AA
A.A.M. Aljuffri
info
Please Note
<p>This page displays the records of the person named above and is not linked to a unique person identifier. This record may need to be merged to a profile.</p>
19 records found
1
Instruction Set Architecture (ISA) extensions, particularly scalar cryptography extensions (Zk), combine the performance advantages of hardware with the adaptability of software, enabling the direct and efficient execution of cryptographic functions within the processor pipeline. This integration eliminates the need to communicate with external cores, substantially reducing latency, power consumption, and hardware overhead, making it especially suitable for embedded systems with constrained resources. However, current scalar cryptography extension implementations remain vulnerable to physical threats, notably power side-channel attacks (PSCAs). These attacks allow adversaries to extract confidential information, such as secret keys, by analyzing the power consumption patterns of the hardware during operation. This paper presents an optimized and secure implementation of the RISC-V scalar Advanced Encryption Standard (AES) extension (Zkne/Zknd) using Domain-Oriented Masking (DOM) to mitigate first-order PSCAs. Our approach features optimized assembly implementations for partial rounds and key scheduling alongside pipeline-aware microarchitecture optimizations. We evaluated the security and performance of the proposed design using the Xilinx Artix7 FPGA platform. The results indicate that our design is side-channel-resistant while adding a very low area overhead of 0.39% to the full 32-bit CV32E40S RISC-V processor. Moreover, the performance overhead is zero when the extension-related instructions are properly scheduled.
...
Instruction Set Architecture (ISA) extensions, particularly scalar cryptography extensions (Zk), combine the performance advantages of hardware with the adaptability of software, enabling the direct and efficient execution of cryptographic functions within the processor pipeline. This integration eliminates the need to communicate with external cores, substantially reducing latency, power consumption, and hardware overhead, making it especially suitable for embedded systems with constrained resources. However, current scalar cryptography extension implementations remain vulnerable to physical threats, notably power side-channel attacks (PSCAs). These attacks allow adversaries to extract confidential information, such as secret keys, by analyzing the power consumption patterns of the hardware during operation. This paper presents an optimized and secure implementation of the RISC-V scalar Advanced Encryption Standard (AES) extension (Zkne/Zknd) using Domain-Oriented Masking (DOM) to mitigate first-order PSCAs. Our approach features optimized assembly implementations for partial rounds and key scheduling alongside pipeline-aware microarchitecture optimizations. We evaluated the security and performance of the proposed design using the Xilinx Artix7 FPGA platform. The results indicate that our design is side-channel-resistant while adding a very low area overhead of 0.39% to the full 32-bit CV32E40S RISC-V processor. Moreover, the performance overhead is zero when the extension-related instructions are properly scheduled.
Mapping Binary Neural Networks (BNNs) on computation-in-memory (CIM) architectures enables a highly efficient approach for energy-constrained edge computing. In-memory processing significantly reduces critical performance bottlenecks in conventional architectures. Despite their efficiency, current optimized CIM implementations remain vulnerable to IP theft via side-channel analysis. This work investigates the side-channel leakage of a digital BNN-CIM accelerator that employs popcount-based accumulation. A range of circuit-level modifications in counter implementations are proposed and evaluated, exploring their impact on security metrics and design overhead. Results demonstrate that the Hamming weight (HW) and Hamming distance (HD) equalizing techniques combined with power equalization through duplication perform better than traditional dual-rail countermeasures. The findings provide practical guidance for designing secure and efficient peripheral components for popcount-based BNN accelerators.
...
Mapping Binary Neural Networks (BNNs) on computation-in-memory (CIM) architectures enables a highly efficient approach for energy-constrained edge computing. In-memory processing significantly reduces critical performance bottlenecks in conventional architectures. Despite their efficiency, current optimized CIM implementations remain vulnerable to IP theft via side-channel analysis. This work investigates the side-channel leakage of a digital BNN-CIM accelerator that employs popcount-based accumulation. A range of circuit-level modifications in counter implementations are proposed and evaluated, exploring their impact on security metrics and design overhead. Results demonstrate that the Hamming weight (HW) and Hamming distance (HD) equalizing techniques combined with power equalization through duplication perform better than traditional dual-rail countermeasures. The findings provide practical guidance for designing secure and efficient peripheral components for popcount-based BNN accelerators.
