Framework and Countermeasures For
Total Page:16
File Type:pdf, Size:1020Kb
FRAMEWORK AND COUNTERMEASURES FOR CACHE AND POWER BASED ATTACKS by ANKITA ARORA ATHESIS SUBMITTED IN ACCORDANCE WITH THE REQUIREMENTS FOR THE DEGREE OF MASTER OF ENGINEERING SCHOOL OF COMPUTER SCIENCE AND ENGINEERING THE UNIVERSITY OF NEW SOUTH WALES MAY 2013 ©Copyright by Ankita Arora 2013 All Rights Reserved ii Statement of Originality ‘I hereby declare that this submission is my own work and to the best of my knowledge contains no materials previously published or written by another person, nor material which, to a substantial extent, has been accepted for the award of any other degree or diploma at UNSW or any other educational institution, except where due acknowledge- ment is made in the thesis. Any contribution made to the research by others, with whom I have worked at UNSW or elsewhere, is explicitly acknowledged in the thesis. I also declare that the intellectual content of this thesis is the product of my own work, except to the extent that assistance from others in the project’s design and conception or in style, presentation and linguistic expression is acknowledged’. Ankita Arora May 2013 iii Copyright Statement ‘I hereby grant the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all proprietary rights, such as patent rights. I also retain the right to use, in future works (such as articles or books), all or part of this thesis or dissertation. I have either used no substantial portions of copyright material in my thesis or I have ob- tained permission to use copyright material; where permission has not been granted I have applied/will apply for a partial restriction of the digital copy of my thesis or dissertation’. Ankita Arora May 2013 iv Authenticity Statement ‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis. No emendation of content has occurred and if there are any minor variations in formatting, they are the result of the conversion to digital format’. Ankita Arora May 2013 v ‘This thesis is dedicated to my parents, Mr. R L Arora and Mrs. Gayatri Arora whose love and blessings brought my dream to reality. Jai Gurudev’. vi Acknowledgements ‘Feel infinitely indebted for your body, for knowledge, for the things you have received, for your own life. Then you will bask in the abundance of the Creator’...H.H.Sri Sri Ravishankar Words are not enough to express my gratitude towards divine, H.H.Sri Sri Ravi Shankar, the founder of The Art of Living Foundation for being with me all along. Heartiest thanks to my parents and siblings for supporting me in every phase of life. I am fortunate to be a part of Professor Sri Parameswaran’s research group. The vast experience and knowledge of Professor Sri and seniors lead to the execution of new ideas, publishing papers and extending to further research. I am grateful to my co-supervisor Dr. Jude Angelo Ambrose for brainstorming sessions and extending hand in experimentation. Thankful to seniors, Dr. Roshan Ragel, Dr. Jorgen Peddersen and university colleagues, Dr. Harris Javaid, Sumyatmin Su, Liang Tang, Shihab, Dr. Xin He, James, Darshana Jayasinghe and Tuo Li for their help in understanding tools and environment. Really appreciate timely advice, knowledge and support from my work Manager, Dr. Steve Avery. I could not have done without it. I am very thankful to seniors, Dr. David Goodall and Michael De Nil for their encouragement, experience sharing and proof read- ing my papers/thesis apart from aggressive work schedule. The feedback was very impor- tant and useful. I am grateful to have Dr. Farhana Shahid as my role model for her bravery and strength. Her mature advice, love and blessings made me grow both academically and personally. I am thankful for the encouraging words and support from Jerastin Dubash who always assured her presence at odd times of life. I will always remember the food feast from Supriya Singla, Mrs. Bina Rach, Su Lyn and Ruchi Rach at time of submis- sions. Thanks to Bushra for her blessings, prayers and supporting me in every possible way on this academic journey. I am thankful to Rajat Kulshrestha for moral support, keep- ing an undying smile and passing positive vibrations. Special thanks to all Art of Living teachers for leading towards enthusiasm, optimism and perseverance. vii Fortunate and blessed with a beautiful family, I want to thank the angels of my life, mum, Mrs. Gayatri Arora for uplifting me and being the strongest pillar, dad, Mr. Ramesh Arora for working hard and exposing me to the secrets of success, elder sister, Mrs. San- jeeta Bhatia for being my best friend, showering unconditional love and care, brother-in- law, Mr. Vijay Bhatia for help and support in reaching my goals, younger sister Mukta Arora for her sacrifices, trusting my dreams and strengthening my spirits. Last but