Simulation-based verification of EM side-channel attack resilience of embedded cryptographic systems

Electromagnetic (EM) fields emanated due to switching currents in crypto-blocks can be an effective non-invasive channel for extracting secret keys. Accurate design-time simulation tools are needed to predict vulnerabilities and improve resilience of embedded systems to EM side-channel analysis attacks. Modeling such attacks is challenging, however, as it requires a multitude of expensive simulations across multiple circuit abstraction levels together with EM simulations. In this work, a simulation ow is developed to study the differential EM analysis (DEMA) attack on the Advanced Encryption System (AES) block cipher. The proposed ow enables design-time evaluation of realistic DEMA attacks for the first time. The major challenge is accurately computing signals received by a nearby probe at various positions above the chip surface for a large number of AES encryptions. This requires rapidly generating spatial distribution and transient EM radiation of on-chip current waveforms. Commercial CAD tools are used to generate space-time samples of these waveforms and a custom EM simulator to radiate them. The computations are sped up by focusing on information-leaking time windows, performing hybrid gate- and transistor-level simulations, radiating only the currents on top metallization layers, and generating traces for different encryptions in parallel. These methods reduce simulation time to a manageable ~ 20 hrs wall-clock time/attack allowing a previously impossible level of vulnerability analysis. The proposed ow also allows pinpointing critical regions on the chip most susceptible to EM attacks. We demonstrate that exploiting the spatial profile of circuit elements can reveal cryptographic keys with significantly fewer number of traces than DPA , guiding designers to the most critical areas of the layout. This enables targeted deployment of counter-measures to the highest information-leaking design components