Side-Channel Oscilloscope

In recent times Side-Channel Attacks [2] have attracted a lot of attention from the information security community. These techniques are very similar to Spectroscopy(NMR) used over the years. While in spectroscopy, patterns in the light spectrum are used to detect the presence of atoms and its environments in an unknown substance, in a Side-Channel Attack the cryptanalyst looks for patterns in the power consumption or EM emission to detect the unknown key value. Apart from cryptanalysis, side-channel could be of great utility to an electrical engineer, as a probing tool more in line with spectroscopy used in physics.

In this article we consider the Power Traces S(I i , I i-1 , t) of a combinatorial circuit. That is it has no memory. I i and I i-1 are the i th and (i -1) th input to this block, and t is the time sample of the measured current from power supply. Power is only consumed when the input goes through a transition. The power trace is recorded for a time duration [0,T] where the transition is applied at t=0 and and T is any time after that when there is no further change in measured current. In this article we use a recursive model of power consumption. For purpose of illustration, we consider a block with N subblocks (see figure 1.

A sub-block with N inputs is characterized by it’s step current response as the input vectors undergoes a transition i j → i k . Note that output loads are considered to be part of this sub-block.

and the sub-block is characterized by the set of all step responses corresponding to each transition.

Now we view the DUT as recursively organized in various sub-blocks. At the topmost level the DUT consists of N such gates(see figure. 1) where k th gate has N k possible input transitions at it’s input. That is, the length of the input transition alphabet to the k th gate is denoted as N k . Furthermore

• S(k, j, t) denotes the step current response s(τ ) associated with j th transition of the k th gate. • A(k, j, I i , I i-1 ) denotes the j th transition on the k th block is activated, during the interval depending on I i and I i-1 Next we normalize the traces to have a zero mean. So we will assume that S(k, j, t) has a zero mean from now onwards. We even redefine the activation function as:

The advantage of this representation is that we can write, for M random input transitions

This is based on the assumption that all transitions are independent, and it closely follows the mathematical definition of orthogonality over M random input transitions.

With this notation we can write one power trace for input vector transition from I i to I i-1 as

Now we want to find out the step current response associated with p th transition of the q th gate. For that purpose we apply M random transitions < I i , I i-1 > at the input which also includes transitions that will trigger the event A(p, q, t) arXiv:1103.1824v1 [cs.CR] 8 Mar 2011

I Measured j:(0..N 0 ) j:(0..N 1 ) j:(0..N 2 ) j:(0..N N -1 ) S(0, j, τ ) S(1, j, τ ) S(2, j, τ ) S(N -1, j, τ ) and multiply each trace by T (p, q, I i , I i- 1)

Since we preprocessed the tracesS(t) to have a zero mean , we can find out the step current response as

IV. RECURSIVE REFINEMENT

In the above section we outlined a method to find the current response associated with the p th transition of the q th gate. This process can continued recursively for the q th gate until we have only a single net, in which case we can derive the voltage waveform from the step current response using basic circuit behaviour.

In the above mentioned method, the orthogonality of T (k, j, I i , I i-1 ) functions play a pivotal role. Even in Template Side-Channel Attacks [1] A major step is to find orthogonal representation of the acquired traces. To guarantee this orthogonality we can divide a block recursively into two sub-blocks using minimum cut bisection, and finally arriving at the target transition.

In this article we illustrated a very preliminary outline of how power analysis techniques can be used for probing each single net behaviour in the circuit, thus acting as an oscilloscope even for physically inaccessible components. This will beneficial for modelling new technologies based on incircuit measurement. The difference between Side-Channel Attacks(SCA) and Side-Channel Oscilloscope(SCO) is that in SCA, the user does not have the full knowledge of the circuit. So the functions T (k, j, I i , I i-1 ) are only guesses. In SCO, the user can calculate the activation functions, but for him the unknown is the response of the fabricated circuit.The major assumptions that we made are that the transitions are orthogonal/independent, which may not be true for all circuits, however for some amount of interdependence we still get a magnification for the target transition, and dependent transition current response remains present as noise. This process can be further improved by imposing DFT rules, and using more complicated post processing techniques such as Princi

This content is AI-processed based on open access ArXiv data.