Randomized Instruction Injection to Counter Power Analysis Attacks

Abstract

Side-channel attacks in general and power analysis attacks in particular are becoming a major security concern in embedded systems. Countermeasures proposed against power analysis attacks are data and table masking, current flattening, dummy instruction insertion and bit-flips balancing. All these techniques are either susceptible to multi-order power analysis attack, not sufficiently generic to cover all encryption algorithms, or burden the system with high area, run-time or energy cost. In this article, we propose a randomized instruction injection technique ( RIJID ) that overcomes the pitfalls of previous countermeasures. RIJID scrambles the power profile of a cryptographic application by injecting random instructions at random points of execution and therefore protects the system against power analysis attacks. Two different ways of triggering the instruction injection are also presented: (1) softRIJID , a hardware/software approach, where special instructions are used in the code for triggering the injection at runtime; and (2) autoRIJID , a hardware approach, where the code injection is triggered by the processor itself via detecting signatures of encryption routines at runtime. A novel signature detection technique is also introduced for identifying encryption routines within application programs at runtime. Further, a simple obfuscation metric ( RIJIDindex ) based on cross-correlation that measures the scrambling provided by any code injection technique is introduced, which coarsely indicates the level of scrambling achieved. Our processor models cost 1.9% additional area in the hardware/software approach and 1.2% in the hardware approach for a RISC based processor, and costs on average 29.8% in runtime and 27.1% in energy for the former and 25.0% in runtime and 28.5% in energy for the later, for industry standard cryptographic applications.