Data-Oblivious and Performant: On Designing Security-Conscious Hardware

Over the last years, we have witnessed an ever increasing concern regarding security in digital hardware design. More sophisticated exploits of microarchitectural timing channels force designers to rethink system architecture for security. Most countermeasures rely on the data-obliviousness of certain elementary hardware operations. And while there are many approaches to create such primitives by hardening hardware operations against data-dependent timing effects, they are often overly conservative, resulting in a significant performance loss.In this paper, we propose the combination of formally proven security with performance-enhancing optimizations to create security-conscious hardware. We discuss how an accelerator can dynamically adjust its latency to allow for optimizations tailored to the security level of its input operands. In addition, we extend a recent formal verification methodology to exhaustively verify the confidentiality of sensitive data in such a design. The effectiveness of the proposed approach is demonstrated by redesigning two open-source hardware implementations: The serial division unit of the CVA6 RISC-V processor and an accelerator for the RSA cryptosystem. Both case studies show that small changes in the implementations of the underlying algorithms can result in significant performance gains when compared to previous security countermeasures.

• Publication year

  2024

• Venue

  Latin American Test Symposium

• Publication date

  2024-04-09

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1109/LATS62223.2024.10534597
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Area-Optimized Constant-Time Hardware Implementation for Polynomial Multiplication

  2023cited by this paper
• A Scalable Formal Verification Methodology for Data-Oblivious Hardware

  2023influential reference
• Towards a Formally Verified Hardware Root-of-Trust for Data-Oblivious Computing

  2022cited by this paper
• Opening Pandora’s Box: A Systematic Study of New Ways Microarchitecture Can Leak Private Data

  2021cited by this paper
• Solver-Aided Constant-Time Hardware Verification

  2021cited by this paper
• DOLMA: Securing Speculation with the Principle of Transient Non-Observability

  2021cited by this paper
• Hardware Information Flow Tracking

  2021cited by this paper
• Constant-time foundations for the new spectre era

  2019cited by this paper
• Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data

  2019cited by this paper
• The Cost of Application-Class Processing: Energy and Performance Analysis of a Linux-Ready 1.7-GHz 64-Bit RISC-V Core in 22-nm FDSOI Technology

  2019cited by this paper
• PASCAL: Timing SCA Resistant Design and Verification Flow

  2019cited by this paper
• Spectre Attacks: Exploiting Speculative Execution

  2018cited by this paper
• Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing

  2018influential reference
• Clepsydra: Modeling timing flows in hardware designs

  2017cited by this paper
• Path Predicate Abstraction for Sound System-Level Models of RT-Level Circuit Designs

  2014cited by this paper
• Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors

  2009cited by this paper
• A lattice model of secure information flow

  1976cited by this paper

• FastPath: A Hybrid Approach for Efficient Hardware Security Verification

  2025cites this paper