SCRIPT: A CAD Framework for Power Side-channel Vulnerability Assessment Using Information Flow Tracking and Pattern Generation

摘要

Power side-channel attacks (SCAs) have been proven to be effective at extracting secret keys from hardware implementations of cryptographic algorithms. Ideally, the power side-channel leakage (PSCL) of hardware designs of a cryptographic algorithm should be evaluated as early as the pre-silicon stage (e.g., gate level). However, there has been little effort in developing computer-aided design (CAD) tools to accomplish this. In this article, we propose an automated CAD framework called SCRIPT to evaluate information leakage through side-channel analysis. SCRIPT starts by defining the underlying properties of the hardware implementation that can be exploited by side-channel attacks. It then utilizes information flow tracking (EFT) to identify registers that exhibit those properties and, therefore, leak information through the side-channel. Here, we develop an IFT-based side-channel vulnerability metric (SCV) that is utilized by SCRIPT for PSCL assessment. SCV is conceptually similar to the traditionally used signal-to-noise ratio (SNR) metric. However, unlike SNR, which requires thousands of traces from silicon measurements, SCRIPT utilizes formal methods to generate SCV-guided patterns/plaintexts, allowing us to derive SCV using only a few patterns (ideally as low as two) at gate level. SCV estimates PSCL vulnerability at pre-silicon stage based on the number of plaintexts required to attain a specific SCA success rate. The integration of IFT and pattern generation makes SCRIPT efficient, accurate, and generic to be applied to any hardware design. We validate the efficacy of the SCRIPT framework by demonstrating that it can effectively and accurately determine SCA success rates for different AES designs at pre-silicon stage. SCRIPT is orders of magnitude more efficient than traditional pre-silicon PSCL assessment (SNR-based), with an average evaluation time of 15 minutes; whereas, traditional PSCL assessment at presilicon stage would require more than a month. We also analyze the PSCL characteristic of the multiplication unit of RISC processor using SCRIPT to demonstrate SCRIPT'S applicability.