Computation-in-Memory (CIM) architectures address the rising demand for energy-efficient artificial intelligence (AI) solutions, by minimizing costly data movements between memory and processor. Within such architectures, SRAM-based digital CIM is especially attractive as it preserves the advantages of CIM while avoiding analog complexity. Recent studies have revealed potential weaknesses in these architectures, particularly to power side-channel attacks (SCA) capable of extracting sensitive model parameters (e.g., neural network (NN) weights), which represent the intellectual property of CIM-based neural network systems. In this study, we propose and evaluate two countermeasures to secure SRAM-based CIM architectures against power attacks: (1) Balanced Obfuscated-path countermeasure, and (2) Glitch Aware countermeasure. To validate their effectiveness, we conducted a comprehensive power analysis that successfully demonstrated attacks against an unprotected implementation. Our experimental results demonstrate that both countermeasures significantly improve resistance to power attacks. Although the Balanced Obfuscated-path offers better area overhead and run-time performance, the Glitch Aware approach achieves higher protection against advanced attacks, making each suitable for different design constraints.
...
Computation-in-Memory (CIM) architectures address the rising demand for energy-efficient artificial intelligence (AI) solutions, by minimizing costly data movements between memory and processor. Within such architectures, SRAM-based digital CIM is especially attractive as it preserves the advantages of CIM while avoiding analog complexity. Recent studies have revealed potential weaknesses in these architectures, particularly to power side-channel attacks (SCA) capable of extracting sensitive model parameters (e.g., neural network (NN) weights), which represent the intellectual property of CIM-based neural network systems. In this study, we propose and evaluate two countermeasures to secure SRAM-based CIM architectures against power attacks: (1) Balanced Obfuscated-path countermeasure, and (2) Glitch Aware countermeasure. To validate their effectiveness, we conducted a comprehensive power analysis that successfully demonstrated attacks against an unprotected implementation. Our experimental results demonstrate that both countermeasures significantly improve resistance to power attacks. Although the Balanced Obfuscated-path offers better area overhead and run-time performance, the Glitch Aware approach achieves higher protection against advanced attacks, making each suitable for different design constraints.
Conference paper
(2026)
-
Fouwad Jamil Mir, Asmae El Arrassi, Abdullah Aljuffri, Said Hamdioui, Mottaqiallah Taouil
Binary Neural Networks (BNNs) have obtained a strong foothold in the field of machine learning at the edge due to their minimal hardware requirements. However, their energy and performance efficiency remain hindered by frequent data transfer between memory and processors. Computation-in-memory (CIM) architectures address this problem by embedding processing units within the memory. Unfortunately, current implementations of CIM are susceptible to IP piracy attacks through side channels. This paper presents a novel secure periphery scheme for NN accelerators with sequential accumulation that conceals IP information by obscuring the power consumption of the counter responsible for the leakage. This is achieved by combining two innovative techniques: operand schedule randomization and an always-count Gray code counter. The results demonstrate that the proposed design effectively resists power side channel attacks (SCAs). Moreover, Signal-to-Noise Ratio (SNR) and Test Vector Leakage Assessment (TVLA) show safe leakage levels. Compared to the state-of-the-art, our countermeasure reduces area and power overheads by up to 12.7× and 13.3×, achieving only 37% area and 51.2% power overhead with the added protection logic. Notably, this enhanced security comes with zero latency overhead, maintaining the performance of the baseline design.
...
Binary Neural Networks (BNNs) have obtained a strong foothold in the field of machine learning at the edge due to their minimal hardware requirements. However, their energy and performance efficiency remain hindered by frequent data transfer between memory and processors. Computation-in-memory (CIM) architectures address this problem by embedding processing units within the memory. Unfortunately, current implementations of CIM are susceptible to IP piracy attacks through side channels. This paper presents a novel secure periphery scheme for NN accelerators with sequential accumulation that conceals IP information by obscuring the power consumption of the counter responsible for the leakage. This is achieved by combining two innovative techniques: operand schedule randomization and an always-count Gray code counter. The results demonstrate that the proposed design effectively resists power side channel attacks (SCAs). Moreover, Signal-to-Noise Ratio (SNR) and Test Vector Leakage Assessment (TVLA) show safe leakage levels. Compared to the state-of-the-art, our countermeasure reduces area and power overheads by up to 12.7× and 13.3×, achieving only 37% area and 51.2% power overhead with the added protection logic. Notably, this enhanced security comes with zero latency overhead, maintaining the performance of the baseline design.
