AROMA: A highly accurate microcomponent-based approach for embedded processor power analysis
3
Citation
22
Reference
10
Related Paper
Citation Trend
Abstract:
We propose a new embedded processor power analysis approach that maps instruction executions to microarchitecture components for highly efficient and accurate power evaluations, which are crucial for embedded system designs. We observe that in practice, the execution of each high-level instruction in a processor always triggers the same microcomponent activity sequence while the difference of power consumption values of different instructions is mainly due to timing variations caused by hazards and cache misses. Hence, by incorporating accurately pre-characterized microcomponent power consumption values into an efficient instruction-microcomponent processor timing simulation tool, we construct a highly accurate embedded processor power analysis tool. Additionally, based on the proposed approach, we accurately and effortlessly capture the power waveform at any time point for power profiling, peak power and dynamic thermal distribution analysis. The experimental results show that the proposed approach is nearly as accurate as gate-level simulators, with an error rate of less than 1.2% while achieving simulation speeds of up to 20 MIPS, five orders faster than a commercial gate-level simulator.Keywords:
Profiling (computer programming)
Microarchitecture
Power analysis
Dynamic demand
Static-power-based side-channel attacks have developed rapidly in the past few years. Many classical side channel attack algorithms have been adapted to exploit static power consumption. There have been successful applications of side-channel attacks based on static power dissipation of cryptographic circuits designed in different technology sizes. In this paper we perform template attacks on a masked s-box circuit designed and simulated using 45-nm CMOS standard cell library. We are the first to compare template attacks using static power and dynamic power in the context of masked s-box implementations. We are able to achieve successful results using both types of power leakage. However, we observe that, in the 45-nm environment, dynamic power analysis requires a high sampling rate for the oscilloscopes used to collect data, while the results of static power analysis are more sensitive to additive noise.
Power analysis
Dynamic demand
S-box
Cite
Citations (5)
In this paper, a novel class of power analysis attacks to cryptographic circuits is presented. These attacks aim at recovering the secret key of a cryptographic core from measurements of its static (leakage) power. These attacks exploit the dependence of the leakage current of CMOS integrated circuits on their inputs (including the secret key of the cryptographic algorithm that they implement), as opposite to traditional power analysis attacks that are focused on the dynamic power. For this reason, this novel class of attacks is named ¿leakage power analysis¿ (LPA). Since the leakage power increases much faster than the dynamic power at each new technology generation, LPA attacks are a serious threat to the information security of cryptographic circuits in sub-100-nm technologies. For the first time in the literature, a well-defined procedure to perform LPA attacks that is based on a solid theoretical background is presented. Advantages and measurement issues are also analyzed in comparison with traditional power analysis attacks based on dynamic power measurements. Examples are provided for various circuits, and an experimental attack to a register is performed for the first time. An analytical model of the LPA attack result is also provided to better understand the effectiveness of this technique. The impact of technology scaling is explicitly addressed by means of a simple analytical model and Monte Carlo simulations. Simulations on a 65- and 90-nm technology and experimental results are presented to justify the assumptions and validate the leakage power models that are adopted.
Power analysis
Leakage (economics)
Information leakage
Dynamic demand
Cite
Citations (121)
Clock gating is an effective means for reducing average power consumption. However, clock gating can exacerbate maximum cycle-to-cycle current swings, or the step-power (Ldi/dt) problem. We present a microarchitecture-level step-power simulator and demonstrate its use in exploring how design alternatives impact relative step-power levels. We show how the tool can be used to identify major sources of high microprocessor step-power events. Our experiments indicate that branch mispredictions are a major cause of high step-power occurrences. We also show that high step-power events are infrequent which suggest that architectural techniques may limit step-power at potentially low performance cost.
Clock gating
Microarchitecture
Branch predictor
Power gating
Microprocessor
Dynamic demand
Power analysis
Static timing analysis
Cite
Citations (3)
Equivalent power consumption coding algorithm not only could improve algorithm efficiency,but also could be against the power analysis attacks.But it had weaknesses in all-zero exponential segment because of a defect of pseudo-operation design.So a new pseudo-operation was proposed to improve the algorithm’s security.And a rapid im-plementation using Montgomery algorithm was presented too.It could accelerate the operation with no-lower safety.The research’s validity is proved in the real power testing platform.
Power analysis
Cite
Citations (0)
An analysis method of real power estimation is proposed to achieve the co-analysis of dynamic and leakage power. This paper defines two parameters of variation and expectation rate (VER) and maximum-skew ratio (MSR) along with expectation and variation to describe the complicated behavioral of power, which offer more valuable information for low power design. Experiments with some of ISCAS85, ISCAS89 and ITC99 benchmark circuits show the analysis method and the proposed parameters are very useful for low power design and energy delivery.
Power analysis
Dynamic demand
Leakage power
Benchmark (surveying)
Static timing analysis
Network Analysis
Cite
Citations (0)
In this work, the implementation of the PRESENT-80 block cipher in a 40nm CMOS technology, and its vulnerability to Side Channel Attacks Exploiting Static Power is investigated. In the last two decades, several countermeasures to thwart DPA/CPA attacks based on the exploitation of dynamic power consumption have been proposed. In particular, WDDL logic style is a gate-level countermeasure, to Power Analysis Attacks exploiting dynamic Power. It has been demonstrated that, in deep sub-micron technologies, the static power consumption is no more negligible as in the past and malicious attackers can benefit from the dependability of the static power consumption on the processed data: Leakage Power Analysis (LPA) has been proposed to recover sensible information. The possibility to recover the secret key from a protected secure implementation exploiting static power is not a minor threat, and we analyze this vulnerability with actual security metrics and with an information theoretic approach, showing that gate level countermeasures such as WDDL can be successfully attacked exploiting static power instead of dynamic power.
Power analysis
Dynamic demand
Vulnerability
Countermeasure
Cite
Citations (17)
Side-channel attacks are proven to be efficient tools in attacking cryptographic devices.
Dynamic power leakage has been used as a source for many well-known side-channel
attack algorithms. As process technology size shrinks, the relative amount of static
power consumption increases accordingly, and reaches a significant level in sub-100-
nm chips, potentially changing the nature of side-channel analysis based on power
consumption. In this thesis, we demonstrate our work in side-channel attacks exploiting
static power leakage. Our research interest is particularly focused on profiled attacks.
Firstly, we present recent developments of static power analysis and provide our
results to further support some of the conclusions in existing publications. We also
give a description of the template attack we developed for static power analysis of
block ciphers. This template attack uses new distinguishers which are previously
applied to other data analysis fields. The results of our study are achieved using
simulations in a 45-nm and 65-nm CMOS environment, and demonstrate the viability
of static-power-based template attacks.
Secondly, we bring kernel density estimation into the scenario of static power
analysis. We compare the performance of the kernel method and conventional Gaussian
distinguisher. It is demonstrated in our experiments that the static power leakage
may not satisfy multivariate Gaussian distribution, in which case the kernel method
results in better attack outcomes.
Thirdly, we perform template attacks on a masked S-box circuit using static and
dynamic power leakage. We are the first to compare static power and dynamic power in the scenario of profiled attacks against masked devices. The attacks are shown
to be successful, and by performing multiple attacks and adding Gaussian noise, we
conclude that in the 45-nm environment, dynamic power analysis requires a high
sampling rate for the oscilloscopes, while the results of static-power-based attacks are
more sensitive to additive noise.
Lastly, we attempt to combine static and dynamic power leakage in order to take
the advantage of both leakage sources. With the help of deep learning technology, we
are able to propose more complex schemes to combine different leakage sources. Three
combining schemes are proposed and evaluated using a masked S-box circuit simulated
with 45-nm library. The experiment results show that the hierarchical LSTM proposal
performs the best or close to the best in all test cases.
Power analysis
Dynamic demand
Kernel (algebra)
S-box
Cite
Citations (0)
Since their publication in 1998, power analysis attacks have attracted significant attention within the cryptographic community. So far, they have been successfully applied to different kinds of implementations (e:g: smart cards, ASICs, FPGAs) of cryptographic algorithms. To protect such devices against power analysis attacks, it has been proposed to use a dynamic and differential logic style for which the power consumption does not depend on the data handled. In this paper, we suggest to use the Dynamic Current Mode Logic to counteract power analysis. The resulting circuits exhibit similar resistance to the previously published proposals but significantly reduce the power delay product. We also demonstrate that certain criteria previously used to evaluate the resistance against power analysis have no cryptographic relevance.
Power analysis
Dynamic demand
Cite
Citations (58)
The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. The continuous growth of the leakage power dissipation in nanometer-scaled CMOS technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. In this paper, we present the first experimental results of a static power side-channel analysis targeting an ASIC implementation of a provably first-order secure hardware masking scheme. The investigated 150 nm CMOS prototype chip realizes the PRESENT-80 lightweight block cipher as a threshold implementation and allows us to draw a comparison between the information leakage through its dynamic and static power consumption. By employing a sophisticated measurement setup dedicated to static power analysis, including a very low-noise DC amplifier as well as a climate chamber, we are able to recover the key of our target implementation with significantly less traces compared to the corresponding dynamic power analysis attack. In particular, for a successful third-order attack exploiting the static currents, less than 200 thousand traces are needed. Whereas for the same attack in the dynamic power domain around 5 million measurements are required. Furthermore, we are able to show that only-first-order resistant approaches like the investigated threshold implementation do not significantly increase the complexity of a static power analysis. Therefore, we firmly believe that this side channel can actually become the target of choice for real-world adversaries against masking countermeasures implemented in advanced CMOS technologies.
Power analysis
Dynamic demand
Information leakage
Application-specific integrated circuit
Cite
Citations (0)