REGISTER | LOGIN
Breaking News
News & Analysis

Athena Security IPs Designed to Mend Holes in SoCs

Zooming in on differential power analysis
4/21/2015 08:30 AM EDT
6 comments
NO RATINGS
Page 1 / 2 Next >
More Related Links
View Comments: Newest First | Oldest First | Threaded View
stuaudley
User Rank
Rookie
Re: differential power analysis (DPA) countermeasure
stuaudley   4/22/2015 11:42:33 AM
NO RATINGS
DPA can seem like black magic, especially DEMA which can recover keys at a distance. For SOC designs, it's generally straightforward to determine what crypto standards are in use based on the application. The nice thing about an SOC performing many functions in parallel is that those functions will add noise to the measurements being made in a DPA attack. However with DPA, this noise is only an obstacle, which can be overcome by observing more operations.

As for the cost of an attack, it really doesn't take the NSA to break an implementation without countermeasures. Here's a video demo of a sub-$100 attack setup. Of course this demo is not attacking a 40 million gate SOC ASIC, but the sophistication of attacks scales with $$. With the 50 year anniversary of Moore's Law, it's important to remember how everything in technology improves exponentially, including DPA attacks. The question is are SOC designers willing to risk that their design will be easily attacked 5 years after tape-out. If an SOC design needs crypto to secure valuable data and it leaks secret key information, it's only a matter of time until an attacker exploits those leaks.

IVAN.DZOMBAK
User Rank
Author
Re: differential power analysis (DPA) countermeasure
IVAN.DZOMBAK   4/22/2015 9:46:54 AM
NO RATINGS
While I have read some papers regarding the use of DPA attacks to read secure information, it seems that most of these are effective only on relatively simple devices and require very detailed knowledge of the specific crypto algorithm in use.  I really question that ability to do this effectively on a modern SOC containing multiple processor cores, GPUs, DSPs, and myriad other subsystems running concurrently under control of an OS that has (literally) hundreds of threads running and dynamic voltage and frequency scaling.  I just don't know if anyone other than the NSA has the ability to decrypt keys using DPA on a system like the one I described.

stuaudley
User Rank
Rookie
Re: Area overhead
stuaudley   4/21/2015 9:59:28 PM
NO RATINGS
While there is either area or latency cost in adding countermeasures to a HW crypto core, the cost function for countermeasures is actually complicated. Of course there is the security cost of not doing countermeasures, but if you are implementing countermeasures the cost function is related to area, power, and latency of the implementation, and HW vs. SW. HW countermeasures add area and reduce power vs SW, while SW countermeasures tend to add latency and power vs. HW.

We have seen that power reduction in IoT is a primary design constraint, and therefore the small increase in area in order to minimize total power is a desirable tradeoff for many use cases.

junko.yoshida
User Rank
Author
differential power analysis (DPA) countermeasure
junko.yoshida   4/21/2015 5:03:30 PM
NO RATINGS
I would love to hear from our community if security SoCs you are using in connected systems already come with DPA countermeasures. Or if this is something you've been waiting for.

junko.yoshida
User Rank
Author
Re: Area overhead
junko.yoshida   4/21/2015 4:59:58 PM
NO RATINGS
@Praveen Jatkar, a good question. I am aksing Athena people to respond to your question!

Praveen Jatkar
User Rank
Rookie
Area overhead
Praveen Jatkar   4/21/2015 11:24:11 AM
NO RATINGS
As area would be one of the critical factor in IOT chips, How much area these security IPs would take in silicon ?

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed