On the Practicality of Relying on Simulations in Different Abstraction Levels for Pre-silicon Side-Channel Analysis

Javad Bahrami; Mohammad Ebrahimabadi; Sofiane Takarabt; Jean-luc Danger; Sylvain Guilley; Sylvain Guilley; Naghmeh Karimi

doi:10.5220/0011307600003283

On the Practicality of Relying on Simulations in Different Abstraction Levels for Pre-silicon Side-Channel Analysis

Javad Bahrami, Mohammad Ebrahimabadi, Sofiane Takarabt, Jean-luc Danger, Sylvain Guilley, Sylvain Guilley, Naghmeh Karimi

2022

Abstract

Cryptographic chips are prone to side-channel analysis attacks aiming at extracting their secrets. Side-channel leakage is particularly hard to remove completely, unless using a bottom-up approach (compositional security). On the contrary, industrial secure-by-design methods are rather relying on a top-down approach: (would-be) protected circuits are synthesized by Electronic Design Automation (EDA) tools. Tracking that no leakage exists at any refinement stage is therefore a challenge. Experience has shown that multiple leakages can resurge out of the blue when a sound RTL design is turned into a technology-mapped netlist. Checking for leaks and identifying them is a challenge. When the netlist is unstructured (e.g., it results from an EDA tool), dynamic checking appears as the most straightforward approach. It is feasible, given only a few thousand execution traces, to decide with a great certainty whether a leakage hides at some time samples within the trace or not. In practice, such easy detection is fostered by the fact that the activity of signals in cryptographic implementations (even more true for masked implementations) is almost maximal (=50%). The remaining question is about the adequate abstraction level of the simulation. The higher as possible abstractions are preferred, as they potentially capture more situations. However, if the simulation is too abstract, it may model the reality inappropriately. In this paper, we explore whether or not an evenemential simulation (toggle count) is faithful with respect to a low-level simulation (at SPICE level). Our results show that both abstraction levels match qualitatively for unprotected implementations. However, abstract toggle count simulations are no longer connected to real SPICE simulations in masked implementations. The reason is that the effect of the random mask is to mix evenemential simulations (which only reflect “approximately” the SPICE reality) together, in such a way that the useful information is lost. Therefore, masked logic netlist implementations shall be analysed only at SPICE level.

Download

Paper Citation

in Harvard Style

Bahrami J., Ebrahimabadi M., Takarabt S., Danger J., Guilley S. and Karimi N. (2022). On the Practicality of Relying on Simulations in Different Abstraction Levels for Pre-silicon Side-Channel Analysis. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 661-668. DOI: 10.5220/0011307600003283

in Bibtex Style

@conference{secrypt22,
author={Javad Bahrami and Mohammad Ebrahimabadi and Sofiane Takarabt and Jean-luc Danger and Sylvain Guilley and Naghmeh Karimi},
title={On the Practicality of Relying on Simulations in Different Abstraction Levels for Pre-silicon Side-Channel Analysis},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={661-668},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011307600003283},
isbn={978-989-758-590-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - On the Practicality of Relying on Simulations in Different Abstraction Levels for Pre-silicon Side-Channel Analysis
SN - 978-989-758-590-6
AU - Bahrami J.
AU - Ebrahimabadi M.
AU - Takarabt S.
AU - Danger J.
AU - Guilley S.
AU - Karimi N.
PY - 2022
SP - 661
EP - 668
DO - 10.5220/0011307600003283