Design of an On-Chip Power Analysis Attack Countermeasure Incorporating a Randomized Switch Box

Abstract

This thesis presents a novel on-chip side-channel analysis countermeasure focused on preventing power analysis attacks. The proposed countermeasure makes use of a randomized switch box and small decoupling capacitors to isolate individual functional modules handling sensitive data from the power supply rail. The focus on decoupling individual modules allows for the use of smaller capacitive elements, which in turn reduces the area overheads associated with the countermeasure. In addition, as the proposed countermeasure methodology is designed to work at the system level, it allows designers to make use of previously created modules without the need to re-design them for the purpose of data security. Several test systems were created to evaluate the proposed countermeasure methodology including a Printed Circuit Board (PCB) and a variety of circuit schematics developed in 65 nm Taiwan Semiconductor Manufacturing Company (TSMC) Complementary Metal-Oxide-Semiconductor (CMOS) technology. Traces were recorded from each test system and subjected to a Correlation Power Analysis (CPA) attack. Sets of traces were collected both at the power supply rail of each test system as well as at more invasive points, such as the terminals of the decoupling capacitors. Each test system was found to resist the CPA up to at least 8,000 collected traces at the power supply pin and offered improved resistance against traces collected at invasive points. As part of the work performed for this thesis, several different configurations of the proposed countermeasure were simulated to examine individual key aspects, including the mixing of leaked information through randomized connections, discharging down to a fixed reference voltage, and the use of NMOS gate capacitors to provide a flattening effect. Each of the considered features was found to enhance security, although the fixed discharge came at the cost of increased power consumption. The body of this work also documents a modified CPA procedure to allow for an effective attack on systems incorporating a DC-DC converter as part of their power management systems.