How to perform electromagnetic side-channel analysis by simulation

Talk Title:

How to perform electromagnetic side-channel analysis by simulation

Abstract:

For many years EM Side-Channel Attacks (SCA), which exploit the statistical link between the magnetic field radiated by secure ICs and the data they process, are a critical threat. Indeed, attackers need to find only one leaky position over the IC to compromise the security of the IC and its data. As a result, designing secure ICs robust enough to resist these attacks is incredibly difficult because designers must ensure there is no exploitable hotspots over the whole IC surface. This task is all the more difficult as there is no techniques in literature for verifying, during the design stage, the robustness of ICs against EM SCA. In fact, the available power analysis tools cannot assure that a design is free of any EM leakage, as they do not take into consideration neither the physical implementation of the chip nor the power rail distribution. In this context, the first contribution of our researches is a simulation flow able to reproduce the magnetic field radiated by ICs. This flow is based on a commercial IR drop tool (RedHawk from ANSYS). The second and main contribution, is a new technique, called Noise-to-Add, allowing to correctly interpret simulated correlation power analysis (CPA) maps. Indeed, simulations are noise-free and performing CPAs by simulation is no help to identify EM leakages prior to fabrication. The third contribution is a simple technique to identify the root causes of EM leakages in ICs. These origins, which are denoted as leakage hotpots, are different from EM hotspots which are defined as the coordinates at which EM probes must be placed to effectively capture leakages.

Speaker Bio:

Philippe Maurine received the M.S. and Ph.D. degrees in electronics from the University of Montpellier, Montpellier, France, in 1998 and 2001, respectively. Since 2003, he has been an Associate Professor with the Laboratory of Informatics, Robotics, and Microelectronics, University of Montpellier, developing microelectronics in the engineering program of the University. His current research interests include adaptive system-on-chip design, secure IC design, secure embedded software, side-channel analysis, and fault injection techniques.

Thomas Ordas received the Ph.D. degree in electronics from the University of Montpellier, Montpellier, France, in 2010. Since 2011, he has been an Application and Security Engineer at STMicroelectronics. In 2018, he became a Technical Staff Member in hardware security and side channel analysis. His current job interests include EM analysis, secure IC design, side-channel analysis.

Davide Poggi was graduated in electronic engineering from Polytech Nice Sophia in 2018. He is currently enrolled in a Ph.D at STMicroelectronics (Rousset, France) in collaboration with the Laboratory of Informatics, Robotics, and Microelectronics, University of Montpellier (France). His Ph.D subject is focused on the electromagnetic emission modeling in secure ICs.

Alexandre Sarafianos was graduated from Ecole Polytechnique Universitaire de Marseille in 2010. He received the Ph.D degree from Ecole des Mines de Saint- Etienne in 2013 in collaboration with STMicroelectronics (Rousset-France). His Ph.D subject was the laser fault injections in secure microcontrollers. Since 2013, he is employed by STMicroelectronics and works in the Security Architecture Team of the Secure Microcontroller division. His current research topics are mainly fault injections, physical attacks and reverse engineering in order to develop countermeasures for STMicroelectronics.