In this paper, we introduce a novel passive physical anti-tampering Physical Unclonable Function (PUF) based on glitters that can protect an entire Integrated Circuit (IC) and/or Printable Circuit Board (PCB). A prototype of the proposed glitter based PUF has been developed. The glitters are dropped randomly in a resin layer during its formation and their positioning is used as the basis of a PUF. The PUF response is created by taking a picture inside the coating layer. To get a stable response resilient against noise and different temperature cycles, the picture is processed using filtering, image processing, and error correction. Using actual drill measurements, our findings indicate that even drilling with a 0.1mm diameter drill can be detected and lead to a wrong PUF response.
...
In this paper, we introduce a novel passive physical anti-tampering Physical Unclonable Function (PUF) based on glitters that can protect an entire Integrated Circuit (IC) and/or Printable Circuit Board (PCB). A prototype of the proposed glitter based PUF has been developed. The glitters are dropped randomly in a resin layer during its formation and their positioning is used as the basis of a PUF. The PUF response is created by taking a picture inside the coating layer. To get a stable response resilient against noise and different temperature cycles, the picture is processed using filtering, image processing, and error correction. Using actual drill measurements, our findings indicate that even drilling with a 0.1mm diameter drill can be detected and lead to a wrong PUF response.
Computation-in-Memory (CIM) architectures present a promising solution for efficient implementation of Neural Networks. Particularly, SRAM-based digital CIM architectures are optimal candidates to realize them. Recent studies have revealed potential weaknesses in these architectures, particularly against power attacks. This study introduces a novel attack method enabling weight extraction through the analysis of the adder tree component within the architecture. In our attack, the k-means clustering technique is employed to identify the hamming weights of the CIM weights. Subsequently, we correlate traces belonging to known weights with traces belonging to Hamming groups with unknown weights in order to identify their weight values. As a case study, the attack was applied on SRAM CIM implementation based on 40nm TSMC technology. The results indicate that the weights stored in the CIM crossbar can be retrieved with 100% accuracy purely by analyzing the power consumption.
...
Computation-in-Memory (CIM) architectures present a promising solution for efficient implementation of Neural Networks. Particularly, SRAM-based digital CIM architectures are optimal candidates to realize them. Recent studies have revealed potential weaknesses in these architectures, particularly against power attacks. This study introduces a novel attack method enabling weight extraction through the analysis of the adder tree component within the architecture. In our attack, the k-means clustering technique is employed to identify the hamming weights of the CIM weights. Subsequently, we correlate traces belonging to known weights with traces belonging to Hamming groups with unknown weights in order to identify their weight values. As a case study, the attack was applied on SRAM CIM implementation based on 40nm TSMC technology. The results indicate that the weights stored in the CIM crossbar can be retrieved with 100% accuracy purely by analyzing the power consumption.
The security of electronic devices holds the greatest importance in the modern digital era, with one of the emerging challenges being the widespread occurrence of hardware attacks. The aforementioned attacks present a substantial risk to hardware devices, and it is of utmost importance to comprehend the potential detrimental effects they may cause. Side-channel attacks are a class of hardware attacks that exploit information unintentionally leaked by a device during its operation. These leaks manifest in various forms, including power consumption, time variations, and thermal dissipation. The fundamental danger posed by side-channel attacks is their ability to infer sensitive information from these unintended emissions. To address the heightened risks associated with side-channel attacks, this thesis focuses on three main research topics.
...
The security of electronic devices holds the greatest importance in the modern digital era, with one of the emerging challenges being the widespread occurrence of hardware attacks. The aforementioned attacks present a substantial risk to hardware devices, and it is of utmost importance to comprehend the potential detrimental effects they may cause. Side-channel attacks are a class of hardware attacks that exploit information unintentionally leaked by a device during its operation. These leaks manifest in various forms, including power consumption, time variations, and thermal dissipation. The fundamental danger posed by side-channel attacks is their ability to infer sensitive information from these unintended emissions. To address the heightened risks associated with side-channel attacks, this thesis focuses on three main research topics.
