Physical side channels in embedded hardware security : analysis and defenses
The advancement of digital silicon technology brings a variety of novel embedded systems to our daily life. As a unique yet critical requirement, the demand for security and privacy in systems has been rising. Over the decades, the software-layer security has been widely investigated. Unfortunately, security related to the physical/hardware implementation of systems, has received less attention. Physical side channel is one of the most widely exploited attack vectors by which an adversary can target the system. Physical side-channel analysis extracts secrets via an unintended physical information leakage from embedded hardware, such as via its power consumption or EM emanation. This dissertation investigates physical side-channel vulnerabilities as well as defenses in several emerging applications. At the same time, since physical side channel carries information of the system, a malicious exploit targeting the system may leave its footprint in the collected physical information. This dissertation also explores the possibility of utilizing physical side channels to defend against attacks.
This dissertation first addresses the vulnerability of an ASIC AES implementation to a new side-channel attack based on localized electromagnetic analysis, which is an especially potent threat to security of embedded cryptographic implementations. The attack utilizes high-resolution EM probes to localize and exploit information leakage in sub-circuits of a system, providing information not available in traditional (far-field) EM and power attacks. This dissertation proposes a countermeasure based on randomizing the assignment of sensitive data to parallel datapath components in a high-performance implementation of AES. A permutation network, controlled by a transient random value, creates a dynamic random mapping between the state registers and the set of S-boxes. This randomization results in a significant reduction of exploitable leakage.
This dissertation then studies whether the Deep Neural Networks (DNN) deployed on spatial accelerators are vulnerable to power side-channel attacks. With proliferation of DNN-based applications, the confidentiality of DNN model is an important commercial goal. Spatial accelerators, that parallelize matrix/vector operations, are utilized for enhancing energy efficiency of DNN computation. We investigate the vulnerability of complex spatial accelerators to model extraction attacks derived from differential power analysis (DPA) of cryptographic devices. The dissertation implements two systolic array architectures of different dimensions (1D and 2D) on an FPGA, and shows that both architectures are ultimately vulnerable. A conventional DPA succeeds fully on the 1D array, and a novel template-based DPA, with multiple profiling phases, is able to fully break the 2D array, Chapter 3.
Next, this dissertation investigates the use of the power side channel to detect malware in the Linux boot running on an embedded system. The boot sequence is the initial process executed on any computing system and is often the target of malicious exploits. We develop the first non-intrusive power-based malware detection method to ensure security of boot in an embedded system with the Intel Xeon-class CPU. The dissertation considers the threat of untrusted devices plugged in a confidential system, and the threat of the compromised kernel that the system boots into. The detector uses features based on optimal strategically-chosen phases in classification. This improves classification accuracy compared to existing approaches which considers full power trace non-discriminately. We finally demonstrate an ensemble classification scheme based on optimal phases of a limited, representative set of attacks, with a reduced training cost. It shows improved classification accuracy compared to the baseline full trace classifiers, Chapter 4.
As a side goal, this dissertation then studies enhancements to a novel physical security primitive, the lattice PUF, which is a strong PUF with provable security against ML attacks with both classical and quantum computers. PUFs are security primitives which can be deployed to defend against various physical attacks. It is critical to convert a theoretically sound construction into an efficient physical implementation. The original lattice PUF proposal only considers resource-constrained designs. We develop a set of latency-optimized implementations for lattice PUF. Lattice PUF is constructed with a physically obfuscated key and an LWE decryption function block. To reduce latency, the latency-optimized design uses an unrolled LFSR which produces multiple pseudo-random bits per cycle, and a parallel datapath which allows generating multiple response bits simultaneously. For design space exploration, the dissertation prototyped several lattice PUF designs on a Spartan 6 FPGA. The optimized design achieves a significant reduction (148X) in latency, at a moderate increase in hardware utilization, Chapter 5.
Finally, this dissertation investigates a novel security primitive for image attestation, which is resilient against physical side-channel analysis. The improper or malicious uses of images raise the need for effective image attestation. No current solution allows perceptual image hashing along with secure physical identity binding. We propose a concept of physical unclonable perceptual hash function (PU-PHF), which allows securely verifying authenticity of both content and origin of an image. The primitive utilizes a strong PUF, attached to the source camera, to produce a hash of each captured image. The key leakage vulnerability is eliminated by directly adopting the response of a keyless strong PUF as an image hash entwined with physical identity. The PUF-caused hash errors are handled by a distinguisher analyzing distributionally-different hash errors to PUF's un-intentional errors and the intentional modifications, without the expensive error correction codes (ECC). The dissertation realizes the PU-PHF using a novel ML-resilient SCA-PUF and shows great attestation accuracy under the various abnormal scenarios with our evaluation dataset.