not least, beloved nephew Sanchit Bhatia for bringing life to the family. It is a dream comes true. Thanks Almighty. viii Abstract Advancements in technology, the need for automation and ease of manufacturability, have made embedded systems ubiquitous. One of the preeminent challenges in embedded systems is maintaining the privacy of sensitive information being passed and keeping it secure. Security is taken care of by the deployment of state-of-the-art cryptographic al- gorithms to encrypt confidential data, which is then decrypted at the receiving end. Some embedded systems are increasingly attacked by adversaries for financial gain, or to obtain personal information. Internal computations are often revealed by external manifestations such as processing time [1], power consumption [2], electromagnetic emission [3] and faults [4]. Such manifestations can be exploited by an adversary to obtain secret keys of cryptographic algorithms, and the process of obtaining secret keys using this mechanism is called a Side Channel Attack (SCA). SCAs [5, 6] are categorized based on the characteristics used for the attack. Two of the main side channel attacks are cache based attacks and power based attacks. Cache based side channel attacks are built using cache behavior of the system when data is exchanged between the processor and the main memory. A Cache is a smaller and faster memory placed between the processor and main memory and stores the information needed for computations in the processor to reduce memory transaction time. Cache based attacks are further classified as time-driven attacks [7] and access-driven attacks [8]. Time-driven attacks use the encryption time during the execution of cryptographic algorithm in the processor while access-driven attacks are performed when the adversary gets access to the data stored in the cache. Power based attacks are mounted by measuring power variations during the encryption/decryption of a cryptographic algorithm. A successful recovery of the secret key allows the adversary to fake identities and gain benefits. Power based attacks are classified into Simple Power Analysis (SPA) and Differential Power Analysis (DPA) attacks. In SPA [9], internal data is retrieved directly by analyzing the power magnitude, while in DPA [10], much advanced statistical analysis is performed to predict the secret key. ix Several solutions exist to counter both cache based and power based side channel at- tacks. Cache attacks can be avoided by using architectural modifications [11, 12], time skewing [13], cache warming [13], use of maximum cache line size [13],etc. The coun- termeasures used against power based attacks are masking [14], sense amplifier based logic [15], wave dynamic differential logic [16, 17, 18], dual rail circuits [19], etc. Exist- ing techniques to counter cache based and power based attacks are either costly in terms of power and area or involve much complexity, hence lack practicality. In this thesis, the author has implemented a fast trace-driven cache attack, and in- corporated this attack into a flexible framework containing an extensible processor. The processor used is the Tensilicas Xtensa LX2 with modifiable architecture which allows changes in cache architecture, instruction set and addition of extra hardware. On the framework, the author implemented a hardware/software countermeasure and has shown that it is difficult to differentiate the cache misses for differing encryptions. The proces- sor with the countermeasure is 30% more energy efficient, 17% more power efficient and 15% faster when compared to processor without the countermeasure. However, there is an area overhead of 7.6%. To protect the system from power based side channel attack, the author proposed a double width algorithmic balancing using a single core to obfuscate power variations re- sulting in a DPA resistant system. The countermeasure only includes code/algorithmic modifications, hence can be easily deployed in any embedded system with a 16 bit wide (or wider) processor. The DPA attack is demonstrated on the Double Width Single Core (DWSC) solution. The attack proved unsuccessful in finding the secret key. The in- struction memory size overhead is only 16.6% and the data memory increases by 15.8%. The future extensions of the above two countermeasures involve the merging of both and improvements to combat both cache based and power based side channel attacks in one system. x Thesis Publications • Ankita Arora, Roshan Ragel, Darshana Jayasinghe and Sri Parameswaran. A Hardware/Software Countermeasure and a Testing Framework for Cache Based Side Channel Attacks. ICESS, 2011. • Ankita Arora, Jude Angelo Ambrose, Jorgen Peddersen and Sri Parameswaran. A Double-width Algorithmic Balancing to prevent Power Analysis Side Channel Attacks in AES. ISVLSI, 2013.