Journal article
(2024)
-
A.A.M. Aljuffri, R. Huang, L.V.M. Muntenaar, G. Gaydadjiev, Kezheng Ma, S. Hamdioui, M. Taouil
The Advanced Encryption Standard (AES) is widely recognized as a robust cryptographic algorithm utilized to protect data integrity and confidentiality. When it comes to lightweight implementations of the algorithm, the literature mainly emphasizes area and power optimization, often overlooking considerations related to performance and security. This paper evaluates two of our previously proposed lightweight AES implementations using both profiled and non-profiled attacks. One is an unprotected implementation, and the other one is a protected version using Domain-Oriented Masking (DOM). The findings of this study indicate that the inclusion of DOM in the design enhances its resistance to attacks at the cost of doubling the area.
...
The Advanced Encryption Standard (AES) is widely recognized as a robust cryptographic algorithm utilized to protect data integrity and confidentiality. When it comes to lightweight implementations of the algorithm, the literature mainly emphasizes area and power optimization, often overlooking considerations related to performance and security. This paper evaluates two of our previously proposed lightweight AES implementations using both profiled and non-profiled attacks. One is an unprotected implementation, and the other one is a protected version using Domain-Oriented Masking (DOM). The findings of this study indicate that the inclusion of DOM in the design enhances its resistance to attacks at the cost of doubling the area.
The Advanced Encryption Standard (AES) is generally regarded as one of the most popular cryptographic algorithms for ensuring data security. Typical lightweight implementations of the algorithm published in the literature focus on area and power optimization, while neglecting the performance. This paper presents a novel lightweight approach for the AES algorithm and considers both encryption and decryption. In terms of performance per unit area and performance per unit power, our 32-bit design outperforms the state-of-the-art by 1.69x and 1.27x, respectively. These improvements become even larger when implementing higher data-path designs, such as 64-bit or 128-bit designs. To enhance its resilience against side-channel attacks, we modified our design by adopting and further improving on the most recent countermeasure, i.e., Domain-Oriented Masking (DOM). The results demonstrate that our five-stage and eight-stage 1st-order DOM SBOX designs achieve a reduction in area of 9.9% and 6.9% compared to the original proposed design, respectively.
...
The Advanced Encryption Standard (AES) is generally regarded as one of the most popular cryptographic algorithms for ensuring data security. Typical lightweight implementations of the algorithm published in the literature focus on area and power optimization, while neglecting the performance. This paper presents a novel lightweight approach for the AES algorithm and considers both encryption and decryption. In terms of performance per unit area and performance per unit power, our 32-bit design outperforms the state-of-the-art by 1.69x and 1.27x, respectively. These improvements become even larger when implementing higher data-path designs, such as 64-bit or 128-bit designs. To enhance its resilience against side-channel attacks, we modified our design by adopting and further improving on the most recent countermeasure, i.e., Domain-Oriented Masking (DOM). The results demonstrate that our five-stage and eight-stage 1st-order DOM SBOX designs achieve a reduction in area of 9.9% and 6.9% compared to the original proposed design, respectively.
Conference paper
(2023)
-
Abdullah Aljuffri, Mudit Saxena, Cezar Reinbrecht, Said Hamdioui, Mottaqiallah Taouil
Security is one of the most important features that a system must provide. Depending on the application of the target device, different threats should be considered at design time. However, the attack space is vast. Hence, it is difficult to decide what components to protect, what level of protection they require and how efficient they are in the field. This paper tries to close this validation gap for power based side channel attacks by providing a fast and reliable leakage assessment at design time that can be used to perform design space exploration for security. To accomplish our goal, we use Generative Adversarial Networks (GAN) to generate reliable power traces for hardware implementations at design time that are subsequently used to assess the leakage of the design. As a case study, we validated our framework against three AES implementations (i.e., unprotected, masked-protected, and balanced protected). In comparison to CAD-based scenarios, our findings show that the GAN model creates extremely reliable power traces in terms of attackability and leakage assessment. In addition, it is approximately 120 times quicker than CAD tools with respect to trace generation.
...
