Eliminate Side Channel Attack Vulnerability From Your Hardware Before You Manufacture It
Side-Channel Attacks (SCA) extract cryptographic keys from hardware systems by analyzing power traces or electromagnetic emission data from the target device along with the corresponding collection of plain and/or cipher data. The traditional approach of dealing with SCA by measuring device parameters after manufacturing is expensive and time-consuming.
FortifyIQ delivers a unique pre-silicon simulation and analysis solution, SideChannel Studio, which enables you to eradicate SCA vulnerabilities during the design phase. This can result in significant cost and schedule savings in your product development process. Furthermore, U.S. government projects require compliance with the National Institute of Standards and Technology (NIST) cryptography certification FIPS 140-3. This is also an emerging requirement in other organizations, especially in the U.S. It includes Test Vector Leakage Assessment (TVLA) tests that check the hardware systems for robustness to SCA. Using SideChannel Studio you can make sure, in the pre-silicon stage, that your device will pass the TVLA tests necessary for the NIST certification.
SideChannel Studio is a software tool which simulates side-channel attacks in a hardware device, using standard design data formats as inputs, and analyzes the simulation’s results. SideChannel Studio consists of an SCA simulation engine, SCOPE IQ – Side Channel Optimized Probe Emulator, a “virtual oscilloscope probe”, and a dedicated TVLA analysis engine, as well as a side channel attack analyzer, SCORE IQ – Side Channel Output Results Evaluator. SCOPE IQ uses Verilator and a novel, patent-pending method of accurately simulating the side channel leakages of the designed chip. SCOPE IQ has extremely high performance. It allows for the user to boost the performance even further by distributing the calculations between all available CPUs.
SCOPE IQ also performs TVLA analysis and adheres to the NIST TVLA methodology, with the Welch’s t-test threshold of +/- 4.5 as the criterion. SCALE IQ will locate the module or modules in the design that are failing this criterion and provide leakage graphs which allow the user to examine the detailed results of the TVLA analysis.
The types and instances of the cells with leaks
Which clock pulses or cycles are problematic
Side channel leakage as a result of glitches
SCORE IQ can process both side-channel data from SCOPE IQ as well as captured traces from physical hardware. External simulators are now supported via the Verilog Procedural Interface (VPI) interface. This enables integration with industry standard functional simulators. Captured traces can be provided in the standard formats LeCroy (trc), Risk (trs) and ChipWhisperer (cfg).
The result of the analysis by SCORE IQ is presented both visually in a graph (illustrating leaks if there are any) and in a report. If the key has been extracted, its value is presented.
SCORE IQ carries out its analysis using attack plugins based on known side-channel attack strategies, including classic correlational attacks, the enhanced correlational attack by Moradi, template attacks, as well as a growing library of attacks discovered or created by FortifyIQ including attacks on SHA-256 based HMAC, and novel template attacks on AES that involve Machine Learning, Deep Learning (ML/DL) and Convolutional Neural Network (CNN) techniques. Users can extend attacks using Python API. In addition, FortifyIQ’s APL is continually updated and released to active FortifyIQ customers.
Users find SideChannel Studio to be more effective and flexible than competing approaches. Its ease of use makes it ideal for occasional users while numerous options are available for expert users looking to optimize the system for complex cases. FortifyIQ’s own experts are available for consultations about ways to maximize the utility of the system for your particular case.
SideChannel Studio Advantages:
Delivers savings in development cost and schedule.
It is much faster and less expensive to use SideChannel Studio in the pre-silicon stage than to use an oscilloscope or other laboratory equipment to perform SCA analysis on the actual physical device after it is manufactured.
Enables more accurate and precise analysis.
The use of software rather than a hardware test setup eliminates noise (unavoidable with physical measurements), thereby improving accuracy and reducing sample volumes. SCOPE IQ can pinpoint which module fails Welch’s t-test.
High performance with smart execution and distributed processing.
SCOPE IQ simulations are extremely fast. In addition they are distributable and can run across all available CPUs. Side channel data analysis in SCORE IQ automatically stops analyzing traces when it determines it has enough information to unambiguously find the secret key. For many attacks, only side channel data for specific clocks needs to be collected and analyzed. SideChannel Studio’s multi-threaded architecture automatically optimizes runtime performance based on the capabilities of the host system.
Quick and easy side channel leakage localization.
Using SCALE IQ to perform partial analysis for every module and every type of gate means that you can easily localize the sources of side channel leaks to any segment of the design and take remediation steps quickly.
Shows where volatility creates vulnerability.
One of the most painful leaks is a “glitch” — the volatility of electrical current before it stabilizes at a clock boundary. SCOPE IQ can simulate Differential Power Analysis glitch vulnerability, which traditional techniques can’t see.
Flexible and extensible.
SideChannel Studio can accept externally captured traces as an input in standard formats, thus enabling post-silicon SCA analysis. The SCORE IQ and SCOPEIQ analyzers support all widely used symmetric encryption algorithms, and can support new encryption algorithms as they become available, without recompilation, by way of a simple plugin.
High productivity with incremental analysis.
SideChannel Studio allows the user to analyze a portion of the design at a time (for example, new IP blocks in a design upgrade). This greatly reduces the volume of data that must be processed, analyzed, and reviewed.
Supports High-Order Side Channel Attacks.
SideChannel Studio supports the analysis of High-Order Side Channel Attacks.