Presentation
Simulation-based Pre-Silicon Side-Channel Analysis of AES-GCM
DescriptionPre-Silicon side-channel analysis (SCA) helps to identify implementation issues in cryptographic algorithms early in the product life cycle and helps in shift-left of security verification for IPs on SoCs. The pre-Silicon simulation based SCA process involves defining proper test benches and generating power simulation traces followed by SCA using a pre-Silicon simulation based SCA security tool. One of the IPs that we evaluated using our pre-Silicon SCA approach was an AES hardware implementation in Galois Counter Mode (GCM) which is quite prevalent in different use-cases such as memory and link encryption and authentication. Different SCA attack models targeting Hamming Weight (HW) and Hamming Distance (HD) of the first or last round AES round operations were considered for a comprehensive evaluation. We used a modified open-source AES-GCM implementation in sequential and parallel mode as a target to prove the effectiveness of our SCA approach. We employed the simulated minimum number of traces to disclose (SMTD) the key and TVLA t-score as the metrics for our SCA. In the case of the AES-GCM test case that we used, HD of the S-Box in the last AES round was found to be most effective attack model. Our results show that an unprotected AES-GCM implementation is vulnerable to pre-Silicon SCA using our methodology with full 16 key bytes disclosure for the last round SBox HD attack model and partial key byte disclosure for the last round Add Round Key HW attack model.
Event Type
Engineering Presentation
TimeWednesday, June 2510:45am - 11:00am PDT
Location2010, Level 2
Similar Presentations