Security is one of the most important features that a system must provide. Depending on the application of the target device, different threats should be considered at design time. However, the attack space is vast. Hence, it is difficult to decide what components to protect, what level of protection they require and how efficient they are in the field. This paper tries to close this validation gap for power based side channel attacks by providing a fast and reliable leakage assessment at design time that can be used to perform design space exploration for security. To accomplish our goal, we use Generative Adversarial Networks (GAN) to generate reliable power traces for hardware implementations at design time that are subsequently used to assess the leakage of the design. As a case study, we validated our framework against three AES implementations (i.e., unprotected, masked-protected, and balanced protected). In comparison to CAD-based scenarios, our findings show that the GAN model creates extremely reliable power traces in terms of attackability and leakage assessment. In addition, it is approximately 120 times quicker than CAD tools with respect to trace generation.
Conference paper
(2022)
-
A.A.M. Aljuffri, Cezar Reinbrecht, S. Hamdioui, M. Taouil, Johanna Sepulveda
Currently NIST is working towards the standardization of lightweight cryptography (LWC). Although the cryptanalytic strength of LWC is currently under deep scrutiny, the LWC implementation security has not been yet widely explored. GIFT block cipher is the main building block of many of the LWC NIST candidates and therefore has the potential to be part of the next lightweight crypto-standard. Hence it is important to understand its implementation vulnerabilities such as side-channel attacks (SCAs). Although SCAs have been evaluated for hardware implementations, no analysis or countermeasures have been proposed yet for software implementations. This work evaluates GIFT 128-bit software implementations (protected and unprotected) against power-based SCAs. Our protected implementation is based on a new lightweight countermeasure consisting of two balanced and masked SBoxes. Our results show that GIFT's SBox (or SubCell function) is vulnerable against profiled and non-profiled attacks when unprotected or protected implementations based on existing balancing or masking techniques are used. On the other hand, our proposed countermeasure that smartly combines balancing and masking offers full protection with negligible overhead.
...
Currently NIST is working towards the standardization of lightweight cryptography (LWC). Although the cryptanalytic strength of LWC is currently under deep scrutiny, the LWC implementation security has not been yet widely explored. GIFT block cipher is the main building block of many of the LWC NIST candidates and therefore has the potential to be part of the next lightweight crypto-standard. Hence it is important to understand its implementation vulnerabilities such as side-channel attacks (SCAs). Although SCAs have been evaluated for hardware implementations, no analysis or countermeasures have been proposed yet for software implementations. This work evaluates GIFT 128-bit software implementations (protected and unprotected) against power-based SCAs. Our protected implementation is based on a new lightweight countermeasure consisting of two balanced and masked SBoxes. Our results show that GIFT's SBox (or SubCell function) is vulnerable against profiled and non-profiled attacks when unprotected or protected implementations based on existing balancing or masking techniques are used. On the other hand, our proposed countermeasure that smartly combines balancing and masking offers full protection with negligible overhead.
Power-based side channel attacks (SCAs) are recognized as a powerful type of hardware attacks. Recently, attacks based on deep learning (DL) neural networks have become popular due to their high efficiency. However, even these attacks face problems when sophisticated countermeasures exist. Pre-processing the input data is an effective way to improve the performance of such neural networks. Currently, only limited research has focused on exploring pre-processing techniques for DL-based attacks. In this paper, we propose to the best of our knowledge for the first time the usage of data transformation, data concatenation and stacked auto-encoder (encoder only) as pre-processing methods. Thereafter, we compare them with the existing techniques, namely data augmentation and stacked auto-encoder techniques. Our results show that the data transformation technique achieves the best results from the evaluated methods; it improves the validation accuracy from 75% to 95% and 23% to 26% for the RSA and AES implementations, respectively.
...
Power-based side channel attacks (SCAs) are recognized as a powerful type of hardware attacks. Recently, attacks based on deep learning (DL) neural networks have become popular due to their high efficiency. However, even these attacks face problems when sophisticated countermeasures exist. Pre-processing the input data is an effective way to improve the performance of such neural networks. Currently, only limited research has focused on exploring pre-processing techniques for DL-based attacks. In this paper, we propose to the best of our knowledge for the first time the usage of data transformation, data concatenation and stacked auto-encoder (encoder only) as pre-processing methods. Thereafter, we compare them with the existing techniques, namely data augmentation and stacked auto-encoder techniques. Our results show that the data transformation technique achieves the best results from the evaluated methods; it improves the validation accuracy from 75% to 95% and 23% to 26% for the RSA and AES implementations, respectively.
GRINCH
A Cache Attack against GIFT Lightweight Cipher
Conference paper
(2021)
-
Cezar Reinbrecht, Abdullah Aljuffri, Said Hamdioui, Mottaqiallah Taouil, Johanna Sepulveda
The National Institute of Standard and Technology (NIST) has recently started a competition with the objective to standardize lightweight cryptography (LWC). The winning schemes will be deployed in Internet-of-Things (IoT) devices, a key step for the current and future information and communication technology market. GIFT is an efficient lightweight cipher and it is used by one-fourth of the LWC candidates in the NIST LWC competition. Thus, its security evaluation is critical. One vital threat to the security are so-called logical side-channel attacks based on cache observations. In this work, we propose a novel cache attack on GIFT referred to as GRINCH. We analyzed the vulnerabilities of GIFT and exploited them in our attack. The results show that the attack is effective and that the full key could be recovered with less than 400 encryptions.
...
The National Institute of Standard and Technology (NIST) has recently started a competition with the objective to standardize lightweight cryptography (LWC). The winning schemes will be deployed in Internet-of-Things (IoT) devices, a key step for the current and future information and communication technology market. GIFT is an efficient lightweight cipher and it is used by one-fourth of the LWC candidates in the NIST LWC competition. Thus, its security evaluation is critical. One vital threat to the security are so-called logical side-channel attacks based on cache observations. In this work, we propose a novel cache attack on GIFT referred to as GRINCH. We analyzed the vulnerabilities of GIFT and exploited them in our attack. The results show that the attack is effective and that the full key could be recovered with less than 400 encryptions.
Journal article
(2021)
-
Abdullah Aljuffri, Marc Zwalua, Cezar Rodolfo Wedig Reinbrecht, Said Hamdioui, Mottaqiallah Taouil
Side-channel attacks (SCAs) are powerful attacks that could be used to retrieve keys from electronic devices. Several physical leakage sources can be exploited in SCAs, such as power, time, heat, and so on. Heat is one of the side-channels that is not frequently analyzed by attackers in the literature due to the high noise associated with thermal traces. This article investigates the practicality of adapting power-based SCAs [i.e., correlation power analysis (CPA) and deep-learning-based power attacks (DL-based PA)] for thermal attacks and refer to them as correlation thermal attack (CTA) and DL-based thermal attack (DL-based TA). In addition, we introduce a new attack called progressive CTA (PCTA). We evaluate the different thermal SCAs against an unprotected and protected software implementation of Rivest-Shamir-Adleman (RSA). Our results show the practicality of the three attacks (i.e. CTA, DL-based TA, and PCTA) as a 100% key recovery is realized.
...
Side-channel attacks (SCAs) are powerful attacks that could be used to retrieve keys from electronic devices. Several physical leakage sources can be exploited in SCAs, such as power, time, heat, and so on. Heat is one of the side-channels that is not frequently analyzed by attackers in the literature due to the high noise associated with thermal traces. This article investigates the practicality of adapting power-based SCAs [i.e., correlation power analysis (CPA) and deep-learning-based power attacks (DL-based PA)] for thermal attacks and refer to them as correlation thermal attack (CTA) and DL-based thermal attack (DL-based TA). In addition, we introduce a new attack called progressive CTA (PCTA). We evaluate the different thermal SCAs against an unprotected and protected software implementation of Rivest-Shamir-Adleman (RSA). Our results show the practicality of the three attacks (i.e. CTA, DL-based TA, and PCTA) as a 100% key recovery is realized.
Multi-bit blinding
A countermeasure for RSA against side channel attacks
Asymmetric algorithms such as RSA are considered secure from an algorithmic point of view, yet their implementations are typically vulnerable as they are used by attackers to comprise the secret key. Many countermeasures have been proposed to thwart these attacks. However, they are typically broken as the key can be easily compromised when attackers succeed figuring out which part of the traces belong to the square and multiply operations. In this paper, a new countermeasure is proposed against side channel attacks, referred to as multi-bit blinding. The proposed method provides a constant execution behavior regardless of the key value without additional cost (i.e., dummy/extra operations). It realizes this by considering multiple bits of the key (i.e., two in this paper) simultaneously and always perform the same operations on them independent of the two-bit value. This makes attacks much harder as the attacker cannot retrieve the key simply by identifying the operations. Instead, the attackers need to guess the correct values of the operations as well. As a case study, the security of an RSA algorithm implementation based on the proposed method is evaluated. Our experimental results show that the new method is secure against profiled and non-profiled side channel attacks with less overhead than currently published countermeasures.
