security evaluation against electromagnetic analysis at
TRANSCRIPT
Security Evaluation Against Electromagnetic Analysis at Design Time
Huiyun Li, A. Theodore Markettos, Simon Moore
University of Cambridge
2005-8-31 CHES 2005 2
Outline
MotivationSimulation methodology for EMA
System partitioningSimulation flowTypes of EM emissionsEMA measurement equipment
ResultsConclusion
2005-8-31 CHES 2005 3
Motivation – side channel attacks
Chip SurfaceISO Interface
Electromagneticradiation
3
Powerconsumption
2
Timing of computation
1
2005-8-31 CHES 2005 4
Motivation
Post-manufacture test: Time consumingError proneExpensiveSo that has driven the study of design-time security evaluation
2005-8-31 CHES 2005 5
EM Simulator
EM Simulation -- Solve Maxwell’s Equations for simulating wave propagation
Pro: accurateCon: computationally complex, time-consuming
2005-8-31 CHES 2005 6
EMA measurement equipment
Near-field electric field sensors
Near-field magnetic field sensors
Far-field electromagnetic field sensors
IE ∝
IB ∝
( )πλ 2/<r
( )πλ 2/>r
Iemf ∝
2005-8-31 CHES 2005 7
Circuit Simulator
Circuit Simulation – solve for V & I according to Kirchhoff’s voltage and current laws
Pro: fastCon: accuracy limited by the accuracy of lumped element models; validity limited by range of frequencies, geometries etc
2005-8-31 CHES 2005 8
System partitioning
Circuit Simulator
chip
package
PCB
2005-8-31 CHES 2005 9
System partitioning
PCB
packageEM Simulator
chip
2005-8-31 CHES 2005 10
EM analysis simulation procedure
2005-8-31 CHES 2005 11
EMA measurement equipment
Near-field electric field sensors
Near-field magnetic field sensors
Far-field electromagnetic field sensors
IE ∝
IB ∝
( )πλ 2/<r
( )πλ 2/>r
Iemf ∝
dtdI
dtdBV ∝∝
2005-8-31 CHES 2005 12
Types of EM emissions
Direct Emissions
Modulated EmissionsAmplitude ModulationAngle Modulation (phase or frequency)
2005-8-31 CHES 2005 13
Simulation setup – Springbank test chip
2005-8-31 CHES 2005 14
Simulation results-- synchronous XAP processor -- inductive sensor
2005-8-31 CHES 2005 15
EM measurement results-- synchronous XAP processor -- inductive sensor
−5 0 5 10 15 20
x 10−8
−0.025
−0.02
−0.015
−0.01
−0.005
0
0.005
0.01
0.015
0.02
0.025
Time(s)
Vol
tage
at o
scill
osco
pe(V
)
EMA 1: 00 XOR 55EMA 2: 55 XOR 55DEMA
XOR STORESTORE
2005-8-31 CHES 2005 16
Simulation results-- dual-rail asynchronous XAP processor -- inductive sensor
2005-8-31 CHES 2005 17
EM measurement results-- dual-rail asynchronous XAP processor -- inductive sensor
−5 0 5 10 15 20
x 10−8
−0.05
−0.04
−0.03
−0.02
−0.01
0
0.01
0.02
0.03
0.04
0.05
Time(s)
Vol
tage
at o
scill
osco
pe(V
)
EMA 1: 00 XOR 55EMA 2: 55 XOR 55DEMA
STORE STORE BRANCHXOR
2005-8-31 CHES 2005 18
Simulation results-- dual-rail asynchronous XAP processor -- inductive sensor – modulated emission
2005-8-31 CHES 2005 19
How time shift affects AM modulation and demodulation
pulse
AM mod
AM demod
2005-8-31 CHES 2005 20
How time shift affects AM modulation and demodulation
pulse shifted in time
AM mod
AM demod
2005-8-31 CHES 2005 21
Conclusion
A simulation methodology for EMA has been proposed
EM simulator for modelling Package and PCB
Circuit simulator for simulating EMA of chip+ package +PCB
Data processing for EM analysis according to sensor types (ouput ∝ di/dt or ∝ i) EM emission types (direct or modulated)
2005-8-31 CHES 2005 22
The results also indicates that
The synchronous processor under test has data dependent EM emissions
The asynchronous processor under test has less data dependent EM emissions in direct EMA test, but demonstrated more data dependent EM emissions in modulated EMA test
Conclusion cont.
2005-8-31 CHES 2005 23
Thank You!