X-Volt: Joint Tuning of Driver Strengths and Supply Voltages Against Power Side-Channel Attacks

TL;DR

This paper introduces a novel approach to counter power side-channel attacks by jointly tuning driver strengths and supply voltages, demonstrating significant improvements in security and practical feasibility through extensive experiments.

Contribution

It pioneers the joint tuning of driver strengths and supply voltages as a new countermeasure against power side-channel attacks, including a CAD flow and security evaluation framework.

Findings

Runtime tuning outperforms static tuning in security effectiveness.

FPGA implementations achieve over 11.8x increased resilience.

Layout overheads are acceptable with around +10% delay.

Abstract

Power side-channel (PSC) attacks are well-known threats to sensitive hardware like advanced encryption standard (AES) crypto cores. Given the significant impact of supply voltages (VCCs) on power profiles, various countermeasures based on VCC tuning have been proposed, among other defense strategies. Driver strengths of cells, however, have been largely overlooked, despite having direct and significant impact on power profiles as well. For the first time, we thoroughly explore the prospects of jointly tuning driver strengths and VCCs as novel working principle for PSC-attack countermeasures. Toward this end, we take the following steps: 1) we develop a simple circuit-level scheme for tuning; 2) we implement a CAD flow for design-time evaluation of ASICs, enabling security assessment of ICs before tape-out; 3) we implement a correlation power analysis (CPA) framework for thorough and comparative security analysis; 4) we conduct an extensive experimental study of a regular AES design, implemented in ASIC as well as FPGA fabrics, under various tuning scenarios; 5) we summarize design guidelines for secure and efficient joint tuning. In our experiments, we observe that runtime tuning is more effective than static tuning, for both ASIC and FPGA implementations. For the latter, the AES core is rendered >11.8x (i.e., at least 11.8 times) as resilient as the untuned baseline design. Layout overheads can be considered acceptable, with, e.g., around +10% critical-path delay for the most resilient tuning scenario in FPGA. We will release source codes for our methodology, as well as artifacts from the experimental study, post peer-review.