...
Asymmetric algorithms such as RSA are considered secure from an algorithmic point of view, yet their implementations are typically vulnerable as they are used by attackers to comprise the secret key. Many countermeasures have been proposed to thwart these attacks. However, they are typically broken as the key can be easily compromised when attackers succeed figuring out which part of the traces belong to the square and multiply operations. In this paper, a new countermeasure is proposed against side channel attacks, referred to as multi-bit blinding. The proposed method provides a constant execution behavior regardless of the key value without additional cost (i.e., dummy/extra operations). It realizes this by considering multiple bits of the key (i.e., two in this paper) simultaneously and always perform the same operations on them independent of the two-bit value. This makes attacks much harder as the attacker cannot retrieve the key simply by identifying the operations. Instead, the attackers need to guess the correct values of the operations as well. As a case study, the security of an RSA algorithm implementation based on the proposed method is evaluated. Our experimental results show that the new method is secure against profiled and non-profiled side channel attacks with less overhead than currently published countermeasures.
Revealing the Secrets of Spiking Neural Networks
The Case of Izhikevich Neuron
Conference paper
(2021)
-
Luíza Caetano Garaffa, Abdullah Aljuffri, Cezar Reinbrecht, Said Hamdioui, Mottaqiallah Taouil, Johanna Sepulveda
Spiking Neural Networks (SNNs) are a strong candidate to be used in future machine learning applications. SNNs can obtain the same accuracy of complex deep learning networks, while only using a fraction of its power. As a result, an increase in popularity of SNNs is expected in the near future for cyber physical systems, especially in the Internet of Things (IoT) segment. However, SNNs work very different than conventional neural network architectures. Consequently, applying SNNs in the field might introduce new unexpected security vulnerabilities. This paper explores and identifies potential sources of information leakage for the Izhikevich neuron, which is a popular neuron model used in digital implementations of SNNs. Simulations and experiments on FPGA implementation of the spiking neurons show that timing and power can be used to infer important information of the internal functionality of the network. Additionally, the paper demonstrates that is feasible to perform a reverse engineering attack using both power and timing leakage.
...
Spiking Neural Networks (SNNs) are a strong candidate to be used in future machine learning applications. SNNs can obtain the same accuracy of complex deep learning networks, while only using a fraction of its power. As a result, an increase in popularity of SNNs is expected in the near future for cyber physical systems, especially in the Internet of Things (IoT) segment. However, SNNs work very different than conventional neural network architectures. Consequently, applying SNNs in the field might introduce new unexpected security vulnerabilities. This paper explores and identifies potential sources of information leakage for the Izhikevich neuron, which is a popular neuron model used in digital implementations of SNNs. Simulations and experiments on FPGA implementation of the spiking neurons show that timing and power can be used to infer important information of the internal functionality of the network. Additionally, the paper demonstrates that is feasible to perform a reverse engineering attack using both power and timing leakage.
Side channel attacks are a serious threat to integrated circuits. They are hardly detectable and use inherent information leaked by the hardware to infer sensitive information like secret keys. Over the last ten years, numerous side channel attacks have been examined, exploring various forms of leakage channels such as time, power, electromagnetic field, photon emission, and acoustic. Among them, power side channel attacks are the most popular ones. Developing an appropriate counter-measure against such attacks requires a deep understanding of these attacks. This paper presents a study of the most popular power attacks such as differential power attack and correlation power attack and discusses the latest countermeasures in this domain and their shortcomings.
...
Side channel attacks are a serious threat to integrated circuits. They are hardly detectable and use inherent information leaked by the hardware to infer sensitive information like secret keys. Over the last ten years, numerous side channel attacks have been examined, exploring various forms of leakage channels such as time, power, electromagnetic field, photon emission, and acoustic. Among them, power side channel attacks are the most popular ones. Developing an appropriate counter-measure against such attacks requires a deep understanding of these attacks. This paper presents a study of the most popular power attacks such as differential power attack and correlation power attack and discusses the latest countermeasures in this domain and their shortcomings.
