<!DOCTYPE html> <html lang="en"> <head> <meta content="text/html; charset=utf-8" http-equiv="content-type"/> <title>An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research</title> <!--Generated on Sun Mar 16 18:28:56 2025 by LaTeXML (version 0.8.8) http://dlmf.nist.gov/LaTeXML/.--> <meta content="width=device-width, initial-scale=1, shrink-to-fit=no" name="viewport"/> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet" type="text/css"/> <link href="/static/browse/0.3.4/css/ar5iv.0.7.9.min.css" rel="stylesheet" type="text/css"/> <link href="/static/browse/0.3.4/css/ar5iv-fonts.0.7.9.min.css" rel="stylesheet" type="text/css"/> <link href="/static/browse/0.3.4/css/latexml_styles.css" rel="stylesheet" type="text/css"/> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.3.3/html2canvas.min.js"></script> <script src="/static/browse/0.3.4/js/addons_new.js"></script> <script src="/static/browse/0.3.4/js/feedbackOverlay.js"></script> <meta content=" Side-channel analysis, RISC-V, open source, open hardware, field-programmable gate array, system-on-chip, Internet of things, research. " lang="en" name="keywords"/> <base href="/html/2407.17432v2/"/></head> <body> <nav class="ltx_page_navbar"> <nav class="ltx_TOC"> <ol class="ltx_toclist"> <li class="ltx_tocentry ltx_tocentry_section"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S1" title="In An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref">I </span><span class="ltx_text ltx_font_smallcaps">Introduction</span></span></a></li> <li class="ltx_tocentry ltx_tocentry_section"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S2" title="In An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref">II </span><span class="ltx_text ltx_font_smallcaps">Background and Related Works</span></span></a> <ol class="ltx_toclist ltx_toclist_section"> <li class="ltx_tocentry ltx_tocentry_subsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S2.SS1" title="In II Background and Related Works ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">II-A</span> </span><span class="ltx_text ltx_font_italic">Side-channel analysis attacks and countermeasures</span></span></a></li> <li class="ltx_tocentry ltx_tocentry_subsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S2.SS2" title="In II Background and Related Works ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">II-B</span> </span><span class="ltx_text ltx_font_italic">State-of-the-art RISC-V computing platforms</span></span></a></li> <li class="ltx_tocentry ltx_tocentry_subsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S2.SS3" title="In II Background and Related Works ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">II-C</span> </span><span class="ltx_text ltx_font_italic">State-of-the-art SCA frameworks</span></span></a></li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_section"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3" title="In An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref">III </span><span class="ltx_text ltx_font_smallcaps">Framework</span></span></a> <ol class="ltx_toclist ltx_toclist_section"> <li class="ltx_tocentry ltx_tocentry_subsection"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1" title="In III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">III-A</span> </span><span class="ltx_text ltx_font_italic">High-level flow</span></span></a> <ol class="ltx_toclist ltx_toclist_subsection"> <li class="ltx_tocentry ltx_tocentry_subsubsection"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1.SSS1" title="In III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">III-A</span>1 </span>Configure</span></a> <ol class="ltx_toclist ltx_toclist_subsubsection"> <li class="ltx_tocentry ltx_tocentry_paragraph"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1.SSS1.Px1" title="In III-A1 Configure ‣ III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title">Implement</span></a></li> <li class="ltx_tocentry ltx_tocentry_paragraph"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1.SSS1.Px2" title="In III-A1 Configure ‣ III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title">Compile</span></a></li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_subsubsection"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1.SSS2" title="In III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">III-A</span>2 </span>Measure</span></a> <ol class="ltx_toclist ltx_toclist_subsubsection"> <li class="ltx_tocentry ltx_tocentry_paragraph"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1.SSS2.Px1" title="In III-A2 Measure ‣ III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title">Simulate</span></a></li> <li class="ltx_tocentry ltx_tocentry_paragraph"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1.SSS2.Px2" title="In III-A2 Measure ‣ III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title">Execute</span></a></li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1.SSS3" title="In III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">III-A</span>3 </span>Analyze</span></a></li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_subsection"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS2" title="In III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">III-B</span> </span><span class="ltx_text ltx_font_italic">Hardware-software infrastructure</span></span></a> <ol class="ltx_toclist ltx_toclist_subsection"> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS2.SSS1" title="In III-B Hardware-software infrastructure ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">III-B</span>1 </span>(Virtual) prototype</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS2.SSS2" title="In III-B Hardware-software infrastructure ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">III-B</span>2 </span>Oscilloscope</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS2.SSS3" title="In III-B Hardware-software infrastructure ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">III-B</span>3 </span>Host PC</span></a> <ol class="ltx_toclist ltx_toclist_subsubsection"> <li class="ltx_tocentry ltx_tocentry_paragraph"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS2.SSS3.Px1" title="In III-B3 Host PC ‣ III-B Hardware-software infrastructure ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title">Configure</span></a></li> <li class="ltx_tocentry ltx_tocentry_paragraph"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS2.SSS3.Px2" title="In III-B3 Host PC ‣ III-B Hardware-software infrastructure ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title">Measure</span></a></li> <li class="ltx_tocentry ltx_tocentry_paragraph"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS2.SSS3.Px3" title="In III-B3 Host PC ‣ III-B Hardware-software infrastructure ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title">Analyze</span></a></li> </ol> </li> </ol> </li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_section"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4" title="In An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref">IV </span><span class="ltx_text ltx_font_smallcaps">Microarchitecture</span></span></a> <ol class="ltx_toclist ltx_toclist_section"> <li class="ltx_tocentry ltx_tocentry_subsection"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.SS1" title="In IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">IV-A</span> </span><span class="ltx_text ltx_font_italic">Debug subsystem</span></span></a> <ol class="ltx_toclist ltx_toclist_subsection"> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.SS1.SSS1" title="In IV-A Debug subsystem ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">IV-A</span>1 </span>Global and local debug units</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.SS1.SSS2" title="In IV-A Debug subsystem ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">IV-A</span>2 </span>Breakpoints and triggerpoints</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.SS1.SSS3" title="In IV-A Debug subsystem ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">IV-A</span>3 </span>Debug messages</span></a></li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_subsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.SS2" title="In IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">IV-B</span> </span><span class="ltx_text ltx_font_italic">TRNG</span></span></a></li> <li class="ltx_tocentry ltx_tocentry_subsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.SS3" title="In IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">IV-C</span> </span><span class="ltx_text ltx_font_italic">DFS actuator</span></span></a></li> <li class="ltx_tocentry ltx_tocentry_subsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.SS4" title="In IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">IV-D</span> </span><span class="ltx_text ltx_font_italic">Timer and FreeRTOS support</span></span></a></li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_section"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5" title="In An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref">V </span><span class="ltx_text ltx_font_smallcaps">Experimental Evaluation</span></span></a> <ol class="ltx_toclist ltx_toclist_section"> <li class="ltx_tocentry ltx_tocentry_subsection"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS1" title="In V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-A</span> </span><span class="ltx_text ltx_font_italic">Hardware and software requirements</span></span></a> <ol class="ltx_toclist ltx_toclist_subsection"> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS1.SSS1" title="In V-A Hardware and software requirements ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-A</span>1 </span>Prototype</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS1.SSS2" title="In V-A Hardware and software requirements ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-A</span>2 </span>Oscilloscope</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS1.SSS3" title="In V-A Hardware and software requirements ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-A</span>3 </span>Host PC</span></a></li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_subsection"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS2" title="In V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-B</span> </span><span class="ltx_text ltx_font_italic">Experimental setup</span></span></a> <ol class="ltx_toclist ltx_toclist_subsection"> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS2.SSS1" title="In V-B Experimental setup ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-B</span>1 </span>Software setup</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS2.SSS2" title="In V-B Experimental setup ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-B</span>2 </span>Hardware setup</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS2.SSS3" title="In V-B Experimental setup ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-B</span>3 </span>Breakpoints and triggerpoints</span></a></li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_subsection"> <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS3" title="In V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-C</span> </span><span class="ltx_text ltx_font_italic">Experimental analysis</span></span></a> <ol class="ltx_toclist ltx_toclist_subsection"> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS3.SSS1" title="In V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-C</span>1 </span>SCA countermeasure techniques</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS3.SSS2" title="In V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-C</span>2 </span>SCA attack techniques</span></a></li> <li class="ltx_tocentry ltx_tocentry_subsubsection"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS3.SSS3" title="In V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref"><span class="ltx_text">V-C</span>3 </span>SCA security assessment</span></a></li> </ol> </li> </ol> </li> <li class="ltx_tocentry ltx_tocentry_section"><a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S6" title="In An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_title"><span class="ltx_tag ltx_tag_ref">VI </span><span class="ltx_text ltx_font_smallcaps">Conclusions</span></span></a></li> </ol></nav> </nav> <div class="ltx_page_main"> <div class="ltx_page_content"> <article class="ltx_document ltx_authors_1line"> <h1 class="ltx_title ltx_title_document">An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research</h1> <div class="ltx_authors"> <span class="ltx_creator ltx_role_author"> <span class="ltx_personname">Davide Zoni, Andrea Galimberti, Davide Galli </span><span class="ltx_author_notes">Davide Zoni, Andrea Galimberti, and Davide Galli are with Dipartimento di Elettronica, Informazione e Bioingegneria, Politecnico di Milano, Milan 20133 Italy. E-mail: {davide.zoni, andrea.galimberti, davide.galli}@polimi.it.This work was supported by the European Union’s Chips Joint Undertaking (Chips JU) program under grant agreement No. 101112274 (ISOLDE). Accepted for publication on IEEE Transactions on Computers.</span></span> </div> <div class="ltx_abstract"> <h6 class="ltx_title ltx_title_abstract">Abstract</h6> <p class="ltx_p" id="id4.id1">Attacks based on side-channel analysis (SCA) pose a severe security threat to modern computing platforms, further exacerbated on IoT devices by their pervasiveness and handling of private and critical data. Designing SCA-resistant computing platforms requires a significant additional effort in the early stages of the IoT devices’ life cycle, which is severely constrained by strict time-to-market deadlines and tight budgets. This manuscript introduces a hardware-software framework meant for SCA research on FPGA targets. It delivers an IoT-class system-on-chip (SoC) that includes a RISC-V CPU, provides observability and controllability through an ad-hoc debug infrastructure to facilitate SCA attacks and evaluate the platform’s security, and streamlines the deployment of SCA countermeasures through dedicated hardware and software features such as a DFS actuator and FreeRTOS support. The open-source release of the framework includes the SoC, the scripts to configure the computing platform, compile a target application, and assess the SCA security, as well as a suite of state-of-the-art attacks and countermeasures. The goal is to foster its adoption and novel developments in the field, empowering designers and researchers to focus on studying SCA countermeasures and attacks while relying on a sound and stable hardware-software platform as the foundation for their research.</p> </div> <div class="ltx_keywords"> <h6 class="ltx_title ltx_title_keywords">Index Terms: </h6> Side-channel analysis, RISC-V, open source, open hardware, field-programmable gate array, system-on-chip, Internet of things, research. </div> <section class="ltx_section" id="S1"> <h2 class="ltx_title ltx_title_section"> <span class="ltx_tag ltx_tag_section">I </span><span class="ltx_text ltx_font_smallcaps" id="S1.1.1">Introduction</span> </h2> <div class="ltx_para" id="S1.p1"> <p class="ltx_p" id="S1.p1.1">Hundreds of billions of Internet of Things (IoT) devices are getting more and more able to autonomously make decisions thanks to artificial intelligence. As they get more capable, pervasive, and interconnected through 5G and 6G networks, IoT devices continuously collect, process, and exchange sensitive and critical data, making it paramount to consider security during their design and whole life cycle <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib1" title="">1</a>]</cite>.</p> </div> <div class="ltx_para" id="S1.p2"> <p class="ltx_p" id="S1.p2.1">Relying on the theoretical security provided by traditional cryptography solutions such as AES, RSA, and SHA-3, and by secure communication protocols such as TLS and SSH is, however, insufficient to guarantee IoT device security. Side-channel analysis (SCA) attacks target information collected from executing a specific implementation of a cryptographic scheme or security protocol rather than flaws in their specification or the theoretical problems at their foundation <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib2" title="">2</a>]</cite>. Such so-called side-channel information includes factors like the time taken for cryptographic computations, power consumption, electromagnetic emissions, and noise generated during execution. While some fault-injection attacks disrupt the target device’s normal operation, many passive side-channel attacks, such as differential power analysis (DPA), remain undetectable by the system under attack.</p> </div> <div class="ltx_para" id="S1.p3"> <p class="ltx_p" id="S1.p3.1">While SCA attacks increasingly become serious security threats to IoT devices, and in particular to those that operate in public spaces and are accessible by anyone, the computing platforms that power these devices and that handle sensitive and critical data are, however, often not designed to protect against them. Commercially available microcontroller-based system-on-chips (SoCs), which provide computing and connectivity capabilities to IoT devices, often execute cryptographic applications despite not being designed with security as a primary focus, primarily due to cost-saving considerations <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib3" title="">3</a>]</cite>. Meanwhile, strict time-to-market pressures, combined with stringent constraints on energy, power consumption, and area, along with the rapidly evolving application domain, drive a shift towards flexible and general-purpose IoT platforms that may support operating systems to facilitate programmability. However, this trend towards general-purpose IoT devices results in more complex computing platforms, making side-channel vulnerability analysis increasingly challenging and necessitating the adoption of novel and efficient analysis frameworks.</p> </div> <div class="ltx_para" id="S1.p4"> <p class="ltx_p" id="S1.p4.1">In this context, the open literature lacks a comprehensive hardware-software solution to address the challenges of SCA security, particularly for modern RISC-V-based platforms, which are promising candidates for secure-aware designs due to their open and royalty-free instruction set architecture (ISA). The few RISC-V security-oriented solutions, e.g., OpenTitan <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib4" title="">4</a>]</cite>, are not meant as general-purpose computing platforms and do not support the development of novel SCA attack and defense methodologies, while others focus their research effort solely on the hardware side while disregarding the software framework <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib5" title="">5</a>]</cite> or vice versa.</p> </div> <div class="ltx_para" id="S1.p5"> <p class="ltx_p" id="S1.p5.1">As new SCA attacks continue to emerge, designing novel IoT devices that are secure against them requires providing the system designers and security researchers with a sound and stable hardware-software platform that lets them focus on analyzing the security against SCA attacks and developing countermeasures to thwart the latter. Moreover, there is a need to not only detect the presence of vulnerabilities, i.e., of so-called information leakage, but also to pinpoint the specific signals in the hardware design that cause such leakage, enabling the designers with the possibility to more easily correct their systems and make them resistant to SCA attacks.</p> </div> <section class="ltx_subsection" id="S1.SSx1"> <h3 class="ltx_title ltx_font_italic ltx_title_subsection">Contributions</h3> <div class="ltx_para" id="S1.SSx1.p1"> <p class="ltx_p" id="S1.SSx1.p1.1">This manuscript introduces JARVIS, an open-source research framework for SCA on FPGA-based IoT-class computing platforms, that encompasses a complete SoC and a software toolchain for SCA attacks and countermeasures, delivering a comprehensive hardware-software solution that is, to the best of our knowledge, currently lacking in the open literature.</p> </div> <div class="ltx_para" id="S1.SSx1.p2"> <p class="ltx_p" id="S1.SSx1.p2.1">The framework provides an IoT-class SoC that includes a CPU based on the RISC-V ISA, dedicated hardware to enable the implementation of state-of-the-art SCA countermeasures, an ad-hoc debug infrastructure to maximize the observability and controllability of the computing platform and thus simplify the execution of SCA attacks, and support for the open source FreeRTOS real-time operating system (RTOS). A complete flow encompasses the configuration of the SoC, the execution of target applications and corresponding collection of side-channel information, and the analysis to identify SCA vulnerabilities and leakage sources.</p> </div> <div class="ltx_para" id="S1.SSx1.p3"> <p class="ltx_p" id="S1.SSx1.p3.1">The goal of empowering designers and researchers to focus solely on studying SCA countermeasures is achieved through three main contributions.</p> <ol class="ltx_enumerate" id="S1.I1"> <li class="ltx_item" id="S1.I1.i1" style="list-style-type:none;"> <span class="ltx_tag ltx_tag_item">1.</span> <div class="ltx_para" id="S1.I1.i1.p1"> <p class="ltx_p" id="S1.I1.i1.p1.1"><em class="ltx_emph ltx_font_italic" id="S1.I1.i1.p1.1.1">Capability to identify leakage sources</em>. Hardware security requires not just identifying the presence of a vulnerability, but also pinpointing the source of such leakage. The computing platform has a minimal architecture to expose the least leakage sources and make them eventually simpler to identify, in addition to being easier to emulate and cheaper in terms of area and power cost, while a one-to-one match between the prototyped platform and its emulated counterpart is enforced through dedicated hardware mechanisms to enable the collection of the most accurate side-channel signal.</p> </div> </li> <li class="ltx_item" id="S1.I1.i2" style="list-style-type:none;"> <span class="ltx_tag ltx_tag_item">2.</span> <div class="ltx_para" id="S1.I1.i2.p1"> <p class="ltx_p" id="S1.I1.i2.p1.1"><em class="ltx_emph ltx_font_italic" id="S1.I1.i2.p1.1.1">Usability for research purposes</em>. The framework is released open source<span class="ltx_note ltx_role_footnote" id="footnote1"><sup class="ltx_note_mark">1</sup><span class="ltx_note_outer"><span class="ltx_note_content"><sup class="ltx_note_mark">1</sup><span class="ltx_tag ltx_tag_note">1</span>Sources available at <a class="ltx_ref ltx_href" href="https://github.com/hardware-fab/JARVIS" title="">https://github.com/hardware-fab/JARVIS</a>.</span></span></span>, including hardware and software, from the SoC to the software scripts driving the SoC configuration, compilation, prototype execution and emulation, oscilloscope measurement, and state-of-the-art SCA attacks, to foster its adoption in research settings. Carrying out an analysis through the JARVIS framework not only provides the traditional power, performance, and area (PPA) quality metrics, but it extends them by adding the security dimension.</p> </div> </li> <li class="ltx_item" id="S1.I1.i3" style="list-style-type:none;"> <span class="ltx_tag ltx_tag_item">3.</span> <div class="ltx_para" id="S1.I1.i3.p1"> <p class="ltx_p" id="S1.I1.i3.p1.1"><em class="ltx_emph ltx_font_italic" id="S1.I1.i3.p1.1.1">Complete SCA ecosystem</em>. The framework includes dedicated hardware and software support for state-of-the-art SCA attacks and countermeasures that can be employed out of the box to directly compare with solutions from the literature as well as evaluate and enforce the SCA security of the computing platform. The experimental evaluation in this manuscript demonstrates the framework’s capabilities and showcases the SCA attacks and countermeasures included as part of its open-source release.</p> </div> </li> </ol> </div> </section> <section class="ltx_subsection" id="S1.SSx2"> <h3 class="ltx_title ltx_font_italic ltx_title_subsection">Structure of the manuscript</h3> <div class="ltx_para" id="S1.SSx2.p1"> <p class="ltx_p" id="S1.SSx2.p1.1">The rest of this manuscript is organized into five parts. Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S2" title="II Background and Related Works ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">II</span></a> provides a background on SCA attacks and countermeasures and an overview of the state-of-the-art RISC-V computing platforms and frameworks for SCA attacks and countermeasures. Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3" title="III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">III</span></a> describes the JARVIS framework and the hardware-software infrastructure that implements it. Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4" title="IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">IV</span></a> details the key hardware and software aspects that enable the SCA attack and countermeasure capabilities of the framework, Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5" title="V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">V</span></a> showcases the framework capabilities through a comprehensive experimental evaluation. Finally, Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S6" title="VI Conclusions ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">VI</span></a> draws conclusions and discusses the future works and developments on the proposed framework.</p> </div> </section> </section> <section class="ltx_section" id="S2"> <h2 class="ltx_title ltx_title_section"> <span class="ltx_tag ltx_tag_section">II </span><span class="ltx_text ltx_font_smallcaps" id="S2.1.1">Background and Related Works</span> </h2> <section class="ltx_subsection" id="S2.SS1"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S2.SS1.5.1.1">II-A</span> </span><span class="ltx_text ltx_font_italic" id="S2.SS1.6.2">Side-channel analysis attacks and countermeasures</span> </h3> <div class="ltx_para" id="S2.SS1.p1"> <p class="ltx_p" id="S2.SS1.p1.1">A vast amount of research has tackled the complementary topics of SCA attacks and countermeasures ever since the emergence of SCA as a security threat <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib6" title="">6</a>]</cite>.</p> </div> <div class="ltx_para" id="S2.SS1.p2"> <p class="ltx_p" id="S2.SS1.p2.1">SCA attacks can be classified as either non-profiled or profiled. Non-profiled ones, such as those based on DPA <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib6" title="">6</a>]</cite> and correlation power analysis (CPA) <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib7" title="">7</a>]</cite>, only target side-channel information that is obtained from the specific device under attack while it is performing a computation, and then attempt to recover the corresponding secret key by leveraging the statistical correlation between the measured side-channel signal and the data being processed, exploiting a partial knowledge of the latter. Profiled attacks <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib8" title="">8</a>]</cite> are carried out instead by initially making use of a replica of the device to be attacked to identify and fine-tune the side-channel leakage model and later employing such model to attack the actual target device, under the assumption that the latter and its replica share identical or at least similar leakage models <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib9" title="">9</a>]</cite>. Whereas SCA attacks have traditionally employed statistical techniques, machine- and deep-learning approaches recently emerged as promising research avenues for more capable attacks, ranging from identification of cryptographic operations from side-channel power traces <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib10" title="">10</a>, <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib11" title="">11</a>]</cite> to learning-based non-profiled <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib12" title="">12</a>]</cite> and profiled <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib13" title="">13</a>, <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib14" title="">14</a>]</cite> attacks.</p> </div> <div class="ltx_para" id="S2.SS1.p3"> <p class="ltx_p" id="S2.SS1.p3.1">The advancements in SCA attacks are mitigated by an even larger research effort being devoted to identifying new defense mechanisms against them. SCA countermeasures can be mainly split into masking and hiding ones. Masking countermeasures split the sensitive intermediate values into different shares that are computed independently from each other, with the goal of minimizing the dependency of each share from the secret key <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib15" title="">15</a>]</cite>. Hiding countermeasures aim instead to randomize or add noise to the side-channel emission of the computing platform to be protected in order to reduce the information leakage that can be exploited by an attacker. Such countermeasures make use of techniques such as code morphing, i.e., the insertion of random instructions in the original execution flow <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib16" title="">16</a>]</cite>, clock frequency randomization <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib17" title="">17</a>]</cite>, and the concurrent computation of multiple cryptographic operations with invalid keys <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib18" title="">18</a>]</cite>.</p> </div> <figure class="ltx_figure" id="S2.F1"><img alt="Refer to caption" class="ltx_graphics ltx_centering ltx_img_landscape" height="335" id="S2.F1.g1" src="x1.png" width="830"/> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S2.F1.2.1.1" style="font-size:90%;">Figure 1</span>: </span><span class="ltx_text" id="S2.F1.3.2" style="font-size:90%;">High-level flow of the JARVIS framework.</span></figcaption> </figure> </section> <section class="ltx_subsection" id="S2.SS2"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S2.SS2.5.1.1">II-B</span> </span><span class="ltx_text ltx_font_italic" id="S2.SS2.6.2">State-of-the-art RISC-V computing platforms</span> </h3> <div class="ltx_para" id="S2.SS2.p1"> <p class="ltx_p" id="S2.SS2.p1.1">RISC-V has emerged as the de-facto standard ISA for IoT-class computing platforms thanks to its modularity, enabled by a minimal baseline instruction set whereas separate ISA extensions are each devoted to a specific set of additional features, and extensibility, given by the possibility of exploiting unused opcode space to encode custom instructions and extensions according to the specific needs of computer designers <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib19" title="">19</a>]</cite>.</p> </div> <div class="ltx_para" id="S2.SS2.p2"> <p class="ltx_p" id="S2.SS2.p2.1">On the one hand, a variety of RISC-V-based microcontroller-class SoCs is available, such as PULPino <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib20" title="">20</a>]</cite> and GAP-8 <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib21" title="">21</a>]</cite>, while ultra-low-power platforms also leverage RISC-V in multi-core heterogeneous architectures, e.g., Mr. Wolf <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib22" title="">22</a>]</cite> and HERO <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib23" title="">23</a>]</cite>, and SoCs coupling hard-core CPU clusters with programmable FPGA logic, e.g., Microchip’s PolarFire SoC <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib24" title="">24</a>]</cite>. Such solutions focus on delivering good performance with low energy and power consumption but do not address security, especially SCA-related aspects. Moreover, due to their nature, designers can not modify ASIC cores to implement SCA countermeasures not originally included, drastically limiting their usability for comprehensive SCA research.</p> </div> <div class="ltx_para" id="S2.SS2.p3"> <p class="ltx_p" id="S2.SS2.p3.1">On the other hand, multiple frameworks such as ESP <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib25" title="">25</a>]</cite> and Chipyard <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib26" title="">26</a>]</cite> have emerged in the literature for the agile development of heterogeneous multi- and many-core SoCs that feature both general-purpose CPU cores and hardware accelerators <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib27" title="">27</a>]</cite>. However, they focus on the modularity and composability of the obtained computing platforms and on the fast prototyping of the latter on FPGA targets, while they do not consider instead any security aspects.</p> </div> <div class="ltx_para" id="S2.SS2.p4"> <p class="ltx_p" id="S2.SS2.p4.1">All the previously listed platforms, including microcontroller-class, ultra-low-power, and heterogeneous multi- and many-core SoCs, are capable and efficient on the computing side. However, their complexity hinders the possibility of simulating them in an RTL simulator, which is crucial to detecting SCA vulnerabilities and, more importantly, accurately identifying which signals are responsible for the information leakage, which becomes ever more challenging to achieve as such hardware platforms keep growing in size.</p> </div> <div class="ltx_para" id="S2.SS2.p5"> <p class="ltx_p" id="S2.SS2.p5.1">Finally, the OpenTitan project <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib4" title="">4</a>]</cite> delivers a hardware root of trust (RoT) centered around a RISC-V core, not providing instead either a complete SoC platform or a comprehensive hardware-software framework for SCA-related research.</p> </div> <div class="ltx_para" id="S2.SS2.p6"> <p class="ltx_p" id="S2.SS2.p6.1">There also exists a variety of both RISC-V resource-constrained and application-class cores in the open literature, e.g., CORE-V CV32E40P <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib28" title="">28</a>]</cite> and CVA6 <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib29" title="">29</a>]</cite>, UCB’s Rocket <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib30" title="">30</a>]</cite>, and Frontgrade Gaisler NOEL-V <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib31" title="">31</a>]</cite>, that are however of limited use, when considered on their own, in providing a full platform for SCA research. State-of-the-art architectural simulators such as gem5 <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib32" title="">32</a>]</cite> and RISC-V-specific GVSoC <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib33" title="">33</a>]</cite> operate instead at a high level of abstraction, drastically shrinking the time required to simulate a computing platform but conversely making them unsuitable to produce information that can be effectively exploited by SCA attacks.</p> </div> </section> <section class="ltx_subsection" id="S2.SS3"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S2.SS3.5.1.1">II-C</span> </span><span class="ltx_text ltx_font_italic" id="S2.SS3.6.2">State-of-the-art SCA frameworks</span> </h3> <div class="ltx_para" id="S2.SS3.p1"> <p class="ltx_p" id="S2.SS3.p1.1">The literature offers few solutions that are meant for the SCA of RISC-V-based computing platforms.</p> </div> <div class="ltx_para" id="S2.SS3.p2"> <p class="ltx_p" id="S2.SS3.p2.1">lowRISC provides an open-source SCA setup for OpenTitan <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib34" title="">34</a>]</cite> allows instantiating the OpenTitan RoT on a target NewAE board and assessing the resistance of its cryptographic accelerators to power SCA attacks. The OpenTitan platform occupies however a large number of FPGA resources and requires therefore targeting large and expensive FPGAs, e.g., AMD Kintex-7 ones, leading to non-negligible costs, and does not offer any actuators that are suitable for protection against SCA attacks. Moreover, the size and complexity of OpenTitan makes it complex to modify the given design with the goal of implementing novel SCA countermeasures, and the SCA setup <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib34" title="">34</a>]</cite> lacks the ability to easily identify the leakage source in the microarchitectural design.</p> </div> <div class="ltx_para" id="S2.SS3.p3"> <p class="ltx_p" id="S2.SS3.p3.1">ASIC-based solutions, that include mounting on NewAE’s CW308 board an FE310-G002 daughter board <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib35" title="">35</a>]</cite> which features a hard-core SiFive 32-bit RISC-V CPU but lacks any SCA protection, have two main drawbacks. On the one hand, pinpointing the side-channel leakage within the microarchitecture is not easily achievable due to the limited observability and closed-source nature of the computing platform. On the other hand, the researcher can not easily modify the hardware to implement SCA countermeasures.</p> </div> <div class="ltx_para" id="S2.SS3.p4"> <p class="ltx_p" id="S2.SS3.p4.1">Finally, NewAE’s CW305, CW310, and CW340 boards also allow the users to flash their own custom bitstreams, including RISC-V-based computing platforms. This requires however either porting a third-party computing platform to the new target or designing a new one, and both paths notably require a large amount of effort.</p> </div> <div class="ltx_para" id="S2.SS3.p5"> <p class="ltx_p" id="S2.SS3.p5.1">Conversely, a large part of the literature in the SCA research field targets instead more outdated hardware such as the STM32 32-bit Arm Cortex-M <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib36" title="">36</a>]</cite> and ATmega 8-bit AVR <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib37" title="">37</a>]</cite> microcontrollers, highlighting the need to foster novel SCA-related research on modern IoT-class computing platforms.</p> </div> </section> </section> <section class="ltx_section" id="S3"> <h2 class="ltx_title ltx_title_section"> <span class="ltx_tag ltx_tag_section">III </span><span class="ltx_text ltx_font_smallcaps" id="S3.1.1">Framework</span> </h2> <div class="ltx_para" id="S3.p1"> <p class="ltx_p" id="S3.p1.1">The JARVIS framework enables thoroughly evaluating the vulnerability to SCA attacks of cryptographic applications executed on an IoT-class SoC that implements countermeasures through dedicated hardware support. The possibility to accurately match the emulated and prototype execution of the computing platform allows not only detecting information leakage, but even more importantly identifying its sources, which is paramount to fixing the vulnerabilities of the SoC during the design phase. Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1" title="III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">III-A</span></span></a> outlines the high-level flow for the proposed framework, while Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS2" title="III-B Hardware-software infrastructure ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">III-B</span></span></a> discusses how such flow is implemented in a hardware-software infrastructure.</p> </div> <section class="ltx_subsection" id="S3.SS1"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S3.SS1.5.1.1">III-A</span> </span><span class="ltx_text ltx_font_italic" id="S3.SS1.6.2">High-level flow</span> </h3> <div class="ltx_para" id="S3.SS1.p1"> <p class="ltx_p" id="S3.SS1.p1.1">The JARVIS framework, depicted in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S2.F1" title="Figure 1 ‣ II-A Side-channel analysis attacks and countermeasures ‣ II Background and Related Works ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">1</span></a>, can be described as a sequence of three main phases devoted to <span class="ltx_inline-enumerate" id="S3.I1"> <span class="ltx_inline-item" id="S3.I1.i1"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S3.I1.i1.1.1.1">1)</span></span> <span class="ltx_text ltx_font_italic" id="S3.I1.i1.5">configuring</span><span class="ltx_text" id="S3.I1.i1.6">the hardware-software setup, </span></span> <span class="ltx_inline-item" id="S3.I1.i2"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S3.I1.i2.1.1.1">2)</span></span> <span class="ltx_text ltx_font_italic" id="S3.I1.i2.5">measuring</span><span class="ltx_text" id="S3.I1.i2.6">SCA-related information from simulation and prototype execution, and </span></span> <span class="ltx_inline-item" id="S3.I1.i3"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S3.I1.i3.1.1.1">3)</span></span> <span class="ltx_text ltx_font_italic" id="S3.I1.i3.5">analyzing</span><span class="ltx_text" id="S3.I1.i3.6">such information to detect leakage and identify its sources. </span></span> </span> Remarkably, the open-source nature of the framework, as well as the adoption of standard languages for all the inputs and its internals, enable the users to tinker, adapt, and tailor it to their needs. Software scripts automate the execution of each of the three phases, which are discussed in more detail in the rest of this section.</p> </div> <section class="ltx_subsubsection" id="S3.SS1.SSS1"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S3.SS1.SSS1.5.1.1">III-A</span>1 </span>Configure</h4> <div class="ltx_para" id="S3.SS1.SSS1.p1"> <p class="ltx_p" id="S3.SS1.SSS1.p1.1">The high-level flow starts with the configuration of the hardware and software parts of the target to be simulated and prototyped. The SoC is thus configured by the user and is implemented according to the standard hardware design flow, while the applications and, optionally, the RTOS are compiled to produce an executable to be run by the CPU.</p> </div> <section class="ltx_paragraph" id="S3.SS1.SSS1.Px1"> <h5 class="ltx_title ltx_title_paragraph">Implement</h5> <div class="ltx_para" id="S3.SS1.SSS1.Px1.p1"> <p class="ltx_p" id="S3.SS1.SSS1.Px1.p1.1">The framework provides the RTL description of the SoC and the design constraints files that define the frequency of the clock signal and map the I/O to the target FPGA chip, thus enabling the deployment on the prototype board. The initial step requires selecting which additional components to instantiate in the SoC, the parameterization for configurable aspects of the SoC, and which FPGA to target, then an EDA toolchain is leveraged for the synthesis and place-and-route of the netlist and the generation of the corresponding FPGA bitstream.</p> </div> </section> <section class="ltx_paragraph" id="S3.SS1.SSS1.Px2"> <h5 class="ltx_title ltx_title_paragraph">Compile</h5> <div class="ltx_para" id="S3.SS1.SSS1.Px2.p1"> <p class="ltx_p" id="S3.SS1.SSS1.Px2.p1.1">During this phase, the source code for the applications provided by the user of the JARVIS framework is compiled, through a compiler toolchain for RISC-V, to be executed on the target platform, both in simulation and on the prototype. The compilation produces an executable file for the compiled applications and, optionally, the RTOS, meant to be executed by the computing platform both in simulation and on the prototype FPGA. The boundaries for the time window of interest in the execution of the application, e.g., the computation of a specific cryptographic kernel of which to evaluate SCA resistance, are also extracted from the executable file.</p> </div> </section> </section> <section class="ltx_subsubsection" id="S3.SS1.SSS2"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S3.SS1.SSS2.5.1.1">III-A</span>2 </span>Measure</h4> <div class="ltx_para" id="S3.SS1.SSS2.p1"> <p class="ltx_p" id="S3.SS1.SSS2.p1.1">Once the netlist and bitstream for SoC have been generated and the applications have been compiled, the simulation and prototype execution can be carried out to collect the measurements meant to be used for SCA purposes. The simulation produces switching activity statistics, while a power trace is measured from an oscilloscope connected to the board during the prototype execution. The simulation and prototype execution are notably time-aligned, i.e., synchronized, through dedicated hardware features implemented in the target SoC platform. Such synchronization enforces indeed a temporal match between the switching activity obtained from simulation and the power trace measured during the prototype execution.</p> </div> <section class="ltx_paragraph" id="S3.SS1.SSS2.Px1"> <h5 class="ltx_title ltx_title_paragraph">Simulate</h5> <div class="ltx_para" id="S3.SS1.SSS2.Px1.p1"> <p class="ltx_p" id="S3.SS1.SSS2.Px1.p1.1">The simulation, in a SystemVerilog testbench provided as part of the framework, of the post-place-and-route netlist of the SoC running the compiled application executable produces the switching activity of the internal signals of the SoC in the time window of interest.</p> </div> </section> <section class="ltx_paragraph" id="S3.SS1.SSS2.Px2"> <h5 class="ltx_title ltx_title_paragraph">Execute</h5> <div class="ltx_para" id="S3.SS1.SSS2.Px2.p1"> <p class="ltx_p" id="S3.SS1.SSS2.Px2.p1.1">After flashing the bitstream to the FPGA mounted on the prototype board, the SoC is fed the application binary to be loaded into memory and then executes it. An oscilloscope collects the power trace measurement for the execution of the target application on the prototype board within the time window of interest, matching the one employed in the corresponding simulation.</p> </div> </section> </section> <section class="ltx_subsubsection" id="S3.SS1.SSS3"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S3.SS1.SSS3.5.1.1">III-A</span>3 </span>Analyze</h4> <div class="ltx_para" id="S3.SS1.SSS3.p1"> <p class="ltx_p" id="S3.SS1.SSS3.p1.1">The final phase of the JARVIS framework foresees the analysis of the measurements from the previous phase, i.e., the switching activity of the simulation and the power consumption trace of the board execution, both corresponding to the time window of interest and synchronized with each other. Two degrees of analysis are supported by the synchronization and alignment between the switching activity and the power trace. On the one hand, SCA leakage and the corresponding time instant are detected from the physical power traces. On the other hand, and more importantly, such alignment helps to identify the specific signals of the design under analysis which are responsible for the SCA leakage, providing an in-depth understanding of the leakage behavior that drastically eases the subsequent ad-hoc design of effective countermeasures. A set of state-of-the-art SCA techniques, ranging from CPA and template to ML-based ones, is therefore provided to evaluate the SCA security of the platform and the application executed on top of it. Remarkably, the analysis phase also produces the traditional power, performance, and area (PPA) metrics.</p> </div> <figure class="ltx_figure" id="S3.F2"><img alt="Refer to caption" class="ltx_graphics ltx_centering ltx_img_landscape" height="279" id="S3.F2.g1" src="x2.png" width="830"/> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S3.F2.2.1.1" style="font-size:90%;">Figure 2</span>: </span><span class="ltx_text" id="S3.F2.3.2" style="font-size:90%;">Hardware-software infrastructure that implements the JARVIS framework.</span></figcaption> </figure> </section> </section> <section class="ltx_subsection" id="S3.SS2"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S3.SS2.5.1.1">III-B</span> </span><span class="ltx_text ltx_font_italic" id="S3.SS2.6.2">Hardware-software infrastructure</span> </h3> <div class="ltx_para" id="S3.SS2.p1"> <p class="ltx_p" id="S3.SS2.p1.1">The hardware-software infrastructure depicted in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.F2" title="Figure 2 ‣ III-A3 Analyze ‣ III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">2</span></a> realizes the high-level flow described in Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1" title="III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">III-A</span></span></a> by means of three main components, namely <span class="ltx_inline-enumerate" id="S3.I2"> <span class="ltx_inline-item" id="S3.I2.i1"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S3.I2.i1.1.1.1">1)</span></span> <span class="ltx_text" id="S3.I2.i1.5">a (virtual) prototype, </span></span> <span class="ltx_inline-item" id="S3.I2.i2"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S3.I2.i2.1.1.1">2)</span></span> <span class="ltx_text" id="S3.I2.i2.5">an oscilloscope, and </span></span> <span class="ltx_inline-item" id="S3.I2.i3"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S3.I2.i3.1.1.1">3)</span></span> <span class="ltx_text" id="S3.I2.i3.5">a host PC. </span></span> </span> This part discusses in detail the three components and how they interact with each other to deliver the JARVIS framework.</p> </div> <section class="ltx_subsubsection" id="S3.SS2.SSS1"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S3.SS2.SSS1.5.1.1">III-B</span>1 </span>(Virtual) prototype</h4> <div class="ltx_para" id="S3.SS2.SSS1.p1"> <p class="ltx_p" id="S3.SS2.SSS1.p1.1">The computing platform at the foundation of the proposed SCA research framework implements an SoC architecture that can notably be instantiated as a prototype on FPGA, to collect the power trace measurements from an oscilloscope, as well as emulated as a <span class="ltx_text ltx_font_italic" id="S3.SS2.SSS1.p1.1.1">virtual</span> prototype in a RTL simulator that instantiates its post-place-and-route netlist in a testbench, to generate the matching VCD switching activity. The correspondence between the prototype and its virtual counterpart, in particular in how they execute a target application, is enforced by dedicated hardware mechanisms and it is the crucial aspect that enables employing our framework for SCA analysis.</p> </div> <div class="ltx_para" id="S3.SS2.SSS1.p2"> <p class="ltx_p" id="S3.SS2.SSS1.p2.1">The SoC architecture is built around a Wishbone interconnect. It comprises a CPU, a dynamic frequency scaling (DFS) actuator, and a global debug unit as its masters and a memory, a user UART, a true random number generator (TRNG), and a timer as its bus slaves.</p> </div> <div class="ltx_para" id="S3.SS2.SSS1.p3"> <p class="ltx_p" id="S3.SS2.SSS1.p3.1">The single-core, in-order, five-stage pipelined, 32-bit RISC-V CPU implements the base integer (I) and integer multiplication and division (M) RISC-V 32-bit ISA extensions <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib38" title="">38</a>]</cite>. Supporting only I and M extensions, i.e., the bare minimum extensions for an IoT-class CPU, provides the simplest and most observable setup, making it easier to carry out the side-channel analysis. A floating-point unit (FPU) <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib39" title="">39</a>, <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib40" title="">40</a>, <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib41" title="">41</a>]</cite> can be optionally instantiated as a functional unit of the CPU to expand the computational capabilities of the SoC, enabling the execution of floating-point-intensive applications without affecting the overall side-channel resistance of the computing platform. The interconnect consists of two separate 64-bit Wishbone data and instruction buses, both supporting single read and write transactions as well as burst ones, according to a modified Harvard architecture to minimize contention. The DFS actuator enables changing at run time the frequency of the clock signal fed to the CPU, whereas the rest of the SoC operates at a fixed clock frequency. A global debug unit and local debug units connected to the former in a point-to-point fashion compose the debug infrastructure of the SoC. The global debug unit interacts with the host PC through the system UART while two different channels support its communication with the rest of the SoC. Memory location of the memory-mapped bus slaves are accessed through Wishbone reads and writes, while dedicated lines connect the global debug unit to the two local ones that manage the CPU and DFS actuator, respectively.</p> </div> <div class="ltx_para" id="S3.SS2.SSS1.p4"> <p class="ltx_p" id="S3.SS2.SSS1.p4.1">The main memory, making use of the block RAM (BRAM) resources available on AMD FPGAs, is instantiated as a slave on the Wishbone data bus. The bus slaves include a TRNG, that produces a sequence of random bits meant to be used in cryptography and SCA countermeasure tasks, a timer, which enables support for FreeRTOS, and a user UART, that provides an I/O interface for the application. Hardware accelerators exposing a Wishbone interface can also notably be added as memory-mapped bus slaves to the SoC to extend its capabilities.</p> </div> <div class="ltx_para" id="S3.SS2.SSS1.p5"> <p class="ltx_p" id="S3.SS2.SSS1.p5.1">The implementation phase of the proposed flow includes the selection of which parts of the SoC to instantiate, e.g., the optional DFS actuator, TRNG, and timer, and the configuration of its parametric features, e.g., the baud rate of the UART interface, the width of the instruction and data buses, and the branch prediction scheme of the CPU.</p> </div> <div class="ltx_para" id="S3.SS2.SSS1.p6"> <p class="ltx_p" id="S3.SS2.SSS1.p6.1">In addition to the UART I/O interfaces, the prototype exposes the FPGA voltage (<span class="ltx_text ltx_font_typewriter" id="S3.SS2.SSS1.p6.1.1">V<sub class="ltx_sub" id="S3.SS2.SSS1.p6.1.1.1">DD</sub></span> in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.F2" title="Figure 2 ‣ III-A3 Analyze ‣ III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">2</span></a>), which is related to the power consumption of the whole FPGA chip, and a trigger signal (<span class="ltx_text ltx_font_typewriter" id="S3.SS2.SSS1.p6.1.2">Trg</span>), that is driven by the local debug unit of the CPU.</p> </div> </section> <section class="ltx_subsubsection" id="S3.SS2.SSS2"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S3.SS2.SSS2.5.1.1">III-B</span>2 </span>Oscilloscope</h4> <div class="ltx_para" id="S3.SS2.SSS2.p1"> <p class="ltx_p" id="S3.SS2.SSS2.p1.1">Power measurements from the prototype execution are carried out through an oscilloscope with two analog channels and a frequency bandwidth that is sufficient to collect samples from the target platform under measurement without aliasing. The oscilloscope is connected to the prototype board, with an analog channel measuring the voltage of the FPGA and the other one monitoring a signal meant to trigger the data acquisition on the former. It is managed through a USB interface by the host PC, which takes care of its configuration and receives the data samples measured from the board on both analog channels.</p> </div> <figure class="ltx_figure" id="S3.F3"><img alt="Refer to caption" class="ltx_graphics ltx_centering ltx_img_landscape" height="320" id="S3.F3.g1" src="x3.png" width="830"/> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S3.F3.2.1.1" style="font-size:90%;">Figure 3</span>: </span><span class="ltx_text" id="S3.F3.3.2" style="font-size:90%;">Detailed microarchitecture of the debug subsystem, timer, and TRNG.</span></figcaption> </figure> </section> <section class="ltx_subsubsection" id="S3.SS2.SSS3"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S3.SS2.SSS3.5.1.1">III-B</span>3 </span>Host PC</h4> <div class="ltx_para" id="S3.SS2.SSS3.p1"> <p class="ltx_p" id="S3.SS2.SSS3.p1.1">The host PC drives the whole JARVIS framework through the flow software scripts, which manage the interaction with both hardware devices, namely the prototype board and the oscilloscope, and software tools, such as the EDA and compilation toolchains and state-of-the-art SCA attack scripts. Matching the high-level flow previously described in Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.SS1" title="III-A High-level flow ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">III-A</span></span></a>, we can identify three main top-level scripts that drive the corresponding phases of the framework.</p> </div> <section class="ltx_paragraph" id="S3.SS2.SSS3.Px1"> <h5 class="ltx_title ltx_title_paragraph">Configure</h5> <div class="ltx_para" id="S3.SS2.SSS3.Px1.p1"> <p class="ltx_p" id="S3.SS2.SSS3.Px1.p1.1">The configuration script leverages an EDA toolchain for the synthesis and place-and-route and bitstream generation of the SoC, previously configured according to the needs of the user, also taking as its inputs the XDC constraint files that include information about the internal clock signals as well the I/O mapping on the target FPGA chip. A RISC-V compiler toolchain is employed instead to compile the applications and, optionally, the RTOS. The compilation of the sources can thus include the sources for FreeRTOS, when targeting the execution of applications on top of the RTOS, or not, when the goal is instead bare-metal execution. A linker script and startup routines to be executed before the program’s main function are included to support the latter case. The compilation process produces an executable file, that can be loaded into the memory of the computing platform to be executed both in its simulation and on the prototype FPGA. Boundaries for a time window of interest are obtained from the executable to enable accurately matching, also from a temporal standpoint, the simulation of the computing platform with its prototype execution.</p> </div> </section> <section class="ltx_paragraph" id="S3.SS2.SSS3.Px2"> <h5 class="ltx_title ltx_title_paragraph">Measure</h5> <div class="ltx_para" id="S3.SS2.SSS3.Px2.p1"> <p class="ltx_p" id="S3.SS2.SSS3.Px2.p1.1">The simulation leverages an RTL simulator to simulate the post-place-and-route netlist of the SoC inside a SystemVerilog testbench provided as part of the framework. The testbench loads the VMEM for the target application into the memory of the target SoC and drives the execution of the application according to the time window boundaries extracted from its ELF file at the previous phase. The simulation outputs a value change dump (VCD) that contains all the switching activity of the internal signals of the SoC corresponding to the execution of the application within the time window of interest The prototype execution requires, after flashing the bitstream to the FPGA mounted on the prototype board, feeding the application binary to the SoC to be loaded into its memory. The flow script properly drives the board execution through the SoC debug interface, matching the behavior of the SystemVerilog testbench, and manages the oscilloscope connected to the board to collect the power trace of the execution. The VCD from the simulation and the power trace from the prototype execution are saved to a data storage device, so that they can be later retrieved for performing the various analyses.</p> </div> </section> <section class="ltx_paragraph" id="S3.SS2.SSS3.Px3"> <h5 class="ltx_title ltx_title_paragraph">Analyze</h5> <div class="ltx_para" id="S3.SS2.SSS3.Px3.p1"> <p class="ltx_p" id="S3.SS2.SSS3.Px3.p1.1">The VCD obtained from the simulation and the power traces collected from the prototype execution, both corresponding to the exact same time window, are retrieved from the storage where they were saved to analyze them through a set of state-of-the-art SCA techniques, including CPA, template, and ML-based attacks, to detect whether there was any cryptographic information leakage and also identify the eventual sources of the latter. In addition to the SCA security statistics, the analysis phase outputs the traditional PPA metrics leveraging the power consumption measured from the board execution, the cycle-granularity latency collected from simulation, and the resource utilization reports from netlist implementation. The outputs of the computation can also be obtained through the debug infrastructure to further check the correct functioning of the system.</p> </div> </section> </section> </section> </section> <section class="ltx_section" id="S4"> <h2 class="ltx_title ltx_title_section"> <span class="ltx_tag ltx_tag_section">IV </span><span class="ltx_text ltx_font_smallcaps" id="S4.1.1">Microarchitecture</span> </h2> <div class="ltx_para" id="S4.p1"> <p class="ltx_p" id="S4.p1.1">Dedicated hardware and software mechanisms enable the SCA attack and countermeasure capabilities of the proposed framework. The debug subsystem, with its breakpointing and ad-hoc triggering mechanism, ensures maximum observability and controllability of the computing platform, thus allowing the collection of accurate side-channel information that can then be exploited by SCA attacks of different kinds. A TRNG, a DFS actuator, and a timer can instead be optionally instantiated in the SoC to enable support for a variety of state-of-the-art SCA countermeasures ranging from masking to hiding ones. The rest of this section delivers a detailed discussion of the microarchitecture of the debug subsystem, TRNG, DFS actuator, and timer.</p> </div> <figure class="ltx_figure" id="S4.F4"> <div class="ltx_flex_figure"> <div class="ltx_flex_cell ltx_flex_size_1"> <figure class="ltx_figure ltx_figure_panel ltx_minipage ltx_align_bottom" id="S4.F4.fig1" style="width:212.5pt;"> <div class="ltx_flex_figure"> <div class="ltx_flex_cell ltx_flex_size_1"> <figure class="ltx_figure ltx_figure_panel" id="S4.F4.sf1"><img alt="Refer to caption" class="ltx_graphics ltx_centering ltx_img_landscape" height="663" id="S4.F4.sf1.g1" src="x4.png" width="829"/> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S4.F4.sf1.2.1.1" style="font-size:90%;">(a)</span> </span><span class="ltx_text" id="S4.F4.sf1.3.2" style="font-size:90%;">Debug messages</span></figcaption> </figure> </div> <div class="ltx_flex_break"></div> <div class="ltx_flex_cell ltx_flex_size_1"> <figure class="ltx_figure ltx_figure_panel ltx_align_center" id="S4.F4.sf2"><img alt="Refer to caption" class="ltx_graphics ltx_centering ltx_img_landscape" height="271" id="S4.F4.sf2.g1" src="x5.png" width="829"/> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S4.F4.sf2.2.1.1" style="font-size:90%;">(b)</span> </span><span class="ltx_text" id="S4.F4.sf2.3.2" style="font-size:90%;">Command field</span></figcaption> </figure> </div> </div> </figure> </div> <div class="ltx_flex_break"></div> <div class="ltx_flex_cell ltx_flex_size_1"> <figure class="ltx_figure ltx_figure_panel ltx_minipage ltx_align_bottom" id="S4.F4.sf3" style="width:212.5pt;"> <table class="ltx_tabular ltx_centering ltx_align_middle" id="S4.F4.sf3.2"> <tbody class="ltx_tbody"> <tr class="ltx_tr" id="S4.F4.sf3.2.1.1"> <td class="ltx_td ltx_align_left ltx_border_tt" id="S4.F4.sf3.2.1.1.1"><span class="ltx_text ltx_font_bold" id="S4.F4.sf3.2.1.1.1.1" style="font-size:80%;">TOKEN_TYPE</span></td> <td class="ltx_td ltx_align_left ltx_border_tt" id="S4.F4.sf3.2.1.1.2"><span class="ltx_text ltx_font_bold" id="S4.F4.sf3.2.1.1.2.1" style="font-size:80%;">R/W</span></td> <td class="ltx_td ltx_align_left ltx_border_tt" id="S4.F4.sf3.2.1.1.3"><span class="ltx_text ltx_font_bold" id="S4.F4.sf3.2.1.1.3.1" style="font-size:80%;">Destination</span></td> <td class="ltx_td ltx_align_left ltx_border_tt" id="S4.F4.sf3.2.1.1.4"><span class="ltx_text ltx_font_bold" id="S4.F4.sf3.2.1.1.4.1" style="font-size:80%;">Group</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.2.2"> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.2.2.1" rowspan="2"><span class="ltx_text" id="S4.F4.sf3.2.2.2.1.1" style="font-size:80%;">INVALID</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.2.2.2" rowspan="2"><span class="ltx_text" id="S4.F4.sf3.2.2.2.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.2.2.3"><span class="ltx_text" id="S4.F4.sf3.2.2.2.3.1" style="font-size:80%;">Memory-</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.2.2.4" rowspan="2"><span class="ltx_text" id="S4.F4.sf3.2.2.2.4.1" style="font-size:80%;">Invalid</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.3.3"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.3.3.1"><span class="ltx_text" id="S4.F4.sf3.2.3.3.1.1" style="font-size:80%;">mapped</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.4.4"> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.4.4.1"><span class="ltx_text" id="S4.F4.sf3.2.4.4.1.1" style="font-size:80%;">MMAP_READ</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.4.4.2"><span class="ltx_text" id="S4.F4.sf3.2.4.4.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.4.4.3"><span class="ltx_text" id="S4.F4.sf3.2.4.4.3.1" style="font-size:80%;">Memory-</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.4.4.4"><span class="ltx_text" id="S4.F4.sf3.2.4.4.4.1" style="font-size:80%;">Memory-</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.5.5"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.5.5.1"><span class="ltx_text" id="S4.F4.sf3.2.5.5.1.1" style="font-size:80%;">MMAP_WRITE</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.5.5.2"><span class="ltx_text" id="S4.F4.sf3.2.5.5.2.1" style="font-size:80%;">Write</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.5.5.3"><span class="ltx_text" id="S4.F4.sf3.2.5.5.3.1" style="font-size:80%;">mapped</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.5.5.4"><span class="ltx_text" id="S4.F4.sf3.2.5.5.4.1" style="font-size:80%;">mapped</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.6.6"> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.6.6.1"><span class="ltx_text" id="S4.F4.sf3.2.6.6.1.1" style="font-size:80%;">GPR_INT32_READ</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.6.6.2"><span class="ltx_text" id="S4.F4.sf3.2.6.6.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.6.6.3"><span class="ltx_text" id="S4.F4.sf3.2.6.6.3.1" style="font-size:80%;">CPU local</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.6.6.4"><span class="ltx_text" id="S4.F4.sf3.2.6.6.4.1" style="font-size:80%;">CPU</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.7.7"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.7.7.1"><span class="ltx_text" id="S4.F4.sf3.2.7.7.1.1" style="font-size:80%;">GPR_INT32_WRITE</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.7.7.2"><span class="ltx_text" id="S4.F4.sf3.2.7.7.2.1" style="font-size:80%;">Write</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.7.7.3" rowspan="3"><span class="ltx_text" id="S4.F4.sf3.2.7.7.3.1" style="font-size:80%;">debug unit</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.7.7.4" rowspan="3"><span class="ltx_text" id="S4.F4.sf3.2.7.7.4.1" style="font-size:80%;">registers</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.8.8"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.8.8.1"><span class="ltx_text" id="S4.F4.sf3.2.8.8.1.1" style="font-size:80%;">GPR_FPU32_READ</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.8.8.2"><span class="ltx_text" id="S4.F4.sf3.2.8.8.2.1" style="font-size:80%;">Read</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.9.9"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.9.9.1"><span class="ltx_text" id="S4.F4.sf3.2.9.9.1.1" style="font-size:80%;">GPR_FPU32_WRITE</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.9.9.2"><span class="ltx_text" id="S4.F4.sf3.2.9.9.2.1" style="font-size:80%;">Write</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.10.10"> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.10.10.1"><span class="ltx_text" id="S4.F4.sf3.2.10.10.1.1" style="font-size:80%;">HALT_CPU</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.10.10.2"><span class="ltx_text" id="S4.F4.sf3.2.10.10.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.10.10.3"><span class="ltx_text" id="S4.F4.sf3.2.10.10.3.1" style="font-size:80%;">CPU local</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.10.10.4"><span class="ltx_text" id="S4.F4.sf3.2.10.10.4.1" style="font-size:80%;">CPU reset/</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.11.11"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.11.11.1"><span class="ltx_text" id="S4.F4.sf3.2.11.11.1.1" style="font-size:80%;">RUN_CPU</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.11.11.2"><span class="ltx_text" id="S4.F4.sf3.2.11.11.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.11.11.3" rowspan="4"><span class="ltx_text" id="S4.F4.sf3.2.11.11.3.1" style="font-size:80%;">debug unit</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.11.11.4" rowspan="4"><span class="ltx_text" id="S4.F4.sf3.2.11.11.4.1" style="font-size:80%;">resume/halt</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.12.12"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.12.12.1"><span class="ltx_text" id="S4.F4.sf3.2.12.12.1.1" style="font-size:80%;">RST_CPU</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.12.12.2"><span class="ltx_text" id="S4.F4.sf3.2.12.12.2.1" style="font-size:80%;">Read</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.13.13"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.13.13.1"><span class="ltx_text" id="S4.F4.sf3.2.13.13.1.1" style="font-size:80%;">GET_DULOCAL_STATE</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.13.13.2"><span class="ltx_text" id="S4.F4.sf3.2.13.13.2.1" style="font-size:80%;">Read</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.14.14"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.14.14.1"><span class="ltx_text" id="S4.F4.sf3.2.14.14.1.1" style="font-size:80%;">GET_CPU_PC</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.14.14.2"><span class="ltx_text" id="S4.F4.sf3.2.14.14.2.1" style="font-size:80%;">Read</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.15.15"> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.15.15.1"><span class="ltx_text" id="S4.F4.sf3.2.15.15.1.1" style="font-size:80%;">ADVANCE_ONE_STEP</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.15.15.2"><span class="ltx_text" id="S4.F4.sf3.2.15.15.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.15.15.3"><span class="ltx_text" id="S4.F4.sf3.2.15.15.3.1" style="font-size:80%;">CPU local</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.15.15.4"><span class="ltx_text" id="S4.F4.sf3.2.15.15.4.1" style="font-size:80%;">CPU</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.16.16"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.16.16.1"><span class="ltx_text" id="S4.F4.sf3.2.16.16.1.1" style="font-size:80%;">ECHO_FRONTEND</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.16.16.2"><span class="ltx_text" id="S4.F4.sf3.2.16.16.2.1" style="font-size:80%;">Write</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.16.16.3"><span class="ltx_text" id="S4.F4.sf3.2.16.16.3.1" style="font-size:80%;">debug unit</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.16.16.4"><span class="ltx_text" id="S4.F4.sf3.2.16.16.4.1" style="font-size:80%;">stepping</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.17.17"> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.17.17.1"><span class="ltx_text" id="S4.F4.sf3.2.17.17.1.1" style="font-size:80%;">GET_LOW_CYCLECNT</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.17.17.2"><span class="ltx_text" id="S4.F4.sf3.2.17.17.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.17.17.3"><span class="ltx_text" id="S4.F4.sf3.2.17.17.3.1" style="font-size:80%;">CPU local</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.17.17.4"><span class="ltx_text" id="S4.F4.sf3.2.17.17.4.1" style="font-size:80%;">Performance</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.18.18"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.18.18.1"><span class="ltx_text" id="S4.F4.sf3.2.18.18.1.1" style="font-size:80%;">GET_HIGH_CYCLECNT</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.18.18.2"><span class="ltx_text" id="S4.F4.sf3.2.18.18.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.18.18.3" rowspan="3"><span class="ltx_text" id="S4.F4.sf3.2.18.18.3.1" style="font-size:80%;">debug unit</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.18.18.4" rowspan="3"><span class="ltx_text" id="S4.F4.sf3.2.18.18.4.1" style="font-size:80%;">counters</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.19.19"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.19.19.1"><span class="ltx_text" id="S4.F4.sf3.2.19.19.1.1" style="font-size:80%;">GET_LOW_INSTRCNT</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.19.19.2"><span class="ltx_text" id="S4.F4.sf3.2.19.19.2.1" style="font-size:80%;">Read</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.20.20"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.20.20.1"><span class="ltx_text" id="S4.F4.sf3.2.20.20.1.1" style="font-size:80%;">GET_HIGH_INSTRCNT</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.20.20.2"><span class="ltx_text" id="S4.F4.sf3.2.20.20.2.1" style="font-size:80%;">Read</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.21.21"> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.21.21.1"><span class="ltx_text" id="S4.F4.sf3.2.21.21.1.1" style="font-size:80%;">SET_BRKPNT_CPU</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.21.21.2"><span class="ltx_text" id="S4.F4.sf3.2.21.21.2.1" style="font-size:80%;">Write</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.21.21.3"><span class="ltx_text" id="S4.F4.sf3.2.21.21.3.1" style="font-size:80%;">CPU local</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.21.21.4"><span class="ltx_text" id="S4.F4.sf3.2.21.21.4.1" style="font-size:80%;">Breakpoints</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.22.22"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.22.22.1"><span class="ltx_text" id="S4.F4.sf3.2.22.22.1.1" style="font-size:80%;">GET_BRKPNT_CPU</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.22.22.2"><span class="ltx_text" id="S4.F4.sf3.2.22.22.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.22.22.3" rowspan="3"><span class="ltx_text" id="S4.F4.sf3.2.22.22.3.1" style="font-size:80%;">debug unit</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.22.22.4" rowspan="3"><span class="ltx_text" id="S4.F4.sf3.2.22.22.4.1" style="font-size:80%;">configuration</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.23.23"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.23.23.1"><span class="ltx_text" id="S4.F4.sf3.2.23.23.1.1" style="font-size:80%;">RM_BRKPNT_CPU</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.23.23.2"><span class="ltx_text" id="S4.F4.sf3.2.23.23.2.1" style="font-size:80%;">Write</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.24.24"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.24.24.1"><span class="ltx_text" id="S4.F4.sf3.2.24.24.1.1" style="font-size:80%;">GET_NUM_BRKPNT_CPU</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.24.24.2"><span class="ltx_text" id="S4.F4.sf3.2.24.24.2.1" style="font-size:80%;">Read</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.25.25"> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.25.25.1"><span class="ltx_text" id="S4.F4.sf3.2.25.25.1.1" style="font-size:80%;">SET_TRGPNT_CPU</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.25.25.2"><span class="ltx_text" id="S4.F4.sf3.2.25.25.2.1" style="font-size:80%;">Write</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.25.25.3"><span class="ltx_text" id="S4.F4.sf3.2.25.25.3.1" style="font-size:80%;">CPU local</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.25.25.4"><span class="ltx_text" id="S4.F4.sf3.2.25.25.4.1" style="font-size:80%;">Triggerpoints</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.26.26"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.26.26.1"><span class="ltx_text" id="S4.F4.sf3.2.26.26.1.1" style="font-size:80%;">GET_TRGPNT_CPU</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.26.26.2"><span class="ltx_text" id="S4.F4.sf3.2.26.26.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.26.26.3" rowspan="3"><span class="ltx_text" id="S4.F4.sf3.2.26.26.3.1" style="font-size:80%;">debug unit</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.26.26.4" rowspan="3"><span class="ltx_text" id="S4.F4.sf3.2.26.26.4.1" style="font-size:80%;">configuration</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.27.27"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.27.27.1"><span class="ltx_text" id="S4.F4.sf3.2.27.27.1.1" style="font-size:80%;">RM_TRGPNT_CPU</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.27.27.2"><span class="ltx_text" id="S4.F4.sf3.2.27.27.2.1" style="font-size:80%;">Write</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.28.28"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.28.28.1"><span class="ltx_text" id="S4.F4.sf3.2.28.28.1.1" style="font-size:80%;">GET_NUM_TRGPNT_CPU</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.28.28.2"><span class="ltx_text" id="S4.F4.sf3.2.28.28.2.1" style="font-size:80%;">Read</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.29.29"> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.29.29.1"><span class="ltx_text" id="S4.F4.sf3.2.29.29.1.1" style="font-size:80%;">SET_FREQ_DFS</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.29.29.2"><span class="ltx_text" id="S4.F4.sf3.2.29.29.2.1" style="font-size:80%;">Write</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.29.29.3"><span class="ltx_text" id="S4.F4.sf3.2.29.29.3.1" style="font-size:80%;">DFS local</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S4.F4.sf3.2.29.29.4"><span class="ltx_text" id="S4.F4.sf3.2.29.29.4.1" style="font-size:80%;">DFS</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.30.30"> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.30.30.1"><span class="ltx_text" id="S4.F4.sf3.2.30.30.1.1" style="font-size:80%;">GET_FREQ_DFS</span></td> <td class="ltx_td ltx_align_left" id="S4.F4.sf3.2.30.30.2"><span class="ltx_text" id="S4.F4.sf3.2.30.30.2.1" style="font-size:80%;">Read</span></td> <td class="ltx_td ltx_align_left ltx_border_bb" id="S4.F4.sf3.2.30.30.3" rowspan="2"><span class="ltx_text" id="S4.F4.sf3.2.30.30.3.1" style="font-size:80%;">debug unit</span></td> <td class="ltx_td ltx_align_left ltx_border_bb" id="S4.F4.sf3.2.30.30.4" rowspan="2"><span class="ltx_text" id="S4.F4.sf3.2.30.30.4.1" style="font-size:80%;">configuration</span></td> </tr> <tr class="ltx_tr" id="S4.F4.sf3.2.31.31"> <td class="ltx_td ltx_align_left ltx_border_bb" id="S4.F4.sf3.2.31.31.1"><span class="ltx_text" id="S4.F4.sf3.2.31.31.1.1" style="font-size:80%;">RND_FREQ_DFS</span></td> <td class="ltx_td ltx_align_left ltx_border_bb" id="S4.F4.sf3.2.31.31.2"><span class="ltx_text" id="S4.F4.sf3.2.31.31.2.1" style="font-size:80%;">Write</span></td> </tr> </tbody> </table> <figcaption class="ltx_caption ltx_centering" style="font-size:80%;"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S4.F4.sf3.5.1.1" style="font-size:113%;">(c)</span> </span><span class="ltx_text" id="S4.F4.sf3.6.2" style="font-size:113%;">Token types</span></figcaption> </figure> </div> </div> <figcaption class="ltx_caption"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S4.F4.15.1.1" style="font-size:90%;">Figure 4</span>: </span><span class="ltx_text" id="S4.F4.16.2" style="font-size:90%;">Debug messages supported by the proposed framework: (a) structure and width of the debug messages, (b) encoding of the command field, (c) token types of the request messages. Legend: <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.1">BTE</span> burst type extension, <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.2">W</span> write enable (0: read, 1: write), <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.3">CTI</span> cycle type identifier (for burst mode), <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.4">SEL</span> select, <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.5">TOKEN_TYPE</span> request message type, <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.6">Reserved</span> reserved for future use, <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.7">CPU_ID</span> identifier for target local debug unit, <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.8">A</span> ack, <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.9">E</span> error; <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.10">BTE</span>, <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.11">W</span>, <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.12">CTI</span>, and <span class="ltx_text ltx_font_bold" id="S4.F4.16.2.13">SEL</span> refer to Wishbone. </span></figcaption> </figure> <section class="ltx_subsection" id="S4.SS1"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S4.SS1.5.1.1">IV-A</span> </span><span class="ltx_text ltx_font_italic" id="S4.SS1.6.2">Debug subsystem</span> </h3> <div class="ltx_para" id="S4.SS1.p1"> <p class="ltx_p" id="S4.SS1.p1.1">The framework provides maximum observability and controllability of the computing platform through the hardware support for breakpoints and triggerpoints as well as a dedicated debug infrastructure that exposes a GDB-like debug interface, thus enabling the collection of accurate side-channel information that can then be targeted by SCA attacks of different kinds. This part discusses first the global-local debug microarchitecture, then focuses on the breakpointing and triggering mechanisms, and finally provides an overview of the debug capabilities that can be exploited by the external host PC.</p> </div> <section class="ltx_subsubsection" id="S4.SS1.SSS1"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S4.SS1.SSS1.5.1.1">IV-A</span>1 </span>Global and local debug units</h4> <div class="ltx_para" id="S4.SS1.SSS1.p1"> <p class="ltx_p" id="S4.SS1.SSS1.p1.1">The debug subsystem enables controlling and observing the whole SoC through a message-based protocol. It is composed of a global debug unit and of a number of local debug units. The global one, that acts as a master on the Wishbone bus, receives debug messages through a system UART interface and accordingly communicates both with the other bus masters, through point-to-point connections to local debug units that act as adapters to interface with such masters, and with the bus slaves, with whom it interacts directly through the bus by exploiting their memory-mapped nature.</p> </div> <div class="ltx_para" id="S4.SS1.SSS1.p2"> <p class="ltx_p" id="S4.SS1.SSS1.p2.1">Two local debug units are instantiated for the CPU core and for the DFS actuator, respectively, to act as adapters between the global debug unit and the two bus masters. The local debug unit interface with the global one is common to all the local debug units, while the interface with the CPU or DFS actuator is custom tailored to the specific interactions that are implemented with such module. The CPU local debug unit can access the program counter (PC), registers, and performance monitoring counters (PMCs) of the CPU, as well as halt, reset, and restart it and advance its execution by a single step. The DFS one can set a new target clock frequency for the DFS actuator, get the frequency of the current clock signal generated and configure the DFS to randomly switch the frequency of the clock signal. Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.F3" title="Figure 3 ‣ III-B2 Oscilloscope ‣ III-B Hardware-software infrastructure ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">3</span></a> depicts the microarchitecture of the debug subsystem of the SoC, highlighting the global debug unit, the CPU and DFS local debug units, and their interactions with each other as well as with the CPU and the DFS actuator.</p> </div> </section> <section class="ltx_subsubsection" id="S4.SS1.SSS2"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S4.SS1.SSS2.5.1.1">IV-A</span>2 </span>Breakpoints and triggerpoints</h4> <div class="ltx_para" id="S4.SS1.SSS2.p1"> <p class="ltx_p" id="S4.SS1.SSS2.p1.1">The CPU local debug unit supports, through its interaction with the CPU, a traditional breakpointing system coupled with an ad-hoc triggering one. Breakpoints enable halting the CPU when the PC matches their corresponding addresses, while triggerpoints, an ad-hoc variant of breakpoints, are meant to toggle a trigger signal that drives the data acquisition from the oscilloscope and do not instead halt the CPU, which is kept regularly running. The local debug unit for the CPU contains two tables for the breakpoint and triggerpoint addresses, respectively, as shown in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S3.F3" title="Figure 3 ‣ III-B2 Oscilloscope ‣ III-B Hardware-software infrastructure ‣ III Framework ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">3</span></a>. Both tables include a configurable number of entries, each composed of a 32-bit address that corresponds to an instruction in the target application and a 1-bit flag that signals its validity.</p> </div> <div class="ltx_para" id="S4.SS1.SSS2.p2"> <p class="ltx_p" id="S4.SS1.SSS2.p2.1">The valid addresses in the breakpoint table are constantly checked against the current PC of the CPU, whose value is passed to the CPU local debug unit. Whenever there is a match between a valid breakpoint address and the current PC, the CPU is halted until it is resumed through a dedicate debug command. The triggerpoint table entries are similarly compared against the PC, but a match between the latter and a triggerpoint address produces a notably different effect. Rather than halting the CPU as in a traditional breakpoint fashion, reaching a triggerpoint toggles a 1-bit signal that is mapped on an I/O pin of the prototype board to be used as a trigger signal for an oscilloscope.</p> </div> </section> <section class="ltx_subsubsection" id="S4.SS1.SSS3"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S4.SS1.SSS3.5.1.1">IV-A</span>3 </span>Debug messages</h4> <div class="ltx_para" id="S4.SS1.SSS3.p1"> <p class="ltx_p" id="S4.SS1.SSS3.p1.1">The debug infrastructure exposes a request-response protocol to interface with the SoC through the system UART. The communication is indeed carried out as a sequence of request and response messages. Notably, no new request message can be issued until the previous request has been completed and the corresponding response message has been sent back. Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.F4" title="Figure 4 ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">4</span></a> summarizes the width, structure, and information encoded in the various messages depending on whether they are request or response and read or write and on whether they are intended for memory-mapped recipients or local debug units.</p> </div> <div class="ltx_para" id="S4.SS1.SSS3.p2"> <p class="ltx_p" id="S4.SS1.SSS3.p2.1">Request messages can be of four types, depending on whether they correspond to read or write actions and whether their recipients are memory-mapped devices or bus masters. All request messages are composed of a 16-bit command and a 32-bit, while write requests also comprise a 32-bit data, as shown in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.F4.sf1" title="In Figure 4 ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">4(a)</span></a>. The command field encodes different information depending on whether the debug message targets a memory-mapped peripheral or a local debug unit, as depicted in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.F4.sf2" title="In Figure 4 ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">4(b)</span></a>. Debug request messages that can be sent to the SoC through the system UART include, as listed in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.F4.sf3" title="In Figure 4 ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">4(c)</span></a>, <span class="ltx_inline-enumerate" id="S4.I1"> <span class="ltx_inline-item" id="S4.I1.i1"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S4.I1.i1.1.1.1">i)</span></span> <span class="ltx_text" id="S4.I1.i1.5">memory-mapped reads and writes, </span></span> <span class="ltx_inline-item" id="S4.I1.i2"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S4.I1.i2.1.1.1">ii)</span></span> <span class="ltx_text" id="S4.I1.i2.5">register reads and writes, </span></span> <span class="ltx_inline-item" id="S4.I1.i3"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S4.I1.i3.1.1.1">iii)</span></span> <span class="ltx_text" id="S4.I1.i3.5">commands to reset, resume, and halt the CPU, advance its execution by a single step, and get its current state and program counter, </span></span> <span class="ltx_inline-item" id="S4.I1.i4"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S4.I1.i4.1.1.1">iv)</span></span> <span class="ltx_text" id="S4.I1.i4.5">commands to retrieve performance monitoring counters </span></span> <span class="ltx_inline-item" id="S4.I1.i5"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S4.I1.i5.1.1.1">v)</span></span> <span class="ltx_text" id="S4.I1.i5.5">commands to set, get, and remove both the breakpoints and the triggerpoints, and </span></span> <span class="ltx_inline-item" id="S4.I1.i6"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S4.I1.i6.1.1.1">vi)</span></span> <span class="ltx_text" id="S4.I1.i6.5">commands to set and get the target clock frequency for the DFS actuator and configure it to randomly switch clock frequencies. </span></span> </span></p> </div> <div class="ltx_para" id="S4.SS1.SSS3.p3"> <p class="ltx_p" id="S4.SS1.SSS3.p3.1">Response messages can be instead of only two types, i.e., either read or write ones. The former include data as part of the response, while the latter only acknowledge the completion of the requested operation or the occurrence of an error.</p> </div> </section> </section> <section class="ltx_subsection" id="S4.SS2"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S4.SS2.5.1.1">IV-B</span> </span><span class="ltx_text ltx_font_italic" id="S4.SS2.6.2">TRNG</span> </h3> <div class="ltx_para" id="S4.SS2.p1"> <p class="ltx_p" id="S4.SS2.p1.1">The TRNG is a Wishbone slave peripheral that exposes a set of 32 random bits through a memory-mapped register. The TRNG can be configured in the architecture of the digital noise sources and post-processing methods that compose it to obtain different results in terms of FPGA resource utilization, throughput, and security. A digital noise source produces the actual entropy underlying the random number generation, while a post-processing method improves the statistical and security properties of the TRNG. Three digital noise sources and three post-processing methods from the literature are provided with the proposed framework to implement the TRNG component. The digital noise sources that can be instantiated in the TRNG module are NLFIRO, PLL-based, and edge-sampling ones, and they can be coupled with XOR, Von Neumann, and LFSR post-processing methods <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib42" title="">42</a>]</cite>. The random output produced by the TRNG component is periodically refreshed and exposed by a memory-mapped register that can be read through Wishbone.</p> </div> <figure class="ltx_figure" id="S4.F5"><img alt="Refer to caption" class="ltx_graphics ltx_centering ltx_img_landscape" height="478" id="S4.F5.g1" src="x6.png" width="829"/> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S4.F5.2.1.1" style="font-size:90%;">Figure 5</span>: </span><span class="ltx_text" id="S4.F5.3.2" style="font-size:90%;">Detailed microarchitecture of the DFS actuator.</span></figcaption> </figure> </section> <section class="ltx_subsection" id="S4.SS3"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S4.SS3.5.1.1">IV-C</span> </span><span class="ltx_text ltx_font_italic" id="S4.SS3.6.2">DFS actuator</span> </h3> <div class="ltx_para" id="S4.SS3.p1"> <p class="ltx_p" id="S4.SS3.p1.1">The DFS actuator, whose microarchitecture is depicted in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.F5" title="Figure 5 ‣ IV-B TRNG ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">5</span></a>, leverages two mixed-mode clock manager (MMCM) components to provide a glitch- and latency-free switching between different clock frequencies at run time <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib17" title="">17</a>]</cite>. It receives as its inputs a target clock frequency (<span class="ltx_text ltx_font_typewriter" id="S4.SS3.p1.1.1">f<sub class="ltx_sub" id="S4.SS3.p1.1.1.1">in</sub></span> in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.F5" title="Figure 5 ‣ IV-B TRNG ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">5</span></a>), a 1-bit flag to enable random DFS (<span class="ltx_text ltx_font_typewriter" id="S4.SS3.p1.1.2">rnd</span>), and a reference clock signal (<span class="ltx_text ltx_font_typewriter" id="S4.SS3.p1.1.3">clk<sub class="ltx_sub" id="S4.SS3.p1.1.3.1">ref</sub></span>), and it outputs the generated clock signal (<span class="ltx_text ltx_font_typewriter" id="S4.SS3.p1.1.4">clk<sub class="ltx_sub" id="S4.SS3.p1.1.4.1">out</sub></span>) and the current clock frequency (<span class="ltx_text ltx_font_typewriter" id="S4.SS3.p1.1.5">f<sub class="ltx_sub" id="S4.SS3.p1.1.5.1">out</sub></span>). The <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p1.1.6">rnd</span> flag selects the actual target clock frequency for the DFS reconfiguration between the one received through the <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p1.1.7">f<sub class="ltx_sub" id="S4.SS3.p1.1.7.1">in</sub></span> input by the DFS local debug unit and a random value <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p1.1.8">f<sub class="ltx_sub" id="S4.SS3.p1.1.8.1">rnd</sub></span> output by an internal TRNG with similar to the one in Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.SS2" title="IV-B TRNG ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">IV-B</span></span></a>. Such target clock frequency, registered to be output to the DFS local debug unit and readable through a dedicated debug command, is decoded and used as an address to select a corresponding set of MMCM configuration parameters from the <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p1.1.9">BRAM</span> memory.</p> </div> <div class="ltx_para" id="S4.SS3.p2"> <p class="ltx_p" id="S4.SS3.p2.1">Notably, the clock signal output by the MMCMs of an AMD FPGA remains low during its reconfiguration, thus causing a clock-gating effect on the computing platform. The proposed DFS actuator avoids such negative effect by employing two MMCM components (<span class="ltx_text ltx_font_typewriter" id="S4.SS3.p2.1.1">MMCM<sub class="ltx_sub" id="S4.SS3.p2.1.1.1">A</sub></span> and <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p2.1.2">MMCM<sub class="ltx_sub" id="S4.SS3.p2.1.2.1">B</sub></span> in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.F5" title="Figure 5 ‣ IV-B TRNG ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">5</span></a>), among which the FSM logic selects a master and a slave. The master MMCM keeps generating the output clock signal while the slave one is under reconfiguration, after which their roles are swapped. An <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p2.1.3">ack</span> signal monitors the locking status (<span class="ltx_text ltx_font_typewriter" id="S4.SS3.p2.1.4">lock<sub class="ltx_sub" id="S4.SS3.p2.1.4.1">i</sub></span>) of the two MMCMs to prevent triggering a new reconfiguration through the <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p2.1.5">cfg<sub class="ltx_sub" id="S4.SS3.p2.1.5.1">i</sub></span> flag while the previous one is still in progress. The <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p2.1.6">clk<sub class="ltx_sub" id="S4.SS3.p2.1.6.1">out</sub></span> clock output by the DFS actuator is selected through the <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p2.1.7">isMst</span> 1-bit flag as the one output by the current master between the <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p2.1.8">clk<sub class="ltx_sub" id="S4.SS3.p2.1.8.1">outA</sub></span> and <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p2.1.9">clk<sub class="ltx_sub" id="S4.SS3.p2.1.9.1">outB</sub></span> clock signals output by the two MMCMs, respectively.</p> </div> <div class="ltx_para" id="S4.SS3.p3"> <p class="ltx_p" id="S4.SS3.p3.3">The flexible design of the DFS architecture supports up to 1024 different clock frequency configurations. The <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p3.3.1">BRAM</span> memory can indeed store up to 1024 user-defined sets of MMCM configuration parameters, with a minimum step of <math alttext="0.125" class="ltx_Math" display="inline" id="S4.SS3.p3.1.m1.1"><semantics id="S4.SS3.p3.1.m1.1a"><mn id="S4.SS3.p3.1.m1.1.1" xref="S4.SS3.p3.1.m1.1.1.cmml">0.125</mn><annotation-xml encoding="MathML-Content" id="S4.SS3.p3.1.m1.1b"><cn id="S4.SS3.p3.1.m1.1.1.cmml" type="float" xref="S4.SS3.p3.1.m1.1.1">0.125</cn></annotation-xml><annotation encoding="application/x-tex" id="S4.SS3.p3.1.m1.1c">0.125</annotation><annotation encoding="application/x-llamapun" id="S4.SS3.p3.1.m1.1d">0.125</annotation></semantics></math>MHz and lowest and highest achievable clock frequencies of <math alttext="5" class="ltx_Math" display="inline" id="S4.SS3.p3.2.m2.1"><semantics id="S4.SS3.p3.2.m2.1a"><mn id="S4.SS3.p3.2.m2.1.1" xref="S4.SS3.p3.2.m2.1.1.cmml">5</mn><annotation-xml encoding="MathML-Content" id="S4.SS3.p3.2.m2.1b"><cn id="S4.SS3.p3.2.m2.1.1.cmml" type="integer" xref="S4.SS3.p3.2.m2.1.1">5</cn></annotation-xml><annotation encoding="application/x-tex" id="S4.SS3.p3.2.m2.1c">5</annotation><annotation encoding="application/x-llamapun" id="S4.SS3.p3.2.m2.1d">5</annotation></semantics></math>MHz and <math alttext="800" class="ltx_Math" display="inline" id="S4.SS3.p3.3.m3.1"><semantics id="S4.SS3.p3.3.m3.1a"><mn id="S4.SS3.p3.3.m3.1.1" xref="S4.SS3.p3.3.m3.1.1.cmml">800</mn><annotation-xml encoding="MathML-Content" id="S4.SS3.p3.3.m3.1b"><cn id="S4.SS3.p3.3.m3.1.1.cmml" type="integer" xref="S4.SS3.p3.3.m3.1.1">800</cn></annotation-xml><annotation encoding="application/x-tex" id="S4.SS3.p3.3.m3.1c">800</annotation><annotation encoding="application/x-llamapun" id="S4.SS3.p3.3.m3.1d">800</annotation></semantics></math>MHz, respectively, due to MMCM feasibility constraints. Random reconfiguration is activated through a debug request (<span class="ltx_text ltx_font_typewriter" id="S4.SS3.p3.3.2">RND_FREQ_DFS</span> in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.F4.sf3" title="In Figure 4 ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">4(c)</span></a>), which is dispatched to the DFS local debug unit that in turn asserts the <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p3.3.3">rnd</span> input flag. When <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p3.3.4">rnd</span> is set to 1, the MMCMs keep indeed reconfiguring to new clock frequencies as soon as the previous reconfiguration has been completed, i.e., the <span class="ltx_text ltx_font_typewriter" id="S4.SS3.p3.3.5">ack</span> signal to the FSM is asserted.</p> </div> </section> <section class="ltx_subsection" id="S4.SS4"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S4.SS4.5.1.1">IV-D</span> </span><span class="ltx_text ltx_font_italic" id="S4.SS4.6.2">Timer and FreeRTOS support</span> </h3> <div class="ltx_para" id="S4.SS4.p1"> <p class="ltx_p" id="S4.SS4.p1.1">The timer is a memory-mapped peripheral that exposes two 64-bit registers which can be accessed through read and write requests on the Wishbone interconnect. The two registers correspond to the current time, which gets increased by 1 at each clock cycle, and to the time threshold. Once the current time is greater than the time threshold, an interrupt request to the CPU is raised by setting to 1 the content of a 1-bit register.</p> </div> <div class="ltx_para" id="S4.SS4.p2"> <p class="ltx_p" id="S4.SS4.p2.1">Instantiating a timer in the SoC notably enables executing the FreeRTOS real-time operating system and thus providing support for implementing coarse-grained multithreading.</p> </div> </section> </section> <section class="ltx_section" id="S5"> <h2 class="ltx_title ltx_title_section"> <span class="ltx_tag ltx_tag_section">V </span><span class="ltx_text ltx_font_smallcaps" id="S5.1.1">Experimental Evaluation</span> </h2> <div class="ltx_para" id="S5.p1"> <p class="ltx_p" id="S5.p1.1">The experimental campaign aims to showcase how the JARVIS framework delivers an effective research platform for SCA attacks and countermeasures on FPGA targets. Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS1" title="V-A Hardware and software requirements ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">V-A</span></span></a> lists the hardware and software required by the framework, Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS2" title="V-B Experimental setup ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">V-B</span></span></a> details the specific setup employed for the experimental evaluation, and Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS3" title="V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">V-C</span></span></a> delivers an analysis of the SCA techniques provided out of the box.</p> </div> <section class="ltx_subsection" id="S5.SS1"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S5.SS1.5.1.1">V-A</span> </span><span class="ltx_text ltx_font_italic" id="S5.SS1.6.2">Hardware and software requirements</span> </h3> <div class="ltx_para" id="S5.SS1.p1"> <p class="ltx_p" id="S5.SS1.p1.1">The framework makes use of widely available devices and tools, including the development board and FPGA chips for prototyping, the digital oscilloscope for power trace measurement, and the software required for the various phases of the flow, ranging from EDA synthesis and place-and-route to compilation and SCA resistance evaluation.</p> </div> <section class="ltx_subsubsection" id="S5.SS1.SSS1"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S5.SS1.SSS1.5.1.1">V-A</span>1 </span>Prototype</h4> <div class="ltx_para" id="S5.SS1.SSS1.p1"> <p class="ltx_p" id="S5.SS1.SSS1.p1.1">XDC design constraint files are provided for prototyping on the NewAE Technology CW305 Artix FPGA Target board, specifically designed for power analysis and fault injection attacks against hardware cryptographic functions<span class="ltx_note ltx_role_footnote" id="footnote2"><sup class="ltx_note_mark">2</sup><span class="ltx_note_outer"><span class="ltx_note_content"><sup class="ltx_note_mark">2</sup><span class="ltx_tag ltx_tag_note">2</span>More information on NewAE Technology CW305 Artix FPGA Target available at <a class="ltx_ref ltx_href" href="https://rtfm.newae.com/Targets/CW305%20Artix%20FPGA" title="">https://rtfm.newae.com/Targets/CW305%20Artix%20FPGA</a>.</span></span></span>. The CW305 board mounts a BGA socket that can accommodate any chip from the AMD Artix-7 mid-range FPGA family, which is the most widely adopted in academic and industrial research, including the security and cryptography fields <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib43" title="">43</a>]</cite>. The proposed SoC fits into AMD Artix-7 50 chips, which pack 32600 look-up tables (LUT), 65200 flip-flops (FF), 120 digital signal processing (DSP) blocks, and 75 36kb blocks of block RAM (BRAM), and larger ones from the same family.</p> </div> </section> <section class="ltx_subsubsection" id="S5.SS1.SSS2"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S5.SS1.SSS2.5.1.1">V-A</span>2 </span>Oscilloscope</h4> <div class="ltx_para" id="S5.SS1.SSS2.p1"> <p class="ltx_p" id="S5.SS1.SSS2.p1.1">Power measurements are carried out through an oscilloscope from the Pico Technology PicoScope 5000 Series family, which features a 200MHz maximum bandwidth and can collect up to 1 billion samples per second at a resolution ranging from 8 to 16 bits<span class="ltx_note ltx_role_footnote" id="footnote3"><sup class="ltx_note_mark">3</sup><span class="ltx_note_outer"><span class="ltx_note_content"><sup class="ltx_note_mark">3</sup><span class="ltx_tag ltx_tag_note">3</span>More information on Pico Technology PicoScope 5000 Series available at <a class="ltx_ref ltx_href" href="https://www.picotech.com/oscilloscope/5000/picoscope-5000-specifications" title="">https://www.picotech.com/oscilloscope/5000/picoscope-5000-specifications</a>.</span></span></span>. The oscilloscope has its A analog channel connected to the board through a coaxial SMA connector to measure the FPGA voltage, while its B analog channel is connected to a general-purpose I/O pin that outputs the trigger signal which marks the start and the end of the computation.</p> </div> </section> <section class="ltx_subsubsection" id="S5.SS1.SSS3"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S5.SS1.SSS3.5.1.1">V-A</span>3 </span>Host PC</h4> <div class="ltx_para" id="S5.SS1.SSS3.p1"> <p class="ltx_p" id="S5.SS1.SSS3.p1.1">The host PC must be able to execute the AMD Vivado toolchain for the synthesis, place-and-route, and bitstream generation targeting AMD Artix-7 FPGAs, as well as for the simulation and switching activity VCD collection. The host PC is also in charge of the compilation of the application sources, optionally together with the FreeRTOS ones, through a C compiler toolchain for RISC-V targets. Drivers and software for the CW305 board and PicoScope 5000 oscilloscope, connected to the host PC through USB interfaces, are required to drive the prototype execution and power trace collection. All the VCD, power trace, area, and execution time data is stored permanently on a disk mounted on the host PC to be used in the analysis phase. Support for Python 3.9 or higher is necessary to run the software scripts that manage the whole framework as well as the scripts that implement state-of-the-art SCA attack techniques.</p> </div> </section> </section> <section class="ltx_subsection" id="S5.SS2"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S5.SS2.5.1.1">V-B</span> </span><span class="ltx_text ltx_font_italic" id="S5.SS2.6.2">Experimental setup</span> </h3> <section class="ltx_subsubsection" id="S5.SS2.SSS1"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S5.SS2.SSS1.5.1.1">V-B</span>1 </span>Software setup</h4> <div class="ltx_para" id="S5.SS2.SSS1.p1"> <p class="ltx_p" id="S5.SS2.SSS1.p1.1">The framework is run in Ubuntu 22.04.3 LTS on a host PC that features an Intel i7-10700 CPU and a 64GB DDR4 memory. The host PC includes ChipWhisperer 5.1.0 software and PicoScope 7 software and drivers to manage the CW305 board and the oscilloscope, respectively. Applications are compiled with GCC 11.4.0 to be executed on the SoC either bare-metal or on top of FreeRTOS 11.0.1. AMD Vivado ML 2023.1 is employed for the RTL synthesis, place-and-route, bitstream generation, and simulation.</p> </div> <figure class="ltx_table" id="S5.T1"> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_table"><span class="ltx_text" id="S5.T1.2.1.1" style="font-size:90%;">TABLE I</span>: </span><span class="ltx_text" id="S5.T1.3.2" style="font-size:90%;">Breakdown of the SoC’s FPGA resource utilization.</span></figcaption> <table class="ltx_tabular ltx_centering ltx_guessed_headers ltx_align_middle" id="S5.T1.4"> <thead class="ltx_thead"> <tr class="ltx_tr" id="S5.T1.4.1.1"> <th class="ltx_td ltx_th ltx_th_row ltx_border_tt" id="S5.T1.4.1.1.1"></th> <th class="ltx_td ltx_align_center ltx_th ltx_th_column ltx_border_tt" colspan="4" id="S5.T1.4.1.1.2"><span class="ltx_text ltx_font_bold" id="S5.T1.4.1.1.2.1">FPGA resource utilization</span></th> </tr> <tr class="ltx_tr" id="S5.T1.4.2.2"> <th class="ltx_td ltx_align_left ltx_th ltx_th_column ltx_th_row" id="S5.T1.4.2.2.1"><span class="ltx_text ltx_font_bold" id="S5.T1.4.2.2.1.1">Component</span></th> <th class="ltx_td ltx_align_center ltx_th ltx_th_column ltx_border_t" id="S5.T1.4.2.2.2"><span class="ltx_text ltx_font_bold" id="S5.T1.4.2.2.2.1">LUT</span></th> <th class="ltx_td ltx_align_center ltx_th ltx_th_column ltx_border_t" id="S5.T1.4.2.2.3"><span class="ltx_text ltx_font_bold" id="S5.T1.4.2.2.3.1">FF</span></th> <th class="ltx_td ltx_align_center ltx_th ltx_th_column ltx_border_t" id="S5.T1.4.2.2.4"><span class="ltx_text ltx_font_bold" id="S5.T1.4.2.2.4.1">DSP</span></th> <th class="ltx_td ltx_align_center ltx_th ltx_th_column ltx_border_t" id="S5.T1.4.2.2.5"><span class="ltx_text ltx_font_bold" id="S5.T1.4.2.2.5.1">BRAM</span></th> </tr> </thead> <tbody class="ltx_tbody"> <tr class="ltx_tr" id="S5.T1.4.3.1"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_t" id="S5.T1.4.3.1.1">CPU</th> <td class="ltx_td ltx_align_center ltx_border_t" id="S5.T1.4.3.1.2">4386</td> <td class="ltx_td ltx_align_center ltx_border_t" id="S5.T1.4.3.1.3">3192</td> <td class="ltx_td ltx_align_center ltx_border_t" id="S5.T1.4.3.1.4">4</td> <td class="ltx_td ltx_align_center ltx_border_t" id="S5.T1.4.3.1.5">0</td> </tr> <tr class="ltx_tr" id="S5.T1.4.4.2"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T1.4.4.2.1">DFS</th> <td class="ltx_td ltx_align_center" id="S5.T1.4.4.2.2">822</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.4.2.3">225</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.4.2.4">0</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.4.2.5">1.5</td> </tr> <tr class="ltx_tr" id="S5.T1.4.5.3"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T1.4.5.3.1">Global debug unit</th> <td class="ltx_td ltx_align_center" id="S5.T1.4.5.3.2">286</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.5.3.3">248</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.5.3.4">0</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.5.3.5">0</td> </tr> <tr class="ltx_tr" id="S5.T1.4.6.4"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T1.4.6.4.1">CPU local debug unit</th> <td class="ltx_td ltx_align_center" id="S5.T1.4.6.4.2">875</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.6.4.3">587</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.6.4.4">0</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.6.4.5">0</td> </tr> <tr class="ltx_tr" id="S5.T1.4.7.5"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T1.4.7.5.1">DFS local debug unit</th> <td class="ltx_td ltx_align_center" id="S5.T1.4.7.5.2">19</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.7.5.3">29</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.7.5.4">0</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.7.5.5">0</td> </tr> <tr class="ltx_tr" id="S5.T1.4.8.6"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T1.4.8.6.1">Memory</th> <td class="ltx_td ltx_align_center" id="S5.T1.4.8.6.2">206</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.8.6.3">138</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.8.6.4">0</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.8.6.5">64</td> </tr> <tr class="ltx_tr" id="S5.T1.4.9.7"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T1.4.9.7.1">TRNG</th> <td class="ltx_td ltx_align_center" id="S5.T1.4.9.7.2">2486</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.9.7.3">1252</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.9.7.4">0</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.9.7.5">0.5</td> </tr> <tr class="ltx_tr" id="S5.T1.4.10.8"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T1.4.10.8.1">Timer</th> <td class="ltx_td ltx_align_center" id="S5.T1.4.10.8.2">144</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.10.8.3">163</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.10.8.4">0</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.10.8.5">0</td> </tr> <tr class="ltx_tr" id="S5.T1.4.11.9"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T1.4.11.9.1">System UART</th> <td class="ltx_td ltx_align_center" id="S5.T1.4.11.9.2">365</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.11.9.3">292</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.11.9.4">0</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.11.9.5">0</td> </tr> <tr class="ltx_tr" id="S5.T1.4.12.10"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T1.4.12.10.1">User UART</th> <td class="ltx_td ltx_align_center" id="S5.T1.4.12.10.2">359</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.12.10.3">284</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.12.10.4">0</td> <td class="ltx_td ltx_align_center" id="S5.T1.4.12.10.5">0</td> </tr> <tr class="ltx_tr" id="S5.T1.4.13.11"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_bb" id="S5.T1.4.13.11.1"><span class="ltx_text ltx_font_bold" id="S5.T1.4.13.11.1.1">Overall SoC</span></th> <td class="ltx_td ltx_align_center ltx_border_bb ltx_border_t" id="S5.T1.4.13.11.2">10667</td> <td class="ltx_td ltx_align_center ltx_border_bb ltx_border_t" id="S5.T1.4.13.11.3">7563</td> <td class="ltx_td ltx_align_center ltx_border_bb ltx_border_t" id="S5.T1.4.13.11.4">4</td> <td class="ltx_td ltx_align_center ltx_border_bb ltx_border_t" id="S5.T1.4.13.11.5">66</td> </tr> </tbody> </table> </figure> </section> <section class="ltx_subsubsection" id="S5.SS2.SSS2"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S5.SS2.SSS2.5.1.1">V-B</span>2 </span>Hardware setup</h4> <div class="ltx_para" id="S5.SS2.SSS2.p1"> <p class="ltx_p" id="S5.SS2.SSS2.p1.1">The FPGA target in the experimental evaluation is an Artix-7 100 (xc7a100tftg256-1) chip mounted on a CW305 board. The oscilloscope is a PicoScope 5244D, that features two analog channels and a 200MHz bandwidth. The SoC to be prototyped on FPGA and simulated is configured with a CPU that implements the RV32IM instruction set, a 256kB main memory, and a TRNG, a DFS actuator, and a timer that enable support for all the included state-of-the-art SCA countermeasures. Table <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.T1" title="TABLE I ‣ V-B1 Software setup ‣ V-B Experimental setup ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">I</span></a> lists the FPGA resource utilization resulting from synthesis and place-and-route targeting 100 MHz and 50MHz clock frequencies for the CPU, driven by the DFS actuator, and the rest of the SoC.</p> </div> </section> <section class="ltx_subsubsection" id="S5.SS2.SSS3"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S5.SS2.SSS3.5.1.1">V-B</span>3 </span>Breakpoints and triggerpoints</h4> <div class="ltx_para" id="S5.SS2.SSS3.p1"> <p class="ltx_p" id="S5.SS2.SSS3.p1.1">Two triggerpoint addresses are assigned, respectively, the addresses of instructions in the target application between which to acquire the power measurement from the oscilloscope. In particular, reaching the start triggerpoint address raises a trigger signal mapped on an I/O pin of the prototype board, and such trigger signal stays high until the PC holds a value matching the end triggerpoint, thus toggling the trigger signal down to 0. Two breakpoints are also leveraged, coupled with the triggerpoints, to manage the oscilloscope’s behavior. A breakpoint is configured to an address that is reached before the start triggerpoint one is employed to interrupt the CPU computation in order to get the oscilloscope ready to perform the acquisition, while another breakpoint is instead assigned to an address being encountered after the acquisition time window to interrupt again the CPU computation and dump the collected data that is stored in the oscilloscope’s buffer.</p> </div> <div class="ltx_para" id="S5.SS2.SSS3.p2"> <p class="ltx_p" id="S5.SS2.SSS3.p2.1">Such combined usage of the breakpoints and triggerpoints in the prototype execution scenario is accurately replicated in the simulation one for two main purposes. On the one hand, it enables a perfect match from the temporal point of view between the switching activity VCD collected in the simulation and the power trace acquired by the oscilloscope during the prototype execution. On the other hand, it makes it possible to collect the VCD solely for the time window of interest to the SCA analysis, thus limiting the simulation’s execution time. The latter is a particularly critical aspect due to the need to perform a timing simulation of a post-route netlist to have maximum correspondence with the design prototyped on the board and thus collect meaningful switching activity statistics.</p> </div> </section> </section> <section class="ltx_subsection" id="S5.SS3"> <h3 class="ltx_title ltx_title_subsection"> <span class="ltx_tag ltx_tag_subsection"><span class="ltx_text" id="S5.SS3.5.1.1">V-C</span> </span><span class="ltx_text ltx_font_italic" id="S5.SS3.6.2">Experimental analysis</span> </h3> <div class="ltx_para" id="S5.SS3.p1"> <p class="ltx_p" id="S5.SS3.p1.1">The experimental analysis applies to the computing platform, configured as described in Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.SS2" title="V-B Experimental setup ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">V-B</span></span></a>, the SCA countermeasure and attack techniques from the state of the art included in the framework, quantitatively assessing their effectiveness.</p> </div> <section class="ltx_subsubsection" id="S5.SS3.SSS1"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S5.SS3.SSS1.5.1.1">V-C</span>1 </span>SCA countermeasure techniques</h4> <div class="ltx_para" id="S5.SS3.SSS1.p1"> <p class="ltx_p" id="S5.SS3.SSS1.p1.1">The SCA countermeasures include microarchitecture-level ones, such as clock frequency randomization, and architecture- and OS-level ones, such as the morphing and chaff techniques.</p> </div> <section class="ltx_paragraph" id="S5.SS3.SSS1.Px1"> <h5 class="ltx_title ltx_title_paragraph">Clock frequency randomization</h5> <div class="ltx_para" id="S5.SS3.SSS1.Px1.p1"> <p class="ltx_p" id="S5.SS3.SSS1.Px1.p1.1">The DFS actuator can be used to continuously vary, in a random fashion, the frequency of the clock signal fed to the CPU, as previously described in Section <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S4.SS3" title="IV-C DFS actuator ‣ IV Microarchitecture ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag"><span class="ltx_text">IV-C</span></span></a>, with the purpose of producing a distortion in the power consumption trace and therefore reducing the information leakage <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib17" title="">17</a>]</cite>. The DFS, when in random reconfiguration mode, uses indeed as its target frequencies the values generated by the internal TRNG, rather than setting them through the debug infrastructure. The DFS actuator produces a clock signal that can be reconfigured to up to 1024 different frequencies every few tens of microseconds and without any glitching and gating effects, enabling a large variability and ensuring the effectiveness of the countermeasure.</p> </div> <figure class="ltx_float ltx_float_algorithm ltx_framed ltx_framed_top" id="alg1"> <figcaption class="ltx_caption"><span class="ltx_tag ltx_tag_float"><span class="ltx_text ltx_font_bold" id="alg1.2.1.1">Algorithm 1</span> </span> Chaff SCA countermeasure <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib44" title="">44</a>]</cite>.</figcaption> <div class="ltx_listing ltx_listing" id="alg1.3"> <div class="ltx_listingline" id="alg1.l1"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l1.1.1.1" style="font-size:80%;">1:</span></span><span class="ltx_text ltx_font_bold" id="alg1.l1.2">function</span> <span class="ltx_text ltx_font_smallcaps" id="alg1.l1.3">ChaffEncrypt </span>(cipher, key, ptx, numChaff) </div> <div class="ltx_listingline" id="alg1.l2"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l2.1.1.1" style="font-size:80%;">2:</span></span>     mainThread <math alttext="\leftarrow" class="ltx_Math" display="inline" id="alg1.l2.m1.1"><semantics id="alg1.l2.m1.1a"><mo id="alg1.l2.m1.1.1" stretchy="false" xref="alg1.l2.m1.1.1.cmml">←</mo><annotation-xml encoding="MathML-Content" id="alg1.l2.m1.1b"><ci id="alg1.l2.m1.1.1.cmml" xref="alg1.l2.m1.1.1">←</ci></annotation-xml><annotation encoding="application/x-tex" id="alg1.l2.m1.1c">\leftarrow</annotation><annotation encoding="application/x-llamapun" id="alg1.l2.m1.1d">←</annotation></semantics></math> C<span class="ltx_text" id="alg1.l2.2" style="font-size:70%;">REATE </span>(cipher, key, ptx) </div> <div class="ltx_listingline" id="alg1.l3"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l3.1.1.1" style="font-size:80%;">3:</span></span>     chaffKey <math alttext="\leftarrow" class="ltx_Math" display="inline" id="alg1.l3.m1.1"><semantics id="alg1.l3.m1.1a"><mo id="alg1.l3.m1.1.1" stretchy="false" xref="alg1.l3.m1.1.1.cmml">←</mo><annotation-xml encoding="MathML-Content" id="alg1.l3.m1.1b"><ci id="alg1.l3.m1.1.1.cmml" xref="alg1.l3.m1.1.1">←</ci></annotation-xml><annotation encoding="application/x-tex" id="alg1.l3.m1.1c">\leftarrow</annotation><annotation encoding="application/x-llamapun" id="alg1.l3.m1.1d">←</annotation></semantics></math> G<span class="ltx_text" id="alg1.l3.2" style="font-size:70%;">ENERATE</span>C<span class="ltx_text" id="alg1.l3.3" style="font-size:70%;">HAFF</span>K<span class="ltx_text" id="alg1.l3.4" style="font-size:70%;">EYS </span>(key, numChaff) </div> <div class="ltx_listingline" id="alg1.l4"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l4.1.1.1" style="font-size:80%;">4:</span></span>     <span class="ltx_text ltx_font_bold" id="alg1.l4.2">for</span> i in 1 to numChaff <span class="ltx_text ltx_font_bold" id="alg1.l4.3">do</span> </div> <div class="ltx_listingline" id="alg1.l5"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l5.1.1.1" style="font-size:80%;">5:</span></span>         chaffThreads[i] <math alttext="\leftarrow" class="ltx_Math" display="inline" id="alg1.l5.m1.1"><semantics id="alg1.l5.m1.1a"><mo id="alg1.l5.m1.1.1" stretchy="false" xref="alg1.l5.m1.1.1.cmml">←</mo><annotation-xml encoding="MathML-Content" id="alg1.l5.m1.1b"><ci id="alg1.l5.m1.1.1.cmml" xref="alg1.l5.m1.1.1">←</ci></annotation-xml><annotation encoding="application/x-tex" id="alg1.l5.m1.1c">\leftarrow</annotation><annotation encoding="application/x-llamapun" id="alg1.l5.m1.1d">←</annotation></semantics></math> C<span class="ltx_text" id="alg1.l5.2" style="font-size:70%;">REATE </span>(cipher, chaffKey[i], ptx)       </div> <div class="ltx_listingline" id="alg1.l6"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l6.1.1.1" style="font-size:80%;">6:</span></span>     S<span class="ltx_text" id="alg1.l6.2" style="font-size:70%;">TART</span>R<span class="ltx_text" id="alg1.l6.3" style="font-size:70%;">ANDOM</span>S<span class="ltx_text" id="alg1.l6.4" style="font-size:70%;">CHEDULER </span>(mainThread, chaffThreads) </div> <div class="ltx_listingline" id="alg1.l7"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l7.1.1.1" style="font-size:80%;">7:</span></span>     <span class="ltx_text ltx_font_bold" id="alg1.l7.2">while</span> I<span class="ltx_text" id="alg1.l7.3" style="font-size:70%;">S</span>R<span class="ltx_text" id="alg1.l7.4" style="font-size:70%;">UNNING </span>(mainThread) <span class="ltx_text ltx_font_bold" id="alg1.l7.5">do</span> </div> <div class="ltx_listingline" id="alg1.l8"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l8.1.1.1" style="font-size:80%;">8:</span></span>         W<span class="ltx_text" id="alg1.l8.2" style="font-size:70%;">AIT </span>()       </div> <div class="ltx_listingline" id="alg1.l9"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l9.1.1.1" style="font-size:80%;">9:</span></span>     <span class="ltx_text ltx_font_bold" id="alg1.l9.2">for</span> i in 1 to numChaff <span class="ltx_text ltx_font_bold" id="alg1.l9.3">do</span> </div> <div class="ltx_listingline" id="alg1.l10"> <span class="ltx_tag ltx_tag_listingline"><span class="ltx_text" id="alg1.l10.1.1.1" style="font-size:80%;">10:</span></span>         K<span class="ltx_text" id="alg1.l10.2" style="font-size:70%;">ILL </span>(chaffThreads[i])       </div> </div> </figure> </section> <section class="ltx_paragraph" id="S5.SS3.SSS1.Px2"> <h5 class="ltx_title ltx_title_paragraph">Morphing</h5> <div class="ltx_para" id="S5.SS3.SSS1.Px2.p1"> <p class="ltx_p" id="S5.SS3.SSS1.Px2.p1.1">The morphing countermeasure leverages the TRNG to randomly modify the execution of a cryptographic operation <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib36" title="">36</a>]</cite>. For example, in the AES use case considered in the experimental evaluation, morphing targets the AddRoundKey and SubBytes steps of the AES cryptosystem. Each AddRoundKey execution employs a randomly selected version of the XOR operation, chosen among 8 equivalent implementations with different power consumption profiles. SubBytes executions are instead morphed by using S-Boxes that are masked by random values and periodically refreshed.</p> </div> </section> <section class="ltx_paragraph" id="S5.SS3.SSS1.Px3"> <h5 class="ltx_title ltx_title_paragraph">Chaff</h5> <div class="ltx_para" id="S5.SS3.SSS1.Px3.p1"> <p class="ltx_p" id="S5.SS3.SSS1.Px3.p1.1">The TRNG component and the support for software multithreading provided by FreeRTOS enable the adoption of the chaff approach, described in <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib44" title="">44</a>]</cite> and whose pseudocode is listed in Algorithm <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#alg1" title="Algorithm 1 ‣ Clock frequency randomization ‣ V-C1 SCA countermeasure techniques ‣ V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">1</span></a>. The latter technique executes, concurrently to a thread for the actual instance of a cipher (line 2 in Algorithm <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#alg1" title="Algorithm 1 ‣ Clock frequency randomization ‣ V-C1 SCA countermeasure techniques ‣ V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">1</span></a>), e.g., the encryption of a plaintext with a certain key, a set of additional threads performing the same cryptographic operation on the same input but with different keys, properly generated to be correlated with the original one (lines 3–5). All the threads are started and executed in parallel, according to a random scheduler that leverages the SoC’s TRNG (line 6), until the thread performing the actual cryptographic operation has completed (lines 7–10).</p> </div> </section> </section> <section class="ltx_subsubsection" id="S5.SS3.SSS2"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S5.SS3.SSS2.5.1.1">V-C</span>2 </span>SCA attack techniques</h4> <div class="ltx_para" id="S5.SS3.SSS2.p1"> <p class="ltx_p" id="S5.SS3.SSS2.p1.1">The SCA attacks provided out of the box by the framework include <span class="ltx_inline-enumerate" id="S5.I1"> <span class="ltx_inline-item" id="S5.I1.i1"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S5.I1.i1.1.1.1">1)</span></span> <span class="ltx_text" id="S5.I1.i1.5">a <em class="ltx_emph ltx_font_italic" id="S5.I1.i1.5.1">CPA</em> attack <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib7" title="">7</a>]</cite>, that extracts the secret key of the target cryptosystem executions by correlating their power signature with their operating behavior, performed in the experimental campaign on up to 1 million power traces, </span></span> <span class="ltx_inline-item" id="S5.I1.i2"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S5.I1.i2.1.1.1">2)</span></span> <span class="ltx_text" id="S5.I1.i2.5">a <em class="ltx_emph ltx_font_italic" id="S5.I1.i2.5.1">template</em> profiled attack <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib9" title="">9</a>]</cite>, that leverages the Bayes’ theorem to estimate the probability of a key given its multivariate normal distribution, carried out by using 1024 traces for each of the 256 possible key bytes during both the profiling and attack phases, and </span></span> <span class="ltx_inline-item" id="S5.I1.i3"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S5.I1.i3.1.1.1">3)</span></span> <span class="ltx_text" id="S5.I1.i3.5">an ML-based attack leveraging convolutional neural networks (<em class="ltx_emph ltx_font_italic" id="S5.I1.i3.5.1">CNN</em>s) <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib37" title="">37</a>]</cite>, that learn a recurrent pattern of the leakage to predict the secret key and whose training and inference are carried out on the same dataset as the template attack. </span></span> </span></p> </div> </section> <section class="ltx_subsubsection" id="S5.SS3.SSS3"> <h4 class="ltx_title ltx_title_subsubsection"> <span class="ltx_tag ltx_tag_subsubsection"><span class="ltx_text" id="S5.SS3.SSS3.5.1.1">V-C</span>3 </span>SCA security assessment</h4> <div class="ltx_para" id="S5.SS3.SSS3.p1"> <p class="ltx_p" id="S5.SS3.SSS3.p1.1">The experimental analysis assesses first the vulnerability of the computing platform to the previously described attacks while executing the AES-128 cryptosystem. We make use of the constant-time, S-box-based AES-128 C implementation from the widely adopted OpenSSL <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib45" title="">45</a>]</cite> cryptography suite. In particular, we evaluate whether each attack, specifically targeting the SubBytes step of the first AES round, succeeds or fails when executing the plain AES cryptosystem without any protection, a software-masked version of AES, and plain AES protected by the clock frequency randomization, morphing, and chaff SCA hiding countermeasures.</p> </div> <figure class="ltx_table" id="S5.T2"> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_table"><span class="ltx_text" id="S5.T2.2.1.1" style="font-size:90%;">TABLE II</span>: </span><span class="ltx_text" id="S5.T2.3.2" style="font-size:90%;">Quality metrics obtained by attacks to AES execution on the experimental platform when implementing different countermeasures. Undefined values are denoted by –.</span></figcaption> <table class="ltx_tabular ltx_centering ltx_align_middle" id="S5.T2.4"> <tbody class="ltx_tbody"> <tr class="ltx_tr" id="S5.T2.4.1.1"> <td class="ltx_td ltx_border_tt" id="S5.T2.4.1.1.1"></td> <td class="ltx_td ltx_border_tt" id="S5.T2.4.1.1.2"></td> <td class="ltx_td ltx_align_center ltx_border_tt" colspan="3" id="S5.T2.4.1.1.3"><span class="ltx_text ltx_font_bold" id="S5.T2.4.1.1.3.1">Attack</span></td> </tr> <tr class="ltx_tr" id="S5.T2.4.2.2"> <td class="ltx_td ltx_align_left" id="S5.T2.4.2.2.1"><span class="ltx_text ltx_font_bold" id="S5.T2.4.2.2.1.1">Countermeasure</span></td> <td class="ltx_td ltx_align_left" id="S5.T2.4.2.2.2"><span class="ltx_text ltx_font_bold" id="S5.T2.4.2.2.2.1">Quality metric</span></td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.2.2.3"><span class="ltx_text ltx_font_bold" id="S5.T2.4.2.2.3.1">CPA</span></td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.2.2.4"><span class="ltx_text ltx_font_bold" id="S5.T2.4.2.2.4.1">Template</span></td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.2.2.5"><span class="ltx_text ltx_font_bold" id="S5.T2.4.2.2.5.1">CNN</span></td> </tr> <tr class="ltx_tr" id="S5.T2.4.3.3"> <td class="ltx_td ltx_align_left ltx_border_t" id="S5.T2.4.3.3.1" rowspan="4"><span class="ltx_text" id="S5.T2.4.3.3.1.1">None</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S5.T2.4.3.3.2">Guessing entropy</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.3.3.3">1</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.3.3.4">1</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.3.3.5">1</td> </tr> <tr class="ltx_tr" id="S5.T2.4.4.4"> <td class="ltx_td ltx_align_left" id="S5.T2.4.4.4.1">Guessing distance</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.4.4.2">–</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.4.4.3">0.86</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.4.4.4">0.77</td> </tr> <tr class="ltx_tr" id="S5.T2.4.5.5"> <td class="ltx_td ltx_align_left" id="S5.T2.4.5.5.1">Success rate</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.5.5.2"><span class="ltx_text ltx_font_bold" id="S5.T2.4.5.5.2.1" style="color:#00FF00;">100%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.5.5.3"><span class="ltx_text ltx_font_bold" id="S5.T2.4.5.5.3.1" style="color:#00FF00;">100%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.5.5.4"><span class="ltx_text ltx_font_bold" id="S5.T2.4.5.5.4.1" style="color:#00FF00;">100%</span></td> </tr> <tr class="ltx_tr" id="S5.T2.4.6.6"> <td class="ltx_td ltx_align_left" id="S5.T2.4.6.6.1">Number of traces</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.6.6.2">180</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.6.6.3">3</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.6.6.4">10</td> </tr> <tr class="ltx_tr" id="S5.T2.4.7.7"> <td class="ltx_td ltx_align_left ltx_border_t" id="S5.T2.4.7.7.1" rowspan="4"><span class="ltx_text" id="S5.T2.4.7.7.1.1">Software masking</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S5.T2.4.7.7.2">Guessing entropy</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.7.7.3">108.75</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.7.7.4">153.22</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.7.7.5">1.06</td> </tr> <tr class="ltx_tr" id="S5.T2.4.8.8"> <td class="ltx_td ltx_align_left" id="S5.T2.4.8.8.1">Guessing distance</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.8.8.2">–</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.8.8.3">-0.57</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.8.8.4">0.45</td> </tr> <tr class="ltx_tr" id="S5.T2.4.9.9"> <td class="ltx_td ltx_align_left" id="S5.T2.4.9.9.1">Success rate</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.9.9.2"><span class="ltx_text ltx_font_bold" id="S5.T2.4.9.9.2.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.9.9.3"><span class="ltx_text ltx_font_bold" id="S5.T2.4.9.9.3.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.9.9.4"><span class="ltx_text ltx_font_bold" id="S5.T2.4.9.9.4.1" style="color:#00FF00;">98%</span></td> </tr> <tr class="ltx_tr" id="S5.T2.4.10.10"> <td class="ltx_td ltx_align_left" id="S5.T2.4.10.10.1">Number of traces</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.10.10.2">–</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.10.10.3">–</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.10.10.4">–</td> </tr> <tr class="ltx_tr" id="S5.T2.4.11.11"> <td class="ltx_td ltx_align_left ltx_border_t" id="S5.T2.4.11.11.1"><span class="ltx_text" id="S5.T2.4.11.11.1.1">Clock frequency</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S5.T2.4.11.11.2">Guessing entropy</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.11.11.3">112.75</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.11.11.4">127</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.11.11.5">72.20</td> </tr> <tr class="ltx_tr" id="S5.T2.4.12.12"> <td class="ltx_td ltx_align_left" id="S5.T2.4.12.12.1" rowspan="3"><span class="ltx_text" id="S5.T2.4.12.12.1.1">randomization</span></td> <td class="ltx_td ltx_align_left" id="S5.T2.4.12.12.2">Guessing distance</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.12.12.3">–</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.12.12.4">-0.52</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.12.12.5">-0.31</td> </tr> <tr class="ltx_tr" id="S5.T2.4.13.13"> <td class="ltx_td ltx_align_left" id="S5.T2.4.13.13.1">Success rate</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.13.13.2"><span class="ltx_text ltx_font_bold" id="S5.T2.4.13.13.2.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.13.13.3"><span class="ltx_text ltx_font_bold" id="S5.T2.4.13.13.3.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.13.13.4"><span class="ltx_text ltx_font_bold" id="S5.T2.4.13.13.4.1" style="color:#FF0000;">6%</span></td> </tr> <tr class="ltx_tr" id="S5.T2.4.14.14"> <td class="ltx_td ltx_align_left" id="S5.T2.4.14.14.1">Number of traces</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.14.14.2">–</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.14.14.3">–</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.14.14.4">–</td> </tr> <tr class="ltx_tr" id="S5.T2.4.15.15"> <td class="ltx_td ltx_align_left ltx_border_t" id="S5.T2.4.15.15.1" rowspan="4"><span class="ltx_text" id="S5.T2.4.15.15.1.1">Morphing</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S5.T2.4.15.15.2">Guessing entropy</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.15.15.3">1</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.15.15.4">1</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.15.15.5">1</td> </tr> <tr class="ltx_tr" id="S5.T2.4.16.16"> <td class="ltx_td ltx_align_left" id="S5.T2.4.16.16.1">Guessing distance</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.16.16.2">–</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.16.16.3">0.38</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.16.16.4">0.81</td> </tr> <tr class="ltx_tr" id="S5.T2.4.17.17"> <td class="ltx_td ltx_align_left" id="S5.T2.4.17.17.1">Success rate</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.17.17.2"><span class="ltx_text ltx_font_bold" id="S5.T2.4.17.17.2.1" style="color:#00FF00;">100%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.17.17.3"><span class="ltx_text ltx_font_bold" id="S5.T2.4.17.17.3.1" style="color:#00FF00;">100%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.17.17.4"><span class="ltx_text ltx_font_bold" id="S5.T2.4.17.17.4.1" style="color:#00FF00;">100%</span></td> </tr> <tr class="ltx_tr" id="S5.T2.4.18.18"> <td class="ltx_td ltx_align_left" id="S5.T2.4.18.18.1">Number of traces</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.18.18.2">3072</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.18.18.3">580</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.18.18.4">8</td> </tr> <tr class="ltx_tr" id="S5.T2.4.19.19"> <td class="ltx_td ltx_align_left ltx_border_bb ltx_border_t" id="S5.T2.4.19.19.1" rowspan="4"><span class="ltx_text" id="S5.T2.4.19.19.1.1">Chaff</span></td> <td class="ltx_td ltx_align_left ltx_border_t" id="S5.T2.4.19.19.2">Guessing entropy</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.19.19.3">105.25</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.19.19.4">135</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T2.4.19.19.5">122</td> </tr> <tr class="ltx_tr" id="S5.T2.4.20.20"> <td class="ltx_td ltx_align_left" id="S5.T2.4.20.20.1">Guessing distance</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.20.20.2">–</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.20.20.3">-0.52</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.20.20.4">-0.48</td> </tr> <tr class="ltx_tr" id="S5.T2.4.21.21"> <td class="ltx_td ltx_align_left" id="S5.T2.4.21.21.1">Success rate</td> <td class="ltx_td ltx_align_right" id="S5.T2.4.21.21.2"><span class="ltx_text ltx_font_bold" id="S5.T2.4.21.21.2.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.21.21.3"><span class="ltx_text ltx_font_bold" id="S5.T2.4.21.21.3.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T2.4.21.21.4"><span class="ltx_text ltx_font_bold" id="S5.T2.4.21.21.4.1" style="color:#FF0000;">0%</span></td> </tr> <tr class="ltx_tr" id="S5.T2.4.22.22"> <td class="ltx_td ltx_align_left ltx_border_bb" id="S5.T2.4.22.22.1">Number of traces</td> <td class="ltx_td ltx_align_right ltx_border_bb" id="S5.T2.4.22.22.2">–</td> <td class="ltx_td ltx_align_right ltx_border_bb" id="S5.T2.4.22.22.3">–</td> <td class="ltx_td ltx_align_right ltx_border_bb" id="S5.T2.4.22.22.4">–</td> </tr> </tbody> </table> </figure> <div class="ltx_para" id="S5.SS3.SSS3.p2"> <p class="ltx_p" id="S5.SS3.SSS3.p2.1">The attacks’ effectiveness is evaluated according to <span class="ltx_inline-enumerate" id="S5.I2"> <span class="ltx_inline-item" id="S5.I2.i1"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S5.I2.i1.1.1.1">1)</span></span> <span class="ltx_text" id="S5.I2.i1.5">the <em class="ltx_emph ltx_font_italic" id="S5.I2.i1.5.1">guessing entropy</em>, defined as the average rank position of the correct key among all possible key guesses, </span></span> <span class="ltx_inline-item" id="S5.I2.i2"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S5.I2.i2.1.1.1">2)</span></span> <span class="ltx_text" id="S5.I2.i2.5">the <em class="ltx_emph ltx_font_italic" id="S5.I2.i2.5.1">guessing distance</em>, which represents the normalized probability distance between the correct key and the first-ranked non-correct one, </span></span> <span class="ltx_inline-item" id="S5.I2.i3"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S5.I2.i3.1.1.1">3)</span></span> <span class="ltx_text" id="S5.I2.i3.5">the <em class="ltx_emph ltx_font_italic" id="S5.I2.i3.5.1">success rate</em>, i.e., the percentage of attacks that succeed in delivering the secret key, and </span></span> <span class="ltx_inline-item" id="S5.I2.i4"><span class="ltx_tag ltx_tag_inline-item"><span class="ltx_text ltx_font_italic" id="S5.I2.i4.1.1.1">4)</span></span> <span class="ltx_text" id="S5.I2.i4.5">the minimum <em class="ltx_emph ltx_font_italic" id="S5.I2.i4.5.1">number of traces</em> required to obtain a prediction that is always correct. </span></span> </span> Table <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.T2" title="TABLE II ‣ V-C3 SCA security assessment ‣ V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">II</span></a> lists the values of such four quality metrics obtained for the various countermeasure-attack combinations considered in the experimental campaign. In particular, the attacks that always succeed, i.e., with guessing entropy equal to 1 and 100% success rate, respectively, list the corresponding number of traces employed to achieve such a perfect attack outcome. The execution of the plain AES application is successfully attacked by all three considered techniques, while the masked version is broken only by the CNN attack. The clock frequency randomization and chaff countermeasures prove instead to be effective against the three SCA attacks, whereas applying morphing does not protect the computing platform from any of them.</p> </div> <div class="ltx_para" id="S5.SS3.SSS3.p3"> <p class="ltx_p" id="S5.SS3.SSS3.p3.1">More in detail, clock frequency randomization and chaff are the most effective countermeasures against the proposed SCA attacks, as they achieve a high guessing entropy and a success rate close to 0% in every scenario. The morphing countermeasure is instead shown to be more vulnerable, as every technique can break it. The CNN attack can isolate the correct key with a guessing distance of 0.81, using only eight traces, while CPA and template attacks are less effective though successful. Guessing distance values are notably undefined for the CPA attack, since the latter is not a probabilistic attack. Guessing distance measures indeed a probability distance and, thus, it is suitable only for attacks such as template and CNN ones that compute the probability of a key guess being correct.</p> </div> <figure class="ltx_figure ltx_minipage ltx_align_bottom" id="S5.F6" style="width:424.9pt;"> <div class="ltx_flex_figure"> <div class="ltx_flex_cell ltx_flex_size_1"> <figure class="ltx_figure ltx_figure_panel" id="S5.F6.sf1"><img alt="Refer to caption" class="ltx_graphics ltx_centering ltx_img_landscape" height="338" id="S5.F6.sf1.g1" src="x7.png" width="830"/> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S5.F6.sf1.2.1.1" style="font-size:90%;">(a)</span> </span><span class="ltx_text" id="S5.F6.sf1.3.2" style="font-size:90%;">Pearson correlation coefficient (PCC) of CPA attack</span></figcaption> </figure> </div> <div class="ltx_flex_break"></div> <div class="ltx_flex_cell ltx_flex_size_1"> <figure class="ltx_figure ltx_figure_panel ltx_align_center" id="S5.F6.sf2"><img alt="Refer to caption" class="ltx_graphics ltx_centering ltx_img_landscape" height="341" id="S5.F6.sf2.g1" src="x8.png" width="830"/> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S5.F6.sf2.2.1.1" style="font-size:90%;">(b)</span> </span><span class="ltx_text" id="S5.F6.sf2.3.2" style="font-size:90%;">Guessing entropy of template and CNN attacks</span></figcaption> </figure> </div> </div> <figcaption class="ltx_caption"><span class="ltx_tag ltx_tag_figure"><span class="ltx_text" id="S5.F6.2.1.1" style="font-size:90%;">Figure 6</span>: </span><span class="ltx_text" id="S5.F6.3.2" style="font-size:90%;">SCA attacks against unprotected AES.</span></figcaption> </figure> <div class="ltx_para" id="S5.SS3.SSS3.p4"> <p class="ltx_p" id="S5.SS3.SSS3.p4.1">Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.F6" title="Figure 6 ‣ V-C3 SCA security assessment ‣ V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">6</span></a> depicts how the SCA attacks against the execution of plain AES evolve as the number of traces increases when applying no SCA countermeasure. The CPA attack, as shown in Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.F6.sf1" title="In Figure 6 ‣ V-C3 SCA security assessment ‣ V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">6(a)</span></a>, requires 180 traces to correctly identify the correct key. More traces are needed to reduce the correlation coefficient of the wrong key guesses, drawn in red, whereas the Pearson correlation coefficient (PCC) of the correct key, drawn in green, remains steadily around 0.43. Figure <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.F6.sf2" title="In Figure 6 ‣ V-C3 SCA security assessment ‣ V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">6(b)</span></a> demonstrates instead how the guessing entropy improves in the template and CNN attacks as more traces get analyzed and how it stabilizes to 1 after 3 and 10 traces have been processed, respectively.</p> </div> <figure class="ltx_table" id="S5.T3"> <figcaption class="ltx_caption ltx_centering"><span class="ltx_tag ltx_tag_table"><span class="ltx_text" id="S5.T3.2.1.1" style="font-size:90%;">TABLE III</span>: </span><span class="ltx_text" id="S5.T3.3.2" style="font-size:90%;">Quality metrics obtained by template attacks to Camellia, Clefia, and Seed execution when implementing different countermeasures. Undefined values are denoted by –.</span></figcaption> <table class="ltx_tabular ltx_centering ltx_guessed_headers ltx_align_middle" id="S5.T3.4"> <tbody class="ltx_tbody"> <tr class="ltx_tr" id="S5.T3.4.1.1"> <th class="ltx_td ltx_th ltx_th_row ltx_border_tt" id="S5.T3.4.1.1.1"></th> <th class="ltx_td ltx_th ltx_th_row ltx_border_tt" id="S5.T3.4.1.1.2"></th> <td class="ltx_td ltx_align_center ltx_border_tt" colspan="3" id="S5.T3.4.1.1.3"><span class="ltx_text ltx_font_bold" id="S5.T3.4.1.1.3.1">Cryptosystem</span></td> </tr> <tr class="ltx_tr" id="S5.T3.4.2.2"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.2.2.1"><span class="ltx_text ltx_font_bold" id="S5.T3.4.2.2.1.1">Countermeasure</span></th> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.2.2.2"><span class="ltx_text ltx_font_bold" id="S5.T3.4.2.2.2.1">Quality metric</span></th> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.2.2.3"><span class="ltx_text ltx_font_bold" id="S5.T3.4.2.2.3.1">Camellia</span></td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.2.2.4"><span class="ltx_text ltx_font_bold" id="S5.T3.4.2.2.4.1">Clefia</span></td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.2.2.5"><span class="ltx_text ltx_font_bold" id="S5.T3.4.2.2.5.1">Seed</span></td> </tr> <tr class="ltx_tr" id="S5.T3.4.3.3"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_t" id="S5.T3.4.3.3.1" rowspan="4"><span class="ltx_text" id="S5.T3.4.3.3.1.1">None</span></th> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_t" id="S5.T3.4.3.3.2">Guessing entropy</th> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.3.3.3">1</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.3.3.4">1</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.3.3.5">1</td> </tr> <tr class="ltx_tr" id="S5.T3.4.4.4"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.4.4.1">Guessing distance</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.4.4.2">0.28</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.4.4.3">0.61</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.4.4.4">0.23</td> </tr> <tr class="ltx_tr" id="S5.T3.4.5.5"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.5.5.1">Success rate</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.5.5.2"><span class="ltx_text ltx_font_bold" id="S5.T3.4.5.5.2.1" style="color:#00FF00;">100%</span></td> <td class="ltx_td ltx_align_right" id="S5.T3.4.5.5.3"><span class="ltx_text ltx_font_bold" id="S5.T3.4.5.5.3.1" style="color:#00FF00;">100%</span></td> <td class="ltx_td ltx_align_right" id="S5.T3.4.5.5.4"><span class="ltx_text ltx_font_bold" id="S5.T3.4.5.5.4.1" style="color:#00FF00;">100%</span></td> </tr> <tr class="ltx_tr" id="S5.T3.4.6.6"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.6.6.1">Number of traces</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.6.6.2">1202</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.6.6.3">52</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.6.6.4">1021</td> </tr> <tr class="ltx_tr" id="S5.T3.4.7.7"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_t" id="S5.T3.4.7.7.1"><span class="ltx_text" id="S5.T3.4.7.7.1.1">Clock frequency</span></th> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_t" id="S5.T3.4.7.7.2">Guessing entropy</th> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.7.7.3">133.09</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.7.7.4">105.53</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.7.7.5">132.63</td> </tr> <tr class="ltx_tr" id="S5.T3.4.8.8"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.8.8.1" rowspan="3"><span class="ltx_text" id="S5.T3.4.8.8.1.1">randomization</span></th> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.8.8.2">Guessing distance</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.8.8.3">-0.49</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.8.8.4">-0.45</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.8.8.5">-0.50</td> </tr> <tr class="ltx_tr" id="S5.T3.4.9.9"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.9.9.1">Success rate</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.9.9.2"><span class="ltx_text ltx_font_bold" id="S5.T3.4.9.9.2.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T3.4.9.9.3"><span class="ltx_text ltx_font_bold" id="S5.T3.4.9.9.3.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T3.4.9.9.4"><span class="ltx_text ltx_font_bold" id="S5.T3.4.9.9.4.1" style="color:#FF0000;">0%</span></td> </tr> <tr class="ltx_tr" id="S5.T3.4.10.10"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.10.10.1">Number of traces</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.10.10.2">–</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.10.10.3">–</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.10.10.4">–</td> </tr> <tr class="ltx_tr" id="S5.T3.4.11.11"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_t" id="S5.T3.4.11.11.1" rowspan="4"><span class="ltx_text" id="S5.T3.4.11.11.1.1">Morphing</span></th> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_t" id="S5.T3.4.11.11.2">Guessing entropy</th> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.11.11.3">9</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.11.11.4">1</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.11.11.5">55.75</td> </tr> <tr class="ltx_tr" id="S5.T3.4.12.12"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.12.12.1">Guessing distance</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.12.12.2">-0.06</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.12.12.3">0.31</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.12.12.4">-0.31</td> </tr> <tr class="ltx_tr" id="S5.T3.4.13.13"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.13.13.1">Success rate</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.13.13.2"><span class="ltx_text ltx_font_bold" id="S5.T3.4.13.13.2.1" style="color:#FF6321;">40%</span></td> <td class="ltx_td ltx_align_right" id="S5.T3.4.13.13.3"><span class="ltx_text ltx_font_bold" id="S5.T3.4.13.13.3.1" style="color:#00FF00;">100%</span></td> <td class="ltx_td ltx_align_right" id="S5.T3.4.13.13.4"><span class="ltx_text ltx_font_bold" id="S5.T3.4.13.13.4.1" style="color:#FF0000;">3%</span></td> </tr> <tr class="ltx_tr" id="S5.T3.4.14.14"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.14.14.1">Number of traces</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.14.14.2">–</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.14.14.3">1379</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.14.14.4">–</td> </tr> <tr class="ltx_tr" id="S5.T3.4.15.15"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_bb ltx_border_t" id="S5.T3.4.15.15.1" rowspan="4"><span class="ltx_text" id="S5.T3.4.15.15.1.1">Chaff</span></th> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_t" id="S5.T3.4.15.15.2">Guessing entropy</th> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.15.15.3">148.06</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.15.15.4">119.72</td> <td class="ltx_td ltx_align_right ltx_border_t" id="S5.T3.4.15.15.5">133.84</td> </tr> <tr class="ltx_tr" id="S5.T3.4.16.16"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.16.16.1">Guessing distance</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.16.16.2">-0.56</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.16.16.3">-0.48</td> <td class="ltx_td ltx_align_right" id="S5.T3.4.16.16.4">-0.56</td> </tr> <tr class="ltx_tr" id="S5.T3.4.17.17"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row" id="S5.T3.4.17.17.1">Success rate</th> <td class="ltx_td ltx_align_right" id="S5.T3.4.17.17.2"><span class="ltx_text ltx_font_bold" id="S5.T3.4.17.17.2.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T3.4.17.17.3"><span class="ltx_text ltx_font_bold" id="S5.T3.4.17.17.3.1" style="color:#FF0000;">0%</span></td> <td class="ltx_td ltx_align_right" id="S5.T3.4.17.17.4"><span class="ltx_text ltx_font_bold" id="S5.T3.4.17.17.4.1" style="color:#FF0000;">0%</span></td> </tr> <tr class="ltx_tr" id="S5.T3.4.18.18"> <th class="ltx_td ltx_align_left ltx_th ltx_th_row ltx_border_bb" id="S5.T3.4.18.18.1">Number of traces</th> <td class="ltx_td ltx_align_right ltx_border_bb" id="S5.T3.4.18.18.2">–</td> <td class="ltx_td ltx_align_right ltx_border_bb" id="S5.T3.4.18.18.3">–</td> <td class="ltx_td ltx_align_right ltx_border_bb" id="S5.T3.4.18.18.4">–</td> </tr> </tbody> </table> </figure> <div class="ltx_para" id="S5.SS3.SSS3.p5"> <p class="ltx_p" id="S5.SS3.SSS3.p5.1">To further demonstrate the flexibility of the proposed hardware-software framework, Table <a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#S5.T3" title="TABLE III ‣ V-C3 SCA security assessment ‣ V-C Experimental analysis ‣ V Experimental Evaluation ‣ An FPGA-Based Open-Source Hardware-Software Framework for Side-Channel Security Research"><span class="ltx_text ltx_ref_tag">III</span></a> reports the results of the template attack when the computing platform executes three additional cryptographic applications from the OpenSSL <cite class="ltx_cite ltx_citemacro_cite">[<a class="ltx_ref" href="https://arxiv.org/html/2407.17432v2#bib.bib45" title="">45</a>]</cite> suite, namely, the Camellia, Clefia, and Seed block ciphers. For each evaluated cryptosystem, results are reported considering no countermeasures, the use of clock frequency randomization, the use of morphing and the use of chaffing. The reported quality metrics to assess the side-channel vulnerability refer to the SubBytes operation in the first round of each cryptosystem.</p> </div> <div class="ltx_para" id="S5.SS3.SSS3.p6"> <p class="ltx_p" id="S5.SS3.SSS3.p6.1">The results show that applying morphing to protect Clefia is ineffective against template attacks, whereas it is moderately and highly effective in the Camellia and Seed use cases, respectively. Conversely, the clock frequency randomization and chaff countermeasures are shown to successfully thwart the template attack when applied during the execution of all three cryptographic applications.</p> </div> </section> </section> </section> <section class="ltx_section" id="S6"> <h2 class="ltx_title ltx_title_section"> <span class="ltx_tag ltx_tag_section">VI </span><span class="ltx_text ltx_font_smallcaps" id="S6.1.1">Conclusions</span> </h2> <div class="ltx_para" id="S6.p1"> <p class="ltx_p" id="S6.p1.1">This manuscript introduced a novel open-source framework for research on SCA targeting FPGA-based IoT-class computing platforms. The framework includes a RISC-V-based IoT-class SoC that features an ad-hoc debug infrastructure to maximize the observability and controllability of the computing platform and thus simplify the execution of SCA attacks, as well as a DFS actuator, a TRNG, and a timer that provide support for a set of state-of-the-art SCA countermeasures available out of the box. A complete automated flow encompasses the configuration of the SoC, the execution of target applications and corresponding collection of side-channel information, and the analysis to identify eventual SCA vulnerabilities and pinpoint the sources of side-channel information leakage.</p> </div> <div class="ltx_para" id="S6.p2"> <p class="ltx_p" id="S6.p2.1">The user is encouraged and empowered to expand the capabilities of the hardware-software infrastructure and support novel SCA attacks and countermeasures by the open-source nature of the framework, its adoption of standard languages for both its hardware and software components, and the usage of widely available devices and tools.</p> </div> <div class="ltx_para" id="S6.p3"> <p class="ltx_p" id="S6.p3.1">Future developments foresee the addition of a dual-core CPU architecture and of accelerators specifically dedicated to cryptography purposes. Such optional features, limited in terms of additional resources to still deliver a lightweight IoT-class computing platform, will not compromise the observability and controllability of the system for SCA, which are essential for detecting side-channel leakage and its sources. In addition, we plan to extend our framework to support research on fault attacks and countermeasures against the latter.</p> </div> </section> <section class="ltx_bibliography" id="bib"> <h2 class="ltx_title ltx_title_bibliography">References</h2> <ul class="ltx_biblist"> <li class="ltx_bibitem" id="bib.bib1"> <span class="ltx_tag ltx_tag_bibitem">[1]</span> <span class="ltx_bibblock"> V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, “A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures,” <em class="ltx_emph ltx_font_italic" id="bib.bib1.1.1">IEEE Access</em>, vol. 7, pp. 82 721–82 743, 2019. </span> </li> <li class="ltx_bibitem" id="bib.bib2"> <span class="ltx_tag ltx_tag_bibitem">[2]</span> <span class="ltx_bibblock"> X. Lou, T. Zhang, J. Jiang, and Y. Zhang, “A Survey of Microarchitectural Side-Channel Vulnerabilities, Attacks, and Defenses in Cryptography,” <em class="ltx_emph ltx_font_italic" id="bib.bib2.1.1">ACM Comput. Surv.</em>, vol. 54, no. 6, jul 2021. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://doi.org/10.1145/3456629" title="">https://doi.org/10.1145/3456629</a> </span> </li> <li class="ltx_bibitem" id="bib.bib3"> <span class="ltx_tag ltx_tag_bibitem">[3]</span> <span class="ltx_bibblock"> A. Barenghi, L. Breveglieri, N. Izzo, and G. Pelosi, “Exploring Cortex-M Microarchitectural Side Channel Information Leakage,” <em class="ltx_emph ltx_font_italic" id="bib.bib3.1.1">IEEE Access</em>, vol. 9, pp. 156 507–156 527, 2021. </span> </li> <li class="ltx_bibitem" id="bib.bib4"> <span class="ltx_tag ltx_tag_bibitem">[4]</span> <span class="ltx_bibblock"> A. Meza, F. Restuccia, J. Oberg, D. Rizzo, and R. Kastner, “Security Verification of the OpenTitan Hardware Root of Trust,” <em class="ltx_emph ltx_font_italic" id="bib.bib4.1.1">IEEE Security &amp; Privacy</em>, vol. 21, no. 3, pp. 27–36, 2023. </span> </li> <li class="ltx_bibitem" id="bib.bib5"> <span class="ltx_tag ltx_tag_bibitem">[5]</span> <span class="ltx_bibblock"> T. De Cnudde, M. Ender, and A. Moradi, “Hardware Masking, Revisited,” <em class="ltx_emph ltx_font_italic" id="bib.bib5.1.1">IACR Transactions on Cryptographic Hardware and Embedded Systems</em>, vol. 2018, no. 2, p. 123–148, May 2018. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://tches.iacr.org/index.php/TCHES/article/view/877" title="">https://tches.iacr.org/index.php/TCHES/article/view/877</a> </span> </li> <li class="ltx_bibitem" id="bib.bib6"> <span class="ltx_tag ltx_tag_bibitem">[6]</span> <span class="ltx_bibblock"> P. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” in <em class="ltx_emph ltx_font_italic" id="bib.bib6.1.1">Advances in Cryptology — CRYPTO’ 99</em>, M. Wiener, Ed.   Berlin, Heidelberg: Springer Berlin Heidelberg, 1999, pp. 388–397. </span> </li> <li class="ltx_bibitem" id="bib.bib7"> <span class="ltx_tag ltx_tag_bibitem">[7]</span> <span class="ltx_bibblock"> E. Brier, C. Clavier, and F. Olivier, “Correlation Power Analysis with a Leakage Model,” in <em class="ltx_emph ltx_font_italic" id="bib.bib7.1.1">Cryptographic Hardware and Embedded Systems - CHES 2004</em>, M. Joye and J.-J. Quisquater, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2004, pp. 16–29. </span> </li> <li class="ltx_bibitem" id="bib.bib8"> <span class="ltx_tag ltx_tag_bibitem">[8]</span> <span class="ltx_bibblock"> F.-X. Standaert, F. Koeune, and W. Schindler, “How to Compare Profiled Side-Channel Attacks?” in <em class="ltx_emph ltx_font_italic" id="bib.bib8.1.1">Applied Cryptography and Network Security</em>, M. Abdalla, D. Pointcheval, P.-A. Fouque, and D. Vergnaud, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, pp. 485–498. </span> </li> <li class="ltx_bibitem" id="bib.bib9"> <span class="ltx_tag ltx_tag_bibitem">[9]</span> <span class="ltx_bibblock"> S. Chari, J. R. Rao, and P. Rohatgi, “Template Attacks,” in <em class="ltx_emph ltx_font_italic" id="bib.bib9.1.1">Cryptographic Hardware and Embedded Systems - CHES 2002</em>, B. S. Kaliski, ç. K. Koç, and C. Paar, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2003, pp. 13–28. </span> </li> <li class="ltx_bibitem" id="bib.bib10"> <span class="ltx_tag ltx_tag_bibitem">[10]</span> <span class="ltx_bibblock"> G. Chiari, D. Galli, F. Lattari, M. Matteucci, and D. Zoni, “A Deep- Learning Technique to Locate Cryptographic Operations in Side-Channel Traces,” in <em class="ltx_emph ltx_font_italic" id="bib.bib10.1.1">2024 Design, Automation &amp; Test in Europe Conference &amp; Exhibition (DATE)</em>, 2024, pp. 1–6. </span> </li> <li class="ltx_bibitem" id="bib.bib11"> <span class="ltx_tag ltx_tag_bibitem">[11]</span> <span class="ltx_bibblock"> D. Galli, G. Chiari, and D. Zoni, “Hound: Locating Cryptographic Primitives in Desynchronized Side-Channel Traces using Deep-Learning,” in <em class="ltx_emph ltx_font_italic" id="bib.bib11.1.1">2024 IEEE 42nd International Conference on Computer Design (ICCD)</em>, 2024, pp. 114–121. </span> </li> <li class="ltx_bibitem" id="bib.bib12"> <span class="ltx_tag ltx_tag_bibitem">[12]</span> <span class="ltx_bibblock"> B. Timon, “Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis,” <em class="ltx_emph ltx_font_italic" id="bib.bib12.1.1">IACR Transactions on Cryptographic Hardware and Embedded Systems</em>, vol. 2019, no. 2, p. 107–131, Feb. 2019. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://tches.iacr.org/index.php/TCHES/article/view/7387" title="">https://tches.iacr.org/index.php/TCHES/article/view/7387</a> </span> </li> <li class="ltx_bibitem" id="bib.bib13"> <span class="ltx_tag ltx_tag_bibitem">[13]</span> <span class="ltx_bibblock"> J. Kim, S. Picek, A. Heuser, S. Bhasin, and A. Hanjalic, “Make some noise. Unleashing the power of convolutional neural networks for profiled side-channel analysis,” <em class="ltx_emph ltx_font_italic" id="bib.bib13.1.1">IACR Transactions on Cryptographic Hardware and Embedded Systems</em>, pp. 148–179, 2019. </span> </li> <li class="ltx_bibitem" id="bib.bib14"> <span class="ltx_tag ltx_tag_bibitem">[14]</span> <span class="ltx_bibblock"> D. Galli, F. Lattari, M. Matteucci, and D. Zoni, “A Deep Learning-Assisted Template Attack Against Dynamic Frequency Scaling Countermeasures,” <em class="ltx_emph ltx_font_italic" id="bib.bib14.1.1">IEEE Transactions on Computers</em>, vol. 74, no. 1, pp. 293–306, 2025. </span> </li> <li class="ltx_bibitem" id="bib.bib15"> <span class="ltx_tag ltx_tag_bibitem">[15]</span> <span class="ltx_bibblock"> H. Gross, S. Mangard, and T. Korak, “Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order,” in <em class="ltx_emph ltx_font_italic" id="bib.bib15.1.1">Proceedings of the 2016 ACM Workshop on Theory of Implementation Security</em>, ser. TIS ’16.   New York, NY, USA: Association for Computing Machinery, 2016, p. 3. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://doi.org/10.1145/2996366.2996426" title="">https://doi.org/10.1145/2996366.2996426</a> </span> </li> <li class="ltx_bibitem" id="bib.bib16"> <span class="ltx_tag ltx_tag_bibitem">[16]</span> <span class="ltx_bibblock"> G. Agosta, A. Barenghi, and G. Pelosi, “A code morphing methodology to automate power analysis countermeasures,” in <em class="ltx_emph ltx_font_italic" id="bib.bib16.1.1">Proceedings of the 49th Annual Design Automation Conference</em>, ser. DAC ’12.   New York, NY, USA: Association for Computing Machinery, 2012, p. 77–82. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://doi.org/10.1145/2228360.2228376" title="">https://doi.org/10.1145/2228360.2228376</a> </span> </li> <li class="ltx_bibitem" id="bib.bib17"> <span class="ltx_tag ltx_tag_bibitem">[17]</span> <span class="ltx_bibblock"> D. Galli, A. Guarisco, W. Fornaciari, M. Matteucci, and D. Zoni, “The Impact of Run-Time Variability on Side-Channel Attacks Targeting FPGAs,” in <em class="ltx_emph ltx_font_italic" id="bib.bib17.1.1">2024 31st IEEE International Conference on Electronics, Circuits and Systems (ICECS)</em>, 2024, pp. 1–4. </span> </li> <li class="ltx_bibitem" id="bib.bib18"> <span class="ltx_tag ltx_tag_bibitem">[18]</span> <span class="ltx_bibblock"> A. Barenghi, W. Fornaciari, G. Pelosi, and D. Zoni, “Scramble Suit: A Profile Differentiation Countermeasure to Prevent Template Attacks,” <em class="ltx_emph ltx_font_italic" id="bib.bib18.1.1">IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems</em>, vol. 39, no. 9, pp. 1778–1791, 2020. </span> </li> <li class="ltx_bibitem" id="bib.bib19"> <span class="ltx_tag ltx_tag_bibitem">[19]</span> <span class="ltx_bibblock"> A. Waterman, Y. Lee, D. A. Patterson, and K. Asanović, “The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Version 2.1,” EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2016-118, May 2016. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-118.html" title="">http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-118.html</a> </span> </li> <li class="ltx_bibitem" id="bib.bib20"> <span class="ltx_tag ltx_tag_bibitem">[20]</span> <span class="ltx_bibblock"> A. Traber, F. Zaruba, S. Stucki, A. Pullini, G. Haugou, E. Flamand, F. K. Gurkaynak, and L. Benini, “PULPino: A small single-core RISC-V SoC,” in <em class="ltx_emph ltx_font_italic" id="bib.bib20.1.1">3rd RISCV Workshop</em>, 2016. </span> </li> <li class="ltx_bibitem" id="bib.bib21"> <span class="ltx_tag ltx_tag_bibitem">[21]</span> <span class="ltx_bibblock"> E. Flamand, D. Rossi, F. Conti, I. Loi, A. Pullini, F. Rotenberg, and L. Benini, “GAP-8: A RISC-V SoC for AI at the Edge of the IoT,” in <em class="ltx_emph ltx_font_italic" id="bib.bib21.1.1">2018 IEEE 29th International Conference on Application-specific Systems, Architectures and Processors (ASAP)</em>, 2018, pp. 1–4. </span> </li> <li class="ltx_bibitem" id="bib.bib22"> <span class="ltx_tag ltx_tag_bibitem">[22]</span> <span class="ltx_bibblock"> A. Pullini, D. Rossi, I. Loi, G. Tagliavini, and L. Benini, “Mr.Wolf: An Energy-Precision Scalable Parallel Ultra Low Power SoC for IoT Edge Processing,” <em class="ltx_emph ltx_font_italic" id="bib.bib22.1.1">IEEE Journal of Solid-State Circuits</em>, vol. 54, no. 7, pp. 1970–1981, 2019. </span> </li> <li class="ltx_bibitem" id="bib.bib23"> <span class="ltx_tag ltx_tag_bibitem">[23]</span> <span class="ltx_bibblock"> A. Kurth, B. Forsberg, and L. Benini, “HEROv2: Full-Stack Open-Source Research Platform for Heterogeneous Computing,” <em class="ltx_emph ltx_font_italic" id="bib.bib23.1.1">IEEE Transactions on Parallel and Distributed Systems</em>, vol. 33, no. 12, pp. 4368–4382, 2022. </span> </li> <li class="ltx_bibitem" id="bib.bib24"> <span class="ltx_tag ltx_tag_bibitem">[24]</span> <span class="ltx_bibblock"> Microchip Technology Inc., <em class="ltx_emph ltx_font_italic" id="bib.bib24.1.1">DS00004248C - PolarFire SoC Datasheet</em>, 2024. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://ww1.microchip.com/downloads/aemDocuments/documents/FPGA/ProductDocuments/DataSheets/PolarFire-SoC-Datasheet-DS00004248.pdf" title="">https://ww1.microchip.com/downloads/aemDocuments/documents/FPGA/ProductDocuments/DataSheets/PolarFire-SoC-Datasheet-DS00004248.pdf</a> </span> </li> <li class="ltx_bibitem" id="bib.bib25"> <span class="ltx_tag ltx_tag_bibitem">[25]</span> <span class="ltx_bibblock"> P. Mantovani, D. Giri, G. Di Guglielmo, L. Piccolboni, J. Zuckerman, E. G. Cota, M. Petracca, C. Pilato, and L. P. Carloni, “Agile SoC Development with Open ESP,” in <em class="ltx_emph ltx_font_italic" id="bib.bib25.1.1">Proceedings of the 39th International Conference on Computer-Aided Design</em>, ser. ICCAD ’20.   New York, NY, USA: Association for Computing Machinery, 2020. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://doi.org/10.1145/3400302.3415753" title="">https://doi.org/10.1145/3400302.3415753</a> </span> </li> <li class="ltx_bibitem" id="bib.bib26"> <span class="ltx_tag ltx_tag_bibitem">[26]</span> <span class="ltx_bibblock"> A. Amid, D. Biancolin, A. Gonzalez, D. Grubb, S. Karandikar, H. Liew, A. Magyar, H. Mao, A. Ou, N. Pemberton, P. Rigge, C. Schmidt, J. Wright, J. Zhao, Y. S. Shao, K. Asanović, and B. Nikolić, “Chipyard: Integrated Design, Simulation, and Implementation Framework for Custom SoCs,” <em class="ltx_emph ltx_font_italic" id="bib.bib26.1.1">IEEE Micro</em>, vol. 40, no. 4, p. 10–21, jul 2020. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://doi.org/10.1109/MM.2020.2996616" title="">https://doi.org/10.1109/MM.2020.2996616</a> </span> </li> <li class="ltx_bibitem" id="bib.bib27"> <span class="ltx_tag ltx_tag_bibitem">[27]</span> <span class="ltx_bibblock"> G. Montanaro, A. Galimberti, and D. Zoni, “A Prototype-Based Framework to Design Scalable Heterogeneous SoCs with Fine-Grained DFS,” in <em class="ltx_emph ltx_font_italic" id="bib.bib27.1.1">2024 IEEE 42nd International Conference on Computer Design (ICCD)</em>, 2024, pp. 681–684. </span> </li> <li class="ltx_bibitem" id="bib.bib28"> <span class="ltx_tag ltx_tag_bibitem">[28]</span> <span class="ltx_bibblock"> M. Gautschi, P. D. Schiavone, A. Traber, I. Loi, A. Pullini, D. Rossi, E. Flamand, F. K. Gürkaynak, and L. Benini, “Near-Threshold RISC-V Core With DSP Extensions for Scalable IoT Endpoint Devices,” <em class="ltx_emph ltx_font_italic" id="bib.bib28.1.1">IEEE Transactions on Very Large Scale Integration (VLSI) Systems</em>, vol. 25, no. 10, pp. 2700–2713, 2017. </span> </li> <li class="ltx_bibitem" id="bib.bib29"> <span class="ltx_tag ltx_tag_bibitem">[29]</span> <span class="ltx_bibblock"> F. Zaruba and L. Benini, “The Cost of Application-Class Processing: Energy and Performance Analysis of a Linux-Ready 1.7-GHz 64-Bit RISC-V Core in 22-nm FDSOI Technology,” <em class="ltx_emph ltx_font_italic" id="bib.bib29.1.1">IEEE Transactions on Very Large Scale Integration (VLSI) Systems</em>, vol. 27, no. 11, pp. 2629–2640, 2019. </span> </li> <li class="ltx_bibitem" id="bib.bib30"> <span class="ltx_tag ltx_tag_bibitem">[30]</span> <span class="ltx_bibblock"> Y. Lee, A. Waterman, H. Cook, B. Zimmer, B. Keller, A. Puggelli, J. Kwak, R. Jevtic, S. Bailey, M. Blagojevic, P.-F. Chiu, R. Avizienis, B. Richards, J. Bachrach, D. Patterson, E. Alon, B. Nikolic, and K. Asanovic, “An Agile Approach to Building RISC-V Microprocessors,” <em class="ltx_emph ltx_font_italic" id="bib.bib30.1.1">IEEE Micro</em>, vol. 36, no. 2, pp. 8–20, 2016. </span> </li> <li class="ltx_bibitem" id="bib.bib31"> <span class="ltx_tag ltx_tag_bibitem">[31]</span> <span class="ltx_bibblock"> N.-J. Wessman, F. Malatesta, J. Andersson, P. Gomez, M. Masmano, V. Nicolau, J. L. Rhun, G. Cabo, F. Bas, R. Lorenzo, O. Sala, D. Trilla, and J. Abella, “De-RISC: the First RISC-V Space-Grade Platform for Safety-Critical Systems,” in <em class="ltx_emph ltx_font_italic" id="bib.bib31.1.1">2021 IEEE Space Computing Conference (SCC)</em>, 2021, pp. 17–26. </span> </li> <li class="ltx_bibitem" id="bib.bib32"> <span class="ltx_tag ltx_tag_bibitem">[32]</span> <span class="ltx_bibblock"> N. Binkert, B. Beckmann, G. Black, S. K. Reinhardt, A. Saidi, A. Basu, J. Hestness, D. R. Hower, T. Krishna, S. Sardashti, R. Sen, K. Sewell, M. Shoaib, N. Vaish, M. D. Hill, and D. A. Wood, “The gem5 simulator,” <em class="ltx_emph ltx_font_italic" id="bib.bib32.1.1">SIGARCH Comput. Archit. News</em>, vol. 39, no. 2, p. 1–7, aug 2011. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://doi.org/10.1145/2024716.2024718" title="">https://doi.org/10.1145/2024716.2024718</a> </span> </li> <li class="ltx_bibitem" id="bib.bib33"> <span class="ltx_tag ltx_tag_bibitem">[33]</span> <span class="ltx_bibblock"> N. Bruschi, G. Haugou, G. Tagliavini, F. Conti, L. Benini, and D. Rossi, “GVSoC: A Highly Configurable, Fast and Accurate Full-Platform Simulator for RISC-V based IoT Processors,” in <em class="ltx_emph ltx_font_italic" id="bib.bib33.1.1">2021 IEEE 39th International Conference on Computer Design (ICCD)</em>, 2021, pp. 409–416. </span> </li> <li class="ltx_bibitem" id="bib.bib34"> <span class="ltx_tag ltx_tag_bibitem">[34]</span> <span class="ltx_bibblock"> LowRISC, “ot-sca - Side-Channel Analysis and Fault Injection Setup for OpenTitan,” <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://github.com/lowRISC/ot-sca" title="">https://github.com/lowRISC/ot-sca</a>, 2024, accessed: 2024-11-05. </span> </li> <li class="ltx_bibitem" id="bib.bib35"> <span class="ltx_tag ltx_tag_bibitem">[35]</span> <span class="ltx_bibblock"> NewAE Technology Inc., “CW308T-FE310,” 2020, accessed: 2024-11-05. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://rtfm.newae.com/Targets/UFO%20Targets/CW308T-FE310-G002" title="">https://rtfm.newae.com/Targets/UFO%20Targets/CW308T-FE310-G002</a> </span> </li> <li class="ltx_bibitem" id="bib.bib36"> <span class="ltx_tag ltx_tag_bibitem">[36]</span> <span class="ltx_bibblock"> G. Agosta, A. Barenghi, G. Pelosi, and M. Scandale, “The MEET Approach: Securing Cryptographic Embedded Software Against Side Channel Attacks,” <em class="ltx_emph ltx_font_italic" id="bib.bib36.1.1">IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems</em>, vol. 34, no. 8, pp. 1320–1333, 2015. </span> </li> <li class="ltx_bibitem" id="bib.bib37"> <span class="ltx_tag ltx_tag_bibitem">[37]</span> <span class="ltx_bibblock"> R. Benadjila, E. Prouff, R. Strullu, E. Cagli, and C. Dumas, “Deep learning for side-channel analysis and introduction to ASCAD database,” <em class="ltx_emph ltx_font_italic" id="bib.bib37.1.1">Journal of Cryptographic Engineering</em>, vol. 10, no. 2, pp. 163–188, 2020. </span> </li> <li class="ltx_bibitem" id="bib.bib38"> <span class="ltx_tag ltx_tag_bibitem">[38]</span> <span class="ltx_bibblock"> G. Scotti and D. Zoni, “A fresh view on the microarchitectural design of FPGA-based RISC CPUs in the IoT Era,” <em class="ltx_emph ltx_font_italic" id="bib.bib38.1.1">Journal of Low Power Electronics and Applications</em>, vol. 9, p. 19, 02 2019. </span> </li> <li class="ltx_bibitem" id="bib.bib39"> <span class="ltx_tag ltx_tag_bibitem">[39]</span> <span class="ltx_bibblock"> D. Zoni, A. Galimberti, and W. Fornaciari, “An FPU design template to optimize the accuracy-efficiency-area trade-off,” <em class="ltx_emph ltx_font_italic" id="bib.bib39.1.1">Sustainable Computing: Informatics and Systems</em>, vol. 29, p. 100450, 2021. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://www.sciencedirect.com/science/article/pii/S2210537920301761" title="">https://www.sciencedirect.com/science/article/pii/S2210537920301761</a> </span> </li> <li class="ltx_bibitem" id="bib.bib40"> <span class="ltx_tag ltx_tag_bibitem">[40]</span> <span class="ltx_bibblock"> D. Zoni and A. Galimberti, “Cost-effective fixed-point hardware support for RISC-V embedded systems,” <em class="ltx_emph ltx_font_italic" id="bib.bib40.1.1">Journal of Systems Architecture</em>, vol. 126, p. 102476, 2022. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://www.sciencedirect.com/science/article/pii/S1383762122000595" title="">https://www.sciencedirect.com/science/article/pii/S1383762122000595</a> </span> </li> <li class="ltx_bibitem" id="bib.bib41"> <span class="ltx_tag ltx_tag_bibitem">[41]</span> <span class="ltx_bibblock"> L. Denisov, A. Galimberti, D. Cattaneo, G. Agosta, and D. Zoni, “Design-time methodology for optimizing mixed-precision CPU architectures on FPGA,” <em class="ltx_emph ltx_font_italic" id="bib.bib41.1.1">Journal of Systems Architecture</em>, vol. 155, p. 103257, 2024. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://www.sciencedirect.com/science/article/pii/S1383762124001942" title="">https://www.sciencedirect.com/science/article/pii/S1383762124001942</a> </span> </li> <li class="ltx_bibitem" id="bib.bib42"> <span class="ltx_tag ltx_tag_bibitem">[42]</span> <span class="ltx_bibblock"> D. Galli, A. Galimberti, W. Fornaciari, and D. Zoni, “On the Effectiveness of True Random Number Generators Implemented on FPGAs,” in <em class="ltx_emph ltx_font_italic" id="bib.bib42.1.1">Embedded Computer Systems: Architectures, Modeling, and Simulation</em>, A. Orailoglu, M. Reichenbach, and M. Jung, Eds.   Cham: Springer International Publishing, 2022, pp. 315–326. </span> </li> <li class="ltx_bibitem" id="bib.bib43"> <span class="ltx_tag ltx_tag_bibitem">[43]</span> <span class="ltx_bibblock"> National Institute of Standards and Technology (NIST) - U.S. Department of Commerce, “NISTIR 8413, Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process,” <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413.pdf" title="">https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413.pdf</a>, 2022. </span> </li> <li class="ltx_bibitem" id="bib.bib44"> <span class="ltx_tag ltx_tag_bibitem">[44]</span> <span class="ltx_bibblock"> G. Agosta, A. Barenghi, G. Pelosi, and M. Scandale, “Information leakage chaff: feeding red herrings to side channel attackers,” in <em class="ltx_emph ltx_font_italic" id="bib.bib44.1.1">Proceedings of the 52nd Annual Design Automation Conference</em>, ser. DAC ’15.   New York, NY, USA: Association for Computing Machinery, 2015. [Online]. Available: <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://doi.org/10.1145/2744769.2744859" title="">https://doi.org/10.1145/2744769.2744859</a> </span> </li> <li class="ltx_bibitem" id="bib.bib45"> <span class="ltx_tag ltx_tag_bibitem">[45]</span> <span class="ltx_bibblock"> OpenSSL, “TLS/SSL and crypto library,” <a class="ltx_ref ltx_url ltx_font_typewriter" href="https://github.com/openssl/openssl" title="">https://github.com/openssl/openssl</a>, 2024, accessed: 2024-01-11. </span> </li> </ul> </section> <figure class="ltx_float biography" id="id1"> <table class="ltx_tabular" id="id1.1"> <tr class="ltx_tr" id="id1.1.1"> <td class="ltx_td" id="id1.1.1.1"><img alt="[Uncaptioned image]" class="ltx_graphics ltx_img_portrait" height="125" id="id1.1.1.1.g1" src="extracted/6284874/images/bios/dz.jpg" width="100"/></td> <td class="ltx_td" id="id1.1.1.2"> <span class="ltx_inline-block" id="id1.1.1.2.1"> <span class="ltx_p" id="id1.1.1.2.1.1"><span class="ltx_text ltx_font_bold" id="id1.1.1.2.1.1.1">Davide Zoni,</span> PhD, is associate professor at Politecnico di Milano, Italy. He published more than 50 papers in journals and conference proceedings. His research interests include RTL design and verification of single- and multi-cores at the edge with emphasis on low power, hardware security, and deep learning. He filed two patents on cyber-security, and he is co-founder at Blue Signals, a spin-off of Politecnico di Milano.</span> </span> </td> </tr> </table> </figure> <figure class="ltx_float biography" id="id2"> <table class="ltx_tabular" id="id2.1"> <tr class="ltx_tr" id="id2.1.1"> <td class="ltx_td" id="id2.1.1.1"><img alt="[Uncaptioned image]" class="ltx_graphics ltx_img_portrait" height="125" id="id2.1.1.1.g1" src="extracted/6284874/images/bios/ag.jpg" width="100"/></td> <td class="ltx_td" id="id2.1.1.2"> <span class="ltx_inline-block" id="id2.1.1.2.1"> <span class="ltx_p" id="id2.1.1.2.1.1"><span class="ltx_text ltx_font_bold" id="id2.1.1.2.1.1.1">Andrea Galimberti,</span> PhD, is a research fellow at Politecnico di Milano. He received his M.Sc. degree in Computer Science and Engineering in 2019 and his PhD degree in Information Technology in 2023, both from Politecnico di Milano. His research has explored hardware acceleration of post-quantum cryptography and architectures for mixed-precision computing integrating floating-point and fixed-point arithmetic. His current interests focus on designing multi-core architectures and accelerators for deep learning.</span> </span> </td> </tr> </table> </figure> <figure class="ltx_float biography" id="id3"> <table class="ltx_tabular" id="id3.1"> <tr class="ltx_tr" id="id3.1.1"> <td class="ltx_td" id="id3.1.1.1"><img alt="[Uncaptioned image]" class="ltx_graphics ltx_img_portrait" height="125" id="id3.1.1.1.g1" src="extracted/6284874/images/bios/dg_crop.jpg" width="100"/></td> <td class="ltx_td" id="id3.1.1.2"> <span class="ltx_inline-block" id="id3.1.1.2.1"> <span class="ltx_p" id="id3.1.1.2.1.1"><span class="ltx_text ltx_font_bold" id="id3.1.1.2.1.1.1">Davide Galli,</span> MSc, is a PhD student at Politecnico di Milano, Italy. He received the B.Sc. in Ingegneria Informatica and the M.Sc. in Computer Science and Engineering at Politecnico di Milano in 2019 and 2022, respectively. Starting from his M.Sc. thesis on true random number generators on FPGA, his research interests are mainly on hardware security and side-channel analysis.</span> </span> </td> </tr> </table> </figure> <div class="ltx_pagination ltx_role_newpage"></div> </article> </div> <footer class="ltx_page_footer"> <div class="ltx_page_logo">Generated on Sun Mar 16 18:28:56 2025 by <a class="ltx_LaTeXML_logo" href="http://dlmf.nist.gov/LaTeXML/"><span style="letter-spacing:-0.2em; margin-right:0.1em;">L<span class="ltx_font_smallcaps" style="position:relative; bottom:2.2pt;">a</span>T<span class="ltx_font_smallcaps" style="font-size:120%;position:relative; bottom:-0.2ex;">e</span></span><span style="font-size:90%; position:relative; bottom:-0.2ex;">XML</span><img alt="Mascot Sammy" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAsAAAAOCAYAAAD5YeaVAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9wKExQZLWTEaOUAAAAddEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIFRoZSBHSU1Q72QlbgAAAdpJREFUKM9tkL+L2nAARz9fPZNCKFapUn8kyI0e4iRHSR1Kb8ng0lJw6FYHFwv2LwhOpcWxTjeUunYqOmqd6hEoRDhtDWdA8ApRYsSUCDHNt5ul13vz4w0vWCgUnnEc975arX6ORqN3VqtVZbfbTQC4uEHANM3jSqXymFI6yWazP2KxWAXAL9zCUa1Wy2tXVxheKA9YNoR8Pt+aTqe4FVVVvz05O6MBhqUIBGk8Hn8HAOVy+T+XLJfLS4ZhTiRJgqIoVBRFIoric47jPnmeB1mW/9rr9ZpSSn3Lsmir1fJZlqWlUonKsvwWwD8ymc/nXwVBeLjf7xEKhdBut9Hr9WgmkyGEkJwsy5eHG5vN5g0AKIoCAEgkEkin0wQAfN9/cXPdheu6P33fBwB4ngcAcByHJpPJl+fn54mD3Gg0NrquXxeLRQAAwzAYj8cwTZPwPH9/sVg8PXweDAauqqr2cDjEer1GJBLBZDJBs9mE4zjwfZ85lAGg2+06hmGgXq+j3+/DsixYlgVN03a9Xu8jgCNCyIegIAgx13Vfd7vdu+FweG8YRkjXdWy329+dTgeSJD3ieZ7RNO0VAXAPwDEAO5VKndi2fWrb9jWl9Esul6PZbDY9Go1OZ7PZ9z/lyuD3OozU2wAAAABJRU5ErkJggg=="/></a> </div></footer> </div> </body> </html>