{"corpus_id":202700265,"paper_sha":"3225ea8020926033af3d2e47c5a9bea215e20300","doi":"10.1109/ISVLSI.2019.00064","arxiv_id":null,"pmid":null,"pmcid":null,"mag_id":2974820819,"dblp_id":"conf/isvlsi/DhanuskodiH19","acl_id":null,"title":"Enabling Microarchitectural Randomization in Serialized AES Implementations to Mitigate Side Channel Susceptibility","year":2019,"publication_date":"2019-07-01","venue":"IEEE Computer Society Annual Symposium on VLSI","journal":{"name":"2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)","pages":"314-319","volume":null},"journal_issn":null,"journal_title":null,"publication_types":["JournalArticle"],"pubmed_pub_types":null,"s2_fields_of_study":["Computer Science","Engineering"],"reference_count":25,"citation_count":9,"influential_citation_count":0,"is_open_access":false,"arxiv_categories":null,"arxiv_license":null,"arxiv_journal_ref":null,"mesh_headings":null,"chemicals":null,"comments_corrections":null,"source_flags":1,"s2_open_access_pdf_url":null,"s2_open_access_landing_url":null,"s2_open_access_license":null,"s2_open_access_status":null,"pmc_open_access_pdf_url":null,"pmc_open_access_landing_url":null,"pmc_open_access_license":null,"pmc_open_access_status":null,"unpaywall_open_access_pdf_url":null,"unpaywall_open_access_landing_url":null,"unpaywall_open_access_license":null,"unpaywall_open_access_status":null,"abstract":"Highly serialized implementations of the AES block cipher are used in lightweight applications where low area and low power are the primary concerns. Security of these lightweight designs becomes increasingly critical on resource-constrained devices in the Internet of Things era. The AES algorithm does not have any significant known cryptanalytic weaknesses, but keys can often be extracted by attacking implementation weaknesses using side channel information leakage or fault injection. Highly serialized AES implementations compute on individual bytes/words of data in each cycle which leaves them especially sensitive to side channel key extraction because there is less overall power consumption to obscure side channel leakages. In this work, we present an efficient AES microarchitecture that randomizes sub-round operations and reduces susceptibility to power side channel attacks. The architecture we propose is compatible with, and complementary to, all existing circuit-level side channel countermeasures. We design an 8-bit AES architecture in a commercial 16nm FinFET technology and observe an order of magnitude improvement in side channel protection at a cost of 36% more area and 25% more energy per encryption. Testchip measurement shows 0.93pJ/bit energy consumption at 10MHz.","claims":[{"public_id":"cl_c1a6c45213021ad91bfc4cef26e96510","status":"active","text":"An 8-bit AES architecture designed in a commercial 16nm FinFET technology achieved an order of magnitude improvement in side channel protection at a cost of 36% more area and 25% more energy per encryption.","confidence":0.96,"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/claims/cl_c1a6c45213021ad91bfc4cef26e96510"},{"public_id":"cl_a000663eba183caab9d99784e99f1a6b","status":"active","text":"An efficient AES microarchitecture randomizes sub-round operations and reduces susceptibility to power side channel attacks.","confidence":0.95,"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/claims/cl_a000663eba183caab9d99784e99f1a6b"},{"public_id":"cl_0d19200508b21cd401826dd303b56f46","status":"active","text":"Testchip measurement showed 0.93pJ/bit energy consumption at 10MHz.","confidence":0.97,"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/claims/cl_0d19200508b21cd401826dd303b56f46"},{"public_id":"cl_cf508ad98d47a993f6ee955eb0a57d5c","status":"active","text":"The proposed architecture is compatible with and complementary to existing circuit-level side channel countermeasures.","confidence":0.94,"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/claims/cl_cf508ad98d47a993f6ee955eb0a57d5c"}],"concepts":[{"public_id":"co_3e69846c4beac079f308d96f7183eaf3","status":"active","name":"side channel protection","description":"Resistance of the AES implementation to key extraction through side channel attacks.","types":["security metric"],"aliases":[],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_3e69846c4beac079f308d96f7183eaf3"},{"public_id":"co_4a480b2baf250558b5be6ddc8a201dec","status":"active","name":"side channel information leakage","description":"Information exposed through implementation behavior that can be used to extract cryptographic keys.","types":["security phenomenon"],"aliases":[],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_4a480b2baf250558b5be6ddc8a201dec"},{"public_id":"co_533ab81dbf450580e017c263f7dbfdf4","status":"active","name":"testchip measurement","description":"Physical chip measurement used to report the energy behavior of the implemented AES design.","types":["measurement method"],"aliases":[],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_533ab81dbf450580e017c263f7dbfdf4"},{"public_id":"co_6b7c981a14d0a2b5eb52936a60f635ce","status":"active","name":"energy consumption at 10MHz","description":"The measured per-bit energy use of the testchip when operated at a 10MHz frequency.","types":["performance metric"],"aliases":[],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_6b7c981a14d0a2b5eb52936a60f635ce"},{"public_id":"co_6bd29050513e62831e39c8d73db9189e","status":"active","name":"sub-round operations","description":"Fine-grained operations within AES rounds whose execution order can be randomized in the proposed architecture.","types":["computational operation"],"aliases":[],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_6bd29050513e62831e39c8d73db9189e"},{"public_id":"co_7cb88fb571b1db9a78bd7283ba1a2eba","status":"active","name":"power side channel attacks","description":"Side channel attacks that use power-consumption behavior to extract cryptographic keys.","types":["attack method"],"aliases":["power side channel"],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_7cb88fb571b1db9a78bd7283ba1a2eba"},{"public_id":"co_7e85a0d239cec49b71624febbefcd165","status":"active","name":"serialized AES implementations","description":"AES hardware implementations that compute on individual bytes or words of data in each cycle.","types":["hardware implementation"],"aliases":["Highly serialized AES implementations"],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_7e85a0d239cec49b71624febbefcd165"},{"public_id":"co_91cba1f520c1bcb542e2dc2ef6452d95","status":"active","name":"circuit-level side channel countermeasures","description":"Existing hardware-level defenses intended to reduce side channel leakage from cryptographic circuits.","types":["security countermeasure"],"aliases":[],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_91cba1f520c1bcb542e2dc2ef6452d95"},{"public_id":"co_ad83a14c603c4dd29b9f73953acf410c","status":"active","name":"8-bit AES architecture","description":"A byte-oriented AES hardware design evaluated in the reported implementation.","types":["hardware architecture"],"aliases":[],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_ad83a14c603c4dd29b9f73953acf410c"},{"public_id":"co_bbfcc6582066f24f32d2eb38b01d22f9","status":"active","name":"fault injection","description":"An implementation attack approach that attempts to extract keys by inducing faults in the device.","types":["attack method"],"aliases":[],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_bbfcc6582066f24f32d2eb38b01d22f9"},{"public_id":"co_bc65171ed61c946e9c2fa7ca781abef3","status":"active","name":"AES microarchitecture","description":"The hardware organization for AES encryption proposed to support randomized sub-round execution.","types":["hardware architecture"],"aliases":["architecture"],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_bc65171ed61c946e9c2fa7ca781abef3"},{"public_id":"co_e09a96c0fb928caa1555bff37be4325a","status":"active","name":"commercial 16nm FinFET technology","description":"The semiconductor process technology used to implement the evaluated AES architecture.","types":["fabrication technology"],"aliases":["16nm FinFET technology"],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_e09a96c0fb928caa1555bff37be4325a"},{"public_id":"co_e4df016cb4de4a047ea58a130bcf12df","status":"active","name":"AES block cipher","description":"A symmetric block cipher algorithm implemented in the lightweight hardware designs discussed here.","types":["cryptographic algorithm"],"aliases":["AES algorithm"],"contributors":[{"id":35,"public_id":"b2adb6bfad","public_label":"Anonymous (b2adb6bfad)","roles":["extraction"],"url":"https://sah.borca.ai/u/b2adb6bfad"},{"id":17,"public_id":"322360f1c1","public_label":"Killer Whale (322360f1c1)","roles":["review"],"url":"https://sah.borca.ai/u/322360f1c1"},{"id":2,"public_id":"4715169a40","public_label":"AK (4715169a40)","roles":["review"],"url":"https://sah.borca.ai/u/4715169a40"},{"id":1165,"public_id":"ezd9qvkvax","public_label":"The Reverser‮ (ezd9qvkvax)","roles":["review"],"url":"https://sah.borca.ai/u/ezd9qvkvax"}],"url":"https://sah.borca.ai/concepts/co_e4df016cb4de4a047ea58a130bcf12df"}],"external_ids":{"DOI":"10.1109/ISVLSI.2019.00064","ArXiv":null,"PubMed":null,"PubMedCentral":null,"MAG":2974820819,"DBLP":"conf/isvlsi/DhanuskodiH19","ACL":null},"open_access":{"is_open_access":false,"pdf_url":null,"landing_url":"https://sah.borca.ai/papers/202700265","source":null,"pdf_url_source":null,"license":null,"reason":"pdf_url_not_indexed"},"reference_availability":{"status":"available","references_indexed":true,"full_text_available":false,"full_text_source":null,"count_basis":"semantic_scholar_metadata","extraction_status":"not_applicable","reason":null},"source":{"provider":"episteme2","base_corpus":"semantic_scholar_dump","freshness_mode":"unknown","basis":["semantic_scholar_metadata","postgres_metadata"],"limits":["paper metadata is based on indexed upstream scholarly datasets","claims and concepts are available only for extracted papers","absence of claims or concepts means no extracted graph data is available in this response"],"status":"available","degraded":false,"degraded_reasons":[],"diagnostics":{"status":"available","degraded":false,"degraded_reasons":[],"metadata_status":"available","graph_status":"available","abstract_status":"available"},"source_flags":1},"paper_id":631224,"paper_uid":"79ea59e0-ea71-4ab3-a349-6f41e4bb7768","canonical_identity":{"paper_id":631224,"paper_uid":"79ea59e0-ea71-4ab3-a349-6f41e4bb7768","identity_status":"available","lookup_basis":"semantic_scholar_external_id","compatibility_path":"corpus_id"},"url":"https://sah.borca.ai/papers/202700265"}