Guard-NoC
A protection against side-channel attacks for MPSoCs
Conference paper
(2020)
-
Cezar Reinbrecht, Abdullah Aljuffri, Said Hamdioui, Mottaqiallah Taouil, Bruno E. Forlin, Johanna Sepulveda
Multi-Processor System-on-Chips (MPSoCs) are popular computational platforms for a wide variety of applications due to their energy efficiency and flexibility. Like many other platforms they are vulnerable to Side Channel Attacks (SCAs). In particular, Logical SCAs (LSCAs) are very powerful as sensitive information can be retrieved by simply observing system properties that depend on the victim's software execution on the MPSoC. Unfortunately, many of the current protection mechanisms are either platform dependent or are effective only against a reduced set of attacks. In this work, we present Guard-NoC, a secure Network-on-Chip (NoC) architecture able to protect MPSoCs against a wide variety of LSCAs. The secure NoC employs three application-independent strategies to hide and isolate sensitive information: i) blinding the execution time of operations; ii) masking the execution time of operations; and iii) dual communication strategy (i.e., use packet and circuit switching simultaneously). Our results show that our secure NoC is resilient against practical LSCAs and leaks almost no information while having a minimal area and power overhead.
...
Multi-Processor System-on-Chips (MPSoCs) are popular computational platforms for a wide variety of applications due to their energy efficiency and flexibility. Like many other platforms they are vulnerable to Side Channel Attacks (SCAs). In particular, Logical SCAs (LSCAs) are very powerful as sensitive information can be retrieved by simply observing system properties that depend on the victim's software execution on the MPSoC. Unfortunately, many of the current protection mechanisms are either platform dependent or are effective only against a reduced set of attacks. In this work, we present Guard-NoC, a secure Network-on-Chip (NoC) architecture able to protect MPSoCs against a wide variety of LSCAs. The secure NoC employs three application-independent strategies to hide and isolate sensitive information: i) blinding the execution time of operations; ii) masking the execution time of operations; and iii) dual communication strategy (i.e., use packet and circuit switching simultaneously). Our results show that our secure NoC is resilient against practical LSCAs and leaks almost no information while having a minimal area and power overhead.
S-NET
A Confusion Based Countermeasure Against Power Attacks for SBOX
Conference paper
(2020)
-
Abdullah Aljuffri, Pradeep Venkatachalam, Cezar Reinbrecht, Said Hamdioui, Mottaqiallah Taouil
Side channel attacks are recognized as one of the most powerful attacks due to their ability to extract secret key information by analyzing the unintended leakage generated during operation. This makes them highly attractive for attackers. The current countermeasures focus on either randomizing the leakage by obfuscating the power consumption of all operations or blinding the leakage by maintaining a similar power consumption for all operations. Although these techniques help hiding the power-leakage correlation, they do not remove the correlation completely. This paper proposes a new countermeasure type, referred to as confusion, that aims to break the linear correlation between the leakage model and the power consumption and hence confuses attackers. It realizes this by replacing the traditional SBOX implementation with a neural network referred to as S-NET. As a case study, the security of Advanced Encryption Standard (AES) software implementations with both conventional SBOX and S-NET are evaluated. Based on our experimental results, S-NET leaks no information and is resilient against popular attacks such as differential and correlation power analysis.
...
Side channel attacks are recognized as one of the most powerful attacks due to their ability to extract secret key information by analyzing the unintended leakage generated during operation. This makes them highly attractive for attackers. The current countermeasures focus on either randomizing the leakage by obfuscating the power consumption of all operations or blinding the leakage by maintaining a similar power consumption for all operations. Although these techniques help hiding the power-leakage correlation, they do not remove the correlation completely. This paper proposes a new countermeasure type, referred to as confusion, that aims to break the linear correlation between the leakage model and the power consumption and hence confuses attackers. It realizes this by replacing the traditional SBOX implementation with a neural network referred to as S-NET. As a case study, the security of Advanced Encryption Standard (AES) software implementations with both conventional SBOX and S-NET are evaluated. Based on our experimental results, S-NET leaks no information and is resilient against popular attacks such as differential and correlation power analysis.