CTScan: A CGRA-based Platform for the Emulation of Power Side-Channel Attacks on Edge CPUs

Cryptographic algorithms can be exploited by power side-channel attacks. Thus, it is imperative to perform a thorough pre-silicon security evaluation to minimize these potential threats. Conventional methods using FPGAs and CAD tools for pre-silicon power side-channel evaluation of CPUs can take a long time to complete. In this work, we propose CTScan, a novel platform that uses Coarse-Grained Reconfigurable Arrays (CGRAs) to speedup this evaluation. CTScan first maps the CPU microarchitecture onto the underlying CGRA hardware to mimic the execution patterns. Next, using the CPU instruction trace profiles obtained from a high-level simulator, we translate and then run these traces on the CGRA which allows for the emulated CPU power traces to be obtained for analysis. Our CGRA-based CTScan platform shows an end-to-end speedup improvement of up to 67 \(\times\) speedup over state-of-the-art FPGAs for CPA attack, with comparable correlation to hypothesis. To the best of our knowledge, this is the first proposal that uses CGRAs as a platform for pre-silicon CPU security evaluation. CTScan has been validated against real silicon measurements on the Sakura-X FPGA board and a commercial RISC-V processor (SiFive FE310). Additionally, we present case studies to evaluate the applicability of CTScan when running two commonly used power side-channels.

• Publication year

  2025

• Venue

  ACM Transactions on Reconfigurable Technology and Systems

• Publication date

  2025-03-03

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1145/3721294
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Nexus Machine: An Active Message Inspired Reconfigurable Architecture for Irregular Workloads

  2025cited by this paper
• An MLIR-Based Compilation Framework for CGRA Application Deployment

  2025cited by this paper
• Enhancing CGRA Efficiency Through Aligned Compute and Communication Provisioning

  2024cited by this paper
• A 360 GOPS/W CGRA in a RISC-V SoC with Multi-Hop Routers and Idle-State Instructions for Edge Computing Applications

  2024cited by this paper
• PARADISE: Criticality-Aware Instruction Reordering for Power Attack Resistance

  2024cited by this paper
• PACE: A Scalable and Energy Efficient CGRA in a RISC-V SoC for Edge Computing Applications

  2024influential reference
• Security Aspects of Masking on FPGAs

  2024cited by this paper
• EFFLUX-F2: A High Performance Hardware Security Evaluation Board

  2024cited by this paper
• Blind-Folded: Simple Power Analysis Attacks using Data with a Single Trace and no Training

  2024cited by this paper
• TPUXtract: An Exhaustive Hyperparameter Extraction Framework

  2024cited by this paper
• Emulating Side Channel Attacks on gem5: lessons learned

  2023cited by this paper
• FLEX: Introducing FLEXible Execution on CGRA with Spatio-Temporal Vector Dataflow

  2023cited by this paper
• FOBOS 3: An Open-Source Platform for Side-Channel Analysis and Benchmarking

  2023influential reference
• 3DRA: Dynamic Data-Driven Reconfigurable Architecture

  2023cited by this paper
• Root-cause Analysis of the Side Channel Leakage from ASCON Implementations

  2023cited by this paper
• A 2.41-μW/MHz, 437-PE/mm2 CGRA in 22 nm FD-SOI With RISC-Like Code Generation

  2023cited by this paper
• Power Side-Channel Leakage Assessment Framework at Register-Transfer Level

  2022cited by this paper
• The Side-channel Metrics Cheat Sheet

  2022cited by this paper
• SoC Root Canal! Root Cause Analysis of Power Side-Channel Leakage in System-on-Chip Designs

  2022cited by this paper
• PANORAMA: Divide-and-Conquer Approach for Mapping Complex Loop Kernels on CGRA

  2022cited by this paper
• Amber: A 367 GOPS, 538 GOPS/W 16nm SoC with a Coarse-Grained Reconfigurable Array for Flexible Acceleration of Dense Linear Algebra

  2022cited by this paper
• Apple vs. EMA Electromagnetic Side Channel Attacks on Apple CoreCrypto

