

Finding and Mitigating Side-channel Leakage in Embedded Architectures

Patrick Schaumont (PI), William Diehl (Co PI) Virginia Tech, ECE Department

# **The Problem**

Embedded devices vulnerable to Side Channel Attacks (SCA)

Mathematically secure but physically breakable

Generalized solution to compose SCA-resistant SW remains fleeting

- Languages, compilers, ISA, and Hardware constantly changing
- Automation remains elusive





http://www.pd4pic.com/satellite-flat-icon-cartoon-dish-antenna-signal.htm

# **Our Objectives**

Meet above challenges head-on through *composable*, *multifaceted, automated* approach

- Restructure software into *bitsliced* code to facilitate automated countermeasure insertion
- Automated flow to find, evaluate mode of leakage, and apply *mitigation* techniques



# $reg_{0} \uparrow b,$ $reg1 n bit_{1}$ reg1 bit<sub>1</sub>



## **Key Challenges**

**Generation of bitsliced code** 

# Significance

Inhibits wide-spread

# **Scientific Impact**

Generalized approach to generate bitsliced code

| ••• | Control intensive processes are |
|-----|---------------------------------|
|     | challenging                     |

#### **Countermeasure insertion is** "hit & miss"

 Most embedded designers are not experts in security

#### **Countermeasure effectiveness** unpredictable

Many layers of abstraction (HLL, compilers, ISA, logic gates)

#### **Verification is time-consuming**

Difficult in HW; How to get accurate results in simulation?

exploration of security & efficiency

*Countermeasures either not,* or incorrectly implemented, in embedded architectures

Mathematically "secure" countermeasures end up not being secure

Verification & mitigation of *leakage not performed due to* time and expense

- Improved compiler design \*\*
- Improvements in High Level Synthesis (HLS)
- On-the-fly adjustment of security and variable precision \*\*

#### **Improved understanding of side-channel "theory versus** reality"

- Better understanding of linkage between compiled language and ISA \*\*
- Close the gap between mathematically-derived randomness \*\* requirements, and empirical observations

#### Automated insertion of countermeasures; identification and mitigation of leakage

- Secure design depending on arcane science is not secure
- Design flows available to designers as part of main-stream EDA tools

#### **Generate Bitsliced Code**







## **Broader Impacts**





## Courses

- ECE 4530 Hardware Software Codesign
- ECE 5580 Cryptographic Engineering
- ECE 5520 Secure Hardware Design





http://www.vectorstock.com, http://businessinsider.com, http://www.grid.org

# References

P. Kiaei, D. Mercadier, PE. Dagand, K. Heydemann, P. Schaumont, "SKIVA: Flexible and Modular Side-channel and Fault Countermeasures," IACR ePrint 2019/756 W. Diehl, A. Abdulgadir, J. P. Kaps, "Vulnerability Analysis of a Soft Core Processor through Fine-grain Power Profiling," IACR ePrint 2019/742



The 4<sup>th</sup> NSF Secure and Trustworthy Cyberspace Principal Investigator Meeting (2019 SaTC PI Meeting) October 28-29, 2019 | Alexandria, Virginia