tsukioka19fast
- Sara Faour
Title of the paper: A Fast Side-Channel Leakage Simulation Technique Based on IC Chip Power Modeling
The paper and a video for the presentation are available at: https://ieeexplore.ieee.org/document/9027104
Abstract
Hardware-based secure integrated circuit (IC) chips with implemented cryptographic algorithms are vulnerable to practical attacks analyzing side-channel (SC) leakage such as electromagnetic radiation. Correlation power analysis (CPA) is a real threat to secret key crypto ICs. Therefore, the information
leakage risks need to be evaluated at the design stage of secure devices. This letter proposes a fast power leakage simulation method for hardware-implemented cryptographic ICs. The power delivery network (PDN) of cryptographic hardware including a silicon substrate is modeled by a chip power model (CPM) and a chip package system (CPS) board model. The proposed method was applied to the advanced encryption standard (AES) test chip implemented by the flip-chip ball grid array (FC-BGA) assembly technology. The simulation results are evaluated by CPA for the SC leakage during plaintext encryption propagating through PDN and silicon substrate. The measurement and simulation successfully find 128-bit secret key on CPA attack. The proposed simulation technique reduces the time required in the exploration of SC leakage risks for secure device designs.
Power SC Leakage in IC Chip
Power supply noise is radiated or conducted everywhere on-chip and on-board, as shown in Fig. 1(a)(b), and probing points can be therefore open in location for an adversary.
An IC chip can be either directly mounted on printed circuit board (PCB) in face-up or assembled in flip chip ball grid array (FC-BGA) in face-down styles.
The popular devices used in SC leakage measurements include a current probe, a voltage probe and a near field EM field probe. The probes can scan over the die surface to find the strongest point of leakage, and this becomes easier on the backside of a Si substrate as in Fig. 1(b). There is no metal wiring on the vacant area of the backside, and also potentially even without resin coating.
The local side channel leakage phenomena inside an IC chip have been discussed in [10]. The power SC leakage for an IC chip should be evaluated with considering its assembly in a final product, through simulation having package and board models.
The EMI performance of an IC chip is generally evaluated using chip package system (CPS) simulation in its design phase. Additionally, the power SC leakage needs to be assessed if an IC chip has security functionality and incorporates any countermeasure method.
Correlated Power Analysis (CPA) Evaluation Results
The proposed fast SC leakage simulation technique is applied to a test chip incorporating AES engine and fabricated in a 130 nm CMOS technology. The 128-bit AES engine is implemented with 27k logic gates in the die size of 4 mm x 3 mm and with the nominal supply voltage of 1.5 V.
The SC leakage simulation becomes more pessimistic in CPS simulation (in blue solid line) than in the simulation only with a chip model (in green dashed line) in Fig. 10. Therefore, the SC leakage is considered
directly impacted by power noise characteristics with the whole impedance networks including a silicon chip including substrate, a package and a board, as is the case with SI and PI problems.
Evaluation of SC Leakage Simulation