Mitigating Power Attacks through Fine-Grained Instruction Reordering

TL;DR

This paper introduces a dynamic instruction reordering technique in out-of-order processors that effectively mitigates power analysis side-channel attacks with minimal performance overhead, enhancing security without significant resource costs.

Contribution

It presents a novel scheduling algorithm that reorders instructions based on operand slack to obfuscate execution and improve security against power attacks, outperforming existing countermeasures.

Findings

Security improvements up to 261× with advanced metrics

Performance maintained at 96% of baseline

Effective attack mitigation with minimal overhead

Abstract

Side-channel attacks are a security exploit that take advantage of information leakage. They use measurement and analysis of physical parameters to reverse engineer and extract secrets from a system. Power analysis attacks in particular, collect a set of power traces from a computing device and use statistical techniques to correlate this information with the attacked application data and source code. Counter measures like just-in-time compilation, random code injection and instruction descheduling obfuscate the execution of instructions to reduce the security risk. Unfortunately, due to the randomness and excess instructions executed by these solutions, they introduce large overheads in performance, power and area. In this work we propose a scheduling algorithm that dynamically reorders instructions in an out-of-order processor to provide obfuscated execution and mitigate power analysis attacks with little-to-no effect on the performance, power or area of the processor. We exploit the time between operand availability of critical instructions (slack) to create high-performance random schedules without requiring additional instructions or static prescheduling. Further, we perform an extended security analysis using different attacks. We highlight the dangers of using incorrect adversarial assumptions, which can often lead to a false sense of security. In that regard, our advanced security metric demonstrates improvements of 34$\times$, while our basic security evaluation shows results up to 261$\times$. Moreover, our system achieves performance within 96% on average, of the baseline unprotected processor.