  2022cited by this paper
• MIRACLE: MIcRo-ArChitectural Leakage Evaluation

  2021cited by this paper
• PSC-TG: RTL Power Side-Channel Leakage Assessment with Test Pattern Generation

  2021cited by this paper
• WaC: First Results on Practical Side-Channel Attacks on Commercial Machine Learning Accelerator

  2021cited by this paper
• Nonce@Once: A Single-Trace EM Side Channel Attack on Several Constant-Time Elliptic Curve Implementations in Mobile Platforms

  2021cited by this paper
• Rosita++: Automatic Higher-Order Leakage Elimination from Cryptographic Code

  2021cited by this paper
• HiMap: Fast and Scalable High-Quality Mapping on CGRA via Hierarchical Abstraction

  2021cited by this paper
• SoK: Design Tools for Side-Channel-Aware Implementations

  2021cited by this paper
• Accelerating Scientific Applications With SambaNova Reconfigurable Dataflow Architecture

  2021cited by this paper
• Leaky Nets: Recovering Embedded Neural Network Models and Inputs Through Simple Power and Timing Side-Channels—Attacks and Defenses

  2021cited by this paper
• A Side Journey to Titan

  2021cited by this paper
• Masking in Fine-Grained Leakage Models: Construction, Implementation and Verification

  2021cited by this paper
• EMSim: A Microarchitecture-Level Simulation Tool for Modeling Electromagnetic Side-Channel Signals

  2020influential reference
• A Systematic Appraisal of Side Channel Evaluation Strategies

  2020cited by this paper
• SIMF: Single-Instruction Multiple-Flush Mechanism for Processor Temporal Isolation

  2020cited by this paper
• EM-X-DL: Efficient Cross-device Deep Learning Side-channel Attack With Noisy EM Signatures

  2020cited by this paper
• Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs

  2020cited by this paper
• wannesm/dtaidistance v2.0.0

  2020cited by this paper
• On the Effect of the (Micro)Architecture on the Development of Side-Channel Resistant Software

  2020cited by this paper
• A Technical Overview of Cortex-M55 and Ethos-U55: Arm’s Most Capable Processors for Endpoint AI

  2020cited by this paper
• Architecture Correlation Analysis (ACA): Identifying the Source of Side-channel Leakage at Gate-level

  2020cited by this paper
• A Study on Evaluation Board Requirements for Assessing Vulnerability of Cryptographic Modules to Side-Channel Attacks

  2020influential reference
• Differential Power Analysis Attacks on Different Implementations of AES with the ChipWhisperer Nano

  2020cited by this paper
• The uncertainty of Side-Channel Analysis: A way to leverage from heuristics

  2020cited by this paper
• Compiler-Based Techniques to Secure Cryptographic Embedded Software Against Side-Channel Attacks

  2020cited by this paper
• Security analysis on dummy based side-channel countermeasures - Case study: AES with dummy and shuffling

  2020cited by this paper
• High Performance Depthwise and Pointwise Convolutions on Mobile Devices

  2020cited by this paper
• Karna: A Gate-Sizing based Security Aware EDA Flow for Improved Power Side-Channel Attack Protection

  2019cited by this paper
• RTL-PSC: Automated Power Side-Channel Leakage Assessment at Register-Transfer Level

  2019cited by this paper
• Reducing a Masked Implementation's Effective Security Order with Setup Manipulations And an Explanation Based on Externally-Amplified Couplings

  2019cited by this paper
• Multi-Tuple Leakage Detection and the Dependent Signal Issue

  2019cited by this paper
• One trace is all it takes: Machine Learning-based Side-channel Attack on EdDSA

  2019cited by this paper
• PRIMAL: Power Inference using Machine Learning

  2019cited by this paper
• X-DeepSCA: Cross-Device Deep Learning Side Channel Attack*

  2019cited by this paper
• Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis

  2019cited by this paper
• Vulnerability Analysis of a Soft Core Processor through Fine-grain Power Profiling

  2019cited by this paper
• Open DNN Box by Power Side-Channel Attack

  2019cited by this paper
• CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel

  2019cited by this paper
• High-performance Implementation of Elliptic Curve Cryptography Using Vector Instructions

  2019cited by this paper
• Golden Gate: Bridging The Resource-Efficiency Gap Between ASICs and FPGA Prototypes

  2019cited by this paper
• A Critical Analysis of ISO 17825 ('Testing methods for the mitigation of non-invasive attack classes against cryptographic modules')

  2019cited by this paper
• A Survey of Coarse-Grained Reconfigurable Architecture and Design

  2019cited by this paper
• POSTER: Tango: An Optimizing Compiler for Just-In-Time RTL Simulation

  2019cited by this paper
• PARAM: A Microprocessor Hardened for Power Side-Channel Attack Resistance

  2019influential reference
• A Catalog and In-Hardware Evaluation of Open-Source Drop-In Compatible RISC-V Softcore Processors

  2019cited by this paper
• Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers

  2019influential reference
• HyCUBE: A 0.9V 26.4 MOPS/mW, 290 pJ/op, Power Efficient Accelerator for IoT Applications

  2019influential reference
• Hardware Masking, Revisited

  2018cited by this paper
• ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android

  2018cited by this paper
• Examining the consequences of high-level synthesis optimizations on power side-channel

  2018cited by this paper
• Towards efficient and automated side-channel evaluations at design time

  2018cited by this paper
• Micro-Architectural Power Simulator for Leakage Assessment of Cryptographic Software on ARM Cortex-M3 Processors

  2018cited by this paper
• Leakage Detection with the x2-Test

  2018cited by this paper
• New Generation Dynamically Reconfigurable Processor Technology for Accelerating Embedded AI Applications

  2018cited by this paper
• A Comprehensive Side-Channel Information Leakage Analysis of an In-Order RISC CPU Microarchitecture

  2018cited by this paper
• Side-channel security of superscalar CPUs : Evaluating the Impact of Micro-architectural Features

  2018cited by this paper
• An inside job: Remote power analysis attacks on FPGAs

  2018cited by this paper
• Mind the Gap: Towards Secure 1st-Order Masking in Software

  2017cited by this paper
• Use of Simulators for Side-Channel Analysis

  2017cited by this paper
• Applying Horizontal Clustering Side-Channel Attacks on Embedded ECC Implementations

  2017cited by this paper
• A Coarse Grain Reconfigurable Array ( CGRA ) for Statically Scheduled Data Flow Computing

  2017cited by this paper
• Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA)

  2017cited by this paper
• HyCUBE: A CGRA with reconfigurable single-cycle multi-hop interconnect

  2017cited by this paper
• Does Coupling Affect the Security of Masked Implementations?

  2017cited by this paper
• A novel correlation power analysis attack on PIC based AES-128 without access to crypto device

  2017cited by this paper
• Attacking Embedded ECC Implementations Through cmov Side Channels

  2016cited by this paper
• CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds

  2016cited by this paper
• The Rocket Chip Generator

  2016cited by this paper
• Automatic Application of Power Analysis Countermeasures

  2015cited by this paper
• Dynamic power and performance back-annotation for fast and accurate functional hardware simulation

  2015cited by this paper
• Direct FPGA-based power profiling for a RISC processor

  2015cited by this paper
• Accurate dynamic power estimation for CMOS combinational logic circuits with real gate delay model

  2015cited by this paper
• PowerSpy: Location Tracking Using Mobile Device Power Analysis

  2015cited by this paper
• On the Cost of Lazy Engineering for Masked Software Implementations

  2014cited by this paper
• ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research

  2014cited by this paper
• Masks will Fall Off - Higher-Order Optimal Distinguishers

  2014cited by this paper
• Side-channel leakage and trace compression using normalized inter-class variance

  2014cited by this paper
• A practical approach to differential power analysis using PIC micrcontroller based embedded system

  2014cited by this paper
• SILK: high level of abstraction leakage simulator for side channel analysis

  2014cited by this paper

• Building an Open CGRA Ecosystem for Agile Innovation

  2025cites this paper