeline Threat Model noitcurtsni yromem hctef noitcurtsni )FI( n n+1 n+2 n+3 n+4 n+5 IF SWI... ID XOR SWI... XOR SWI... XOR SWI... XOR SWI retsiger elif edoced noitcurtsni )DI( IF/ID EX ULA etucexe )XE( ID/EX MA atad yromem ssecca yromem )AM( EX/MA MA/WB... Voltage kcab-etirw )BW( WB - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 9 / 19

Investigation of a Secure Processor: Overview Pipelined processors increase the efficiency of SCAs Hardware countermeasures not only focused on the ALU and the register file of the processor Challenge: overhead vs security Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 10 / 19

State-of-Art of Countermeasures ALGORITHM Arithmetic Masking Boolean Masking Random Execution Dummy Cycles masking countermeasures hiding countermeasures CIRCUIT Noise Generators Decoupled Power Supply GATE Gate Level Masking Dual-Rail Logic Asynchronous Logic No perfect solution has been identified but the security can be significantly improved Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 11 / 19

Masking Countermeasures Main idea Sensitive data are masked with various random numbers A mask correction is performed at key steps Strategy for Power and ElectroMagnetic Analysis Confuse the attacker Example: boolean masking Masked data result from XOR operations M M D... D D = D M D Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 12 / 19

A RISC-based Masked Datapath - 1 Dual pipelined datapath RISC pipeline with masked data New one with the corresponding mask D1 Combinatorial Process D2 M1 Combinatorial Process M2 Exploiting the simplicity of RISC architectures Trade-Off Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 13 / 19

A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A new Open-Processor is Born The SecretBlaze Compliant with the MicroBlaze s instruction set Modified harvard architecture RISC 5-stage pipeline Optional features (barrel shifter etc.) Available soon at http://www.lirmm.fr/~barthe/ SecretBlaze!s Processor SecretBlaze!s Core Instruction Fetch Instruction Decode Execute Access Write-Back IM Bus Interface Register File ALU DM Bus Interface MSR int_i INT halt_sb_i clk_i rst_n_i im_bus_i/o dm_bus_i/o SecretBlaze!s Sub-System Decoder Instruction Cache Data Cache WB Bus Master Interface WB IO Bus Master Interface wb_mem_bus_i/o wb_io_bus_i/o Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 15 / 19

Evaluation: Overhead Without countermeasure With countermeasure Overhead Max Freq. in Mhz 52.70 46.98-11.2 % # Slices 816 1013 + 24 % # LUTs 1493 1705 + 14 % # BRAMs 7 10 + 14 % Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 16 / 19

Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess 431 601 Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19

Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess 431 601 7177 Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19

Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess 431 601 7177 x 16 Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19

Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess 431 601 7177 1387 x 16 Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19

Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess 431 601 7177 1387 x 16 x 2 Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19

Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess 431 601 7177 1387 x 16 x 2 Clock number n n + 1 n + 2 n + 3 n + 4 n + 5 Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Voltage - correct sub-key - other sub-keys Time DEMA traces without countermeasure Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19

Evaluation: Robustness Without countermeasure 1st Pos. 2th Pos. First Correct Guess 431 With countermeasure 1st Pos. 2th Pos. 601 7177 1387 x 16 x2 n n+1 n+2 n+3 n+4 n+5 Clock number n n+1 n+2 n+3 n+4 n+5 Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Voltage Voltage Clock number - correct sub-key - other sub-keys - correct sub-key - other sub-keys Time Time DEMA traces without countermeasure DEMA traces with countermeasure Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19

Evaluation: Robustness Without countermeasure 1st Pos. 2th Pos. First Correct Guess 431 With countermeasure 1st Pos. 2th Pos. 601 7177 1387 x 16 x2 Clock number n n+1 n+2 n+3 n+4 n+5 Clock number n n+1 n+2 n+3 n+4 n+5 Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Voltage Voltage ALU - correct sub-key - other sub-keys - correct sub-key - other sub-keys Time Time DEMA traces without countermeasure DEMA traces with countermeasure Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19

A RISC-based Masked Datapath - 3 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Masked Unmasked Masked Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

A RISC-based Masked Datapath - 3 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Masked Unmasked Masked Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19

Conclusion Hardware weaknesses of pipelined processors A new masking countermeasure for embedded processors A new Open-Processor Significant reduction of the undesirable effects of the pipelining technique ALU is still a critical security issue Power constant logics or asynchronous logics should be investigated High-order attacks? Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 18 / 19

Thanks for your attention Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 19 / 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback