PreSCAN: A Comprehensive Review of Pre-Silicon Physical Side-Channel Vulnerability Assessment Methodologies
:1. Introduction
- We provide an overview of the prevalent side-channel attacks and their countermeasures. This background information establishes the necessary foundation to understand the vulnerabilities and protection strategies in modern cryptographic systems (Section 2).
- We compare post-silicon leakage assessment techniques with pre-silicon simulation approaches, analyzing different abstraction levels of the hardware design cycle. Additionally, we discuss various leakage quantification metrics, offering a clearer understanding of how leakage can be effectively measured and mitigated (Section 3).
- We present recent advancements in pre-silicon power and electromagnetic modeling and leakage assessment techniques. This includes a critical evaluation of these methodologies based on their applicability, accuracy, and limitations, offering a practical framework for researchers and practitioners who aim to enhance hardware design security (Section 4).
- We conclude by summarizing the key findings and proposing future research directions. This discussion emphasizes the gaps in the current literature and suggests promising areas for further exploration in pre-silicon side-channel assessment and mitigation strategies (Section 5).
2. Physical Side-Channel Background
2.1. Side-Channel Attacks
- Simple Side-Channel Attack: Simple Power Analysis (SPA) and Simple Electromagnetic Analysis (SEMA) involve direct observation of power or EM emissions to identify operational patterns such as key loading or algorithmic execution. These techniques do not require statistical analysis but rely on the clear visibility of patterns in the data traces [11,12].
- Differential and Correlation Side-Channel Attacks: Differential Power Analysis (DPA) and Correlation Power Analysis (CPA) use statistical techniques to analyze variations in power consumption or electromagnetic emissions, as shown in Figure 1. DPA focuses on differences in power use between different operations, while CPA correlates these variations with predicted models based on cryptographic keys or operations [4,13]. Both methods aim to exploit the side-channel data collected across multiple operations to deduce secret information.
- Static Power Side-Channel Attacks: Static power side-channel attacks (S-PSCA) exploit the static power consumption of a device to extract sensitive information. Unlike dynamic power side-channel attacks, which focus on power consumption during active operations, S-PSCA analyzes the power consumption when the device is in a steady state. This can reveal information about the internal state of the device, such as values stored in registers or memory cells, potentially exposing cryptographic keys [2,14].
- Mutual Information Analysis: Mutual Information Analysis (MIA) employs a general statistical method that does not assume a specific leakage model, making it effective across diverse device architectures and operational modes. MIA assesses the mutual information between the guessed states of a cryptographic key and the measured side-channel signals to identify dependencies that may reveal sensitive data [15,16].
- Template Attack: Template attacks model the statistical distribution of side-channel leakage from a cryptographic device. By establishing a “template” based on a known operation, these attacks can predict the device’s behavior during cryptographic operations, allowing for efficient extraction of secrets from minimal data samples [17,18].
- Deep-Learning-Based Side-Channel Attack: Deep-Learning-Based Side-Channel Attacks (DL-SCA) apply neural network architectures to detect and exploit patterns in side-channel data that might be less apparent through conventional statistical methods. This approach is particularly effective against devices with complex or unknown protection mechanisms, as it can learn to identify subtle vulnerabilities from large datasets of power or EM traces [19,20].
2.2. Side-Channel Mitigation
2.2.1. Hiding
2.2.2. Masking
- Boolean Masking: This common technique involves splitting sensitive data into multiple shares and combining them with random masks during different computation stages. It effectively conceals the data by requiring all random masks to be known for successful extraction [23].
- Threshold Implementation (TI): TI divides computations into multiple shares that are processed separately. This method ensures that no single share reveals any critical information about the original data, enhancing security [24].
- Affine Masking: Affine masking utilizes linear transformations combined with constant shifts, providing robust protection, particularly against higher-order attacks. It randomizes intermediate values during cryptographic computations [25].
- Domain Oriented Masking (DOM): DOM applies masking at a domain level rather than individually for bits. This approach masks groups of related bits collectively, reducing the overhead and increasing resilience against side-channel attacks [24].
2.2.3. Dual Rail Logic
3. Pre-Silicon Side-Channel Leakage Assessment
3.1. Motivations for Pre-Silicon Leakage Assessment
3.1.1. Conventional Post-Silicon Leakage Assessment
- Signal-to-Noise Ratio (SNR): The Signal-to-Noise Ratio (SNR) plays a crucial role in side-channel assessments. In the context of side-channel analysis, the signal represents the exploitable information for an attack, while the noise encompasses all other information [35]. The SNR is computed as the variance of the signal divided by the variance of the noise.A higher SNR means the signal stands out more distinctly from the noise, which is critical for evaluating the vulnerability of cryptographic systems to side-channel attacks. The variability of SNR across different leakage models underscores its adaptability to various attack scenarios [35].
- Measurement to Disclose (MTD): MTD evaluates the security of cryptographic implementations by quantifying the number of traces required to recover a key [36,37]. It begins by collecting side-channel measurements under known key conditions to build statistical models of the device’s leakage and noise. Effective use of MTD demands engineering expertise, comprehensive knowledge of cipher design, and familiarity with the hardware and trace measurement techniques [37]. MTD serves as an essential metric for assessing the vulnerability of cryptographic systems to side-channel attacks.
- Test Vector Leakage Assessment (TVLA): The Test Vector Leakage Assessment (TVLA) evaluates cryptographic implementations for susceptibility to side-channel attacks (SCA) and determines the effort needed to extract sensitive information. TVLA employs Welch’s t-test to quantify side-channel vulnerabilities [5]. This method employs Welch’s t-test to analyze power consumption across two distinct datasets: one with a static key and fixed plaintexts and another with the same key but varying plaintexts. The t-test is computed as follows:Here, and represent the means of the fixed and random sets respectively, and are their standard deviations, and and represent the number of observations in each set. A t-test result falling outside the predetermined confidence interval suggests a significant leakage risk, indicating a failure in the cryptographic implementation’s security. Beyond the standard fixed-vs-random test, TVLA can also be adapted to include random-vs-random scenarios, where both key and plaintext are varied to detect otherwise obscured leakages, and semifixed-vs-random key tests, where keys are partially fixed [38]. These variations contribute to a more comprehensive evaluation of a system’s vulnerability to side-channel attacks.
3.1.2. Limitations of Post-Silicon Assessment
- Delayed Interventions: Post-silicon assessments typically identify vulnerabilities too late in the development cycle, making subsequent modifications costly and time-consuming.
- Limited Flexibility: Once a chip is fabricated, addressing detected vulnerabilities often requires starting a new development cycle, which can be prohibitively expensive and complex.
- Need for Early Assessment: There is a growing demand for side-channel leakage assessments to be conducted earlier in the design cycle to maximize the flexibility in applying countermeasures effectively.
3.2. Pre-Silicon Leakage Assessment Overview
3.2.1. Leakage Quantification in Pre-Silicon
- Test Vector Leakage Assessment (TVLA): In the pre-silicon phase, TVLA requires thoughtful adaptation due to the absence of physical noise in simulated environments. Traditional post-silicon methods, like fixed vs. random trace comparisons, are less effective here because simulations inherently lack the electrical noise that actual hardware would introduce [44]. This discrepancy necessitates alternative approaches, such as the use of random vs. semifixed datasets, where part of the key or data remains constant while the rest varies. This approach helps in highlighting potential leakage paths that might be obscured in entirely random setups due to the uniform distribution of simulated noise.The t-test, employed in this context, adapts as follows:Here, and are the means of the outputs from two different simulation setups—one with semifixed and one with fully varied inputs—while , , , and denote their variances and sample sizes. By tailoring the analysis to the unique characteristics of pre-silicon simulations, TVLA not only becomes feasible but also provides a critical tool for preemptively identifying and mitigating side-channel vulnerabilities, ensuring that security is built into the hardware design from the ground up.
- Kullback-Leibler (KL) Divergence: KL divergence measures the statistical difference between probability distribution functions. In the context of power side-channel analysis, KL divergence assesses design vulnerabilities by comparing the probability density functions (PDFs) of power/EM traces assuming a Gaussian distribution. It quantifies the likelihood of an attacker correctly inferring the key by evaluating how distinct these distributions are between different keys [7]. The formula for KL divergence is given by Equation (4):Here, , denote the mean and variance of the EM traces for key , and , denote those for key . Higher KL divergence values indicate more distinguishable probability distributions of leakage traces, increasing the risk of successful differential or correlation attacks. KL divergence also provides insights into the probability of an attacker failing to extract the correct key, thereby influencing the security requirements of a cryptographic design. For instance, achieving a 90% attack failure probability may necessitate keeping KL divergence below 0.03 [45].
- Side-Channel Vulnerability (SCV): The Side-Channel Vulnerability (SCV) metric, although conceptually similar to the widely used Signal-to-Noise Ratio (SNR), provides unique benefits. Unlike the SNR, which necessitates analyzing thousands of silicon traces, SCV can be effectively employed in formal methods utilizing information flow tracking (IFT) to evaluate side-channel vulnerabilities using a limited number of simulated traces during the pre-silicon design phase [32,40]. The SCV is defined as:Here, and represent the average power consumption of the target function when the Hamming Weight (HW) of the output is and for the ith and jth input patterns, respectively. In this context, the difference between and serves as the signal power used for the side-channel vulnerability assessment.
3.2.2. Challenges in Pre-Silicon Assessment
- High Simulation Costs: The need for numerous high-resolution power/EM traces significantly raises the simulation costs, especially for complex designs with many components.
- Resolution and Analysis Limitations: Pre-silicon environments often lack the resolution and root cause analysis capabilities, limiting their effectiveness in identifying precise vulnerability causes.
- Ubiquitous Vulnerabilities: Vulnerabilities related to data-dependent power dissipation are prevalent across all levels of the system stack, necessitating comprehensive verification of leakage characteristics at every abstraction level [39].
- Complexity of Modern Designs: The intricate and diverse nature of modern hardware designs adds another layer of complexity, making thorough assessments more challenging.
4. Review of State-of-the-Art Pre-Silicon Leakage Assessment Techniques
4.1. Advancements in Power Modeling and Leakage Assessment Techniques
4.1.1. Leakage Detection Techniques
- NCSIM [49]/PLAN/PARAM [50]: Accelerating power trace simulation involves estimating power consumption across different levels of abstraction. NCSIM [49], a white-box simulator, focuses on DPA resistance at the gate level (see Figure 3a). While it does not account for static power consumption, NCSIM can model glitches and early propagation with added timing information. The tool supports various power estimation techniques, including transition counting and random transition weighting, and can annotate transition weighting by extracting parasitic data from the full-chip layout. However, transistor-level simulation for operations like internal MOV with core initialization in NCSIM can take up to 10 h, contrasting with a logic simulation that completes in minutes.Another tool, PLAN/PARAM [50] (see Figure 3b), estimates power by aggregating consumption from all signals within a module. This method assumes the power consumption of a k-bit signal correlates with its Hamming weight. Evaluating the entire Shakti-C processor using PLAN/PARAM takes approximately 5 h, significantly faster than the month-long requirement for post-and-place route simulations.
- Architecture Correlation Analysis (ACA) [51]: The growing complexity of contemporary systems, fueled by System-on-Chip (SoC) integration, complicates the task of accurately pinpointing the origins of side-channel leakage. Consequently, secure SoC designers are compelled to proactively deploy costly countermeasures to protect subsystems like encryption modules, leading to increased chip design expenses. To address this issue, a new methodology known as Architecture Correlation Analysis (ACA) [51] has been introduced, presented in Figure 4. ACA enables the accurate identification of side-channel leakage sources at the granularity of a single cell during the design phase. By leveraging a leakage model typically used in differential side-channel analysis techniques, ACA ranks cells within a netlist based on their individual contributions to side-channel leakage. This strategy allows designers to apply countermeasures selectively where they are most effective, thereby reducing the need for expensive blanket countermeasure application. The effectiveness of the ACA methodology is showcased through its application to an AES coprocessor within an SoC design. By employing ACA, researchers successfully pinpoint sources of side-channel leakage at both the gate level within the AES module and within the overarching SoC [51]. Moreover, the efficacy of ACA is confirmed through its integration into an optimized hiding countermeasure.
- RTL-PSC [7,41]: RTL-PSC [7,41] is one of the pioneers in RTL power side-channel evaluation of cryptographic cores, checking security vulnerabilities much earlier than the typical post-silicon evaluation in the entire development cycle. This method employs functional simulation at the RTL to estimate the power consumption profile of a hardware design, utilizing the Synopsys VCS tool to count transitions, as shown in Figure 5. RTL-PSC distinguishes itself from other methods with two notable advantages: precise quantitative analysis of power side-channel leakage and exceptional efficiency. For instance, the evaluation time for AES-GF is approximately 43.6 min, while for AES-LUT, it varies between 24 and 44 min [7]. In contrast, gate-level and layout-level evaluations would take approximately 31 h and over a month, respectively.More specifically, RTL-PSC aims at quantifying the RTL power side-channel leakage in terms of KL divergence. KL divergence, as detailed in Section 3.2.1, measures the statistical distance between two probabilistic distributions. As for RTL-PSC methodology evaluating side-channel leakage, the distributions are generated with the simulated design switching activities (toggle counts in dumped SAIF files) by fitting them into the Gaussian distribution model. For each set of switching activities, the security analyzer will pick a different cryptographic key with random plaintexts (messages). Given the huge search space of key guesses (e.g., full key guess of a typical AES-128 calls for which is computationally intractable), a critical assumption of RTL-PSC is the hamming distance between selected key values is positively correlated with the resulting leakage. As such, RTL-PSC can excel in conventional post-silicon methodology in assessing design vulnerabilities without sacrificing accuracy while preserving the maximum flexibility in countermeasure deployment [7].
- PSC-TG [40]: The PSC-TG framework [40] represents an innovative approach for predicting power side-channel leakage at the RTL. This method enhances flexibility in implementing countermeasures against power side-channel attacks (SCAs), which exploit cryptographic implementation leaks to extract sensitive information. Unlike many existing techniques focused on post-silicon stages, PSC-TG initiates with RTL information flow tracking to pinpoint the most vulnerable variables. Formal assertions are then developed based on these variables and an assumed attack model to generate test patterns [32,40]. The side-channel vulnerability (SCV) metric is derived from estimated power using as few as two patterns, quantifying initial side-channel leakage. For higher-order assessments in masked implementations, PSC-TG employs a t-test to provide a pass/fail outcome [40]. Experimental evaluations across RTL, gate-level, and FPGA implementations validated PSC-TG’s efficacy. Specifically, t-test results for masked Simon implementations aligned closely with post-silicon findings.
- Micro-Architectural Power Simulator (MAPS) [52]: Corre et al. introduce MAPS (Micro-Architectural Power Simulator), a novel tool designed to assess power side-channel leakage in cryptographic software running on ARM Cortex-M3 processors [52]. Power side-channel attacks exploit power consumption patterns during cryptographic algorithm execution to extract sensitive data. Creating a properly masked version of a block cipher involves iterative and time-intensive processes, each requiring costly leakage assessments. MAPS aims to streamline this process with a fast and user-friendly simulator that models Cortex-M3 pipeline leakages, particularly those introduced by pipeline registers. The leakage characteristics of the Cortex-M3 series are derived directly from its HDL source code, eliminating the need for complex and expensive profiling phases [52]. As a case study, first-order masked Assembler implementations of the lightweight cipher Simon are analyzed to understand pipeline leakages and provide mitigation strategies. This tool represents a significant advancement in cryptographic software development, offering an efficient approach to evaluate and mitigate power side-channel leakage at the micro-architectural level [52].
4.1.2. Leakage Mitigation Techniques
- KARNA [53]: Karna [53] introduces an innovative methodology aimed at fortifying the side-channel security of devices within the Electronic Design Automation (EDA) flow. Unlike traditional countermeasures that often impose significant overheads, potentially compromising low-power, high-performance, and compact design requirements, Karna takes a unique approach. It operates without introducing additional logic, instead focusing on identifying and reconfiguring vulnerable gates within the design to enhance side-channel resistance. Notably, Karna utilizes standard cell library gates, foregoing the need for specialized gate libraries [53]. The overview of the framework and leakage mitigation flow is illustrated in Figure 6.The verification and mitigation flow of Karna has been seamlessly integrated into the Synopsys Design Compiler. Its effectiveness is demonstrated through significant reductions in side-channel leakage in implementations of AES, PRESENT, and Simon block ciphers synthesized for a 28 nm technology node. Remarkably, Karna achieves these enhancements by optimizing the available space around existing gates, thereby avoiding any additional area overheads. The authors validated the improved side-channel resilience of these optimized designs against Differential Power Analysis attacks [53]. This approach successfully mitigates power side-channel vulnerabilities without introducing delays, increasing power consumption, or escalating gate counts, underscoring Karna’s potential as a pivotal tool for enhancing device security.
4.1.3. Comparison of Power Leakage Assessment Techniques
4.2. Electromagnetic Modeling and Leakage Assessment Techniques
4.2.1. Leakage Detection Techniques
- White-Box Analysis [54,55]: Electromagnetic emissions in integrated circuits (ICs), caused by data-dependent current consumption passing through different metal layer interconnects, pose a significant security risk. In response to the growing threat of EM side-channel attacks on internet-connected devices, a novel approach called STELLAR has been introduced [54,55]. STELLAR provides a detailed analysis of the EM leakage in the context of side-channel security, focusing on its origin within CMOS-based ICs. The study reveals that EM radiation primarily stems from the metal layer routings within CMOS integrated circuits. Simulations are employed to explore the contributions of individual metal layers to the radiated electric field (E-field), demonstrating that the highest metal layers, such as Metal 9 (M9), play a significant role in EM radiation, illustrated in Figure 7. Commercially available E-field probes are used to assess the sensitivity and detectability of the EM leakage from different metal layers. The results show that for the specific example of Intel’s 32 nm technology, the radiation from M9 can be detected, while lower-level metal layers do not exceed the detection threshold of E-field probes. This underscores the importance of minimizing EM radiation from top-level metal layers and provides insights into designing countermeasures against EM side-channel attacks [54,55].The STELLAR countermeasure involves routing the cryptographic core within lower-level metal layers, making EM leakage undetectable to external attackers with EM probes. Additionally, a Signature Attenuation Hardware (SAH) is employed to suppress the encryption signature before it reaches the highly radiating top-level metal layers, ensuring security against EM side-channel attacks [54,55,58]. Real-world testing with a 128-bit AES engine demonstrates the effectiveness of STELLAR, with no secret key disclosure even after 1 million encryptions, minimal area and power overhead, and no performance penalties.
- Efficient DEMA Simulation [56]: Kumar et al. [56] present an efficient simulation flow at the layout level aimed at evaluating the susceptibility of integrated circuits (ICs) to electromagnetic side-channel attacks (EM SCA). The flow consists of three key steps: circuit analysis, model simplification, and EM radiation, and incorporates strategies to reduce computational costs without sacrificing predictive accuracy [56,59]. Figure 8 provides an overview of the entire process.The circuit analysis step involves acquiring critical traces using industry-standard CAD tools, focusing on high-accuracy transient-circuit simulations exclusively during the cipher-execution phase. A hybrid approach that combines gate-level and transistor-level simulations is proposed, with transistor-level simulations using SPICE reserved for the critical last round. Model simplification aims to mitigate computational complexity by restricting the simulation of radiation to a reduced set of currents, specifically focusing on currents within the top metallization layers of the on-chip power-delivery network. The EM radiation step calculates the transient fields that would be received by a probe at different positions near the chip’s surface, given the distribution of transient currents on the chip. EM traces are generated for various probe positions, orientations, and times. This step entails substantial computational complexity but can be effectively parallelized to reduce simulation times [56,59].The proposed simulation flow, applied to an AES ASIC implementation, provides insights into electromagnetic side-channel attacks (EM SCA). The process involves circuit analysis for 5000 different encryptions and EM simulations. The analysis shows that probe proximity and noise significantly influence attack success. Furthermore, early-stage design choices, particularly the on-chip power distribution network design, can impact EM attack vulnerability. These findings emphasize the need for careful consideration during implementation [56,59].
- Multi-Physics EM Simulation [57]: Lin et al. [57] present an innovative pre-silicon EM side-channel simulation framework, illustrated in Figure 9, with three key contributions. Firstly, it provides an efficient pre-silicon EM side-channel simulation method powered by a machine learning-driven auto-Point-of-Interest (POI) detection algorithm. Secondly, the framework’s accuracy is validated using a 130 nm AES128 test chip, effectively identifying EM leakage locations and the number of traces required for complete key disclosure. Lastly, the framework demonstrates versatility by handling EM leakage simulations from both the front and back sides of a design. The study identifies unexpected power ring structure leakage as a significant source of data exposure from the substrate side, endorsing the value of the auto-POI approach in guiding EM measurements [57].The multiphysics simulation methodology encompasses layout-level power simulation, near-field EM modeling, and side-channel leakage analysis, with machine learning facilitating critical POI identification. The research also discusses potential design countermeasures to mitigate EM side-channel vulnerabilities, such as optimizing power grids, using shielding cans, and considering backside protection [57]. Overall, this paper presents a comprehensive framework for pre-silicon EM side-channel simulation, promising advancements in hardware security.
4.2.2. Leakage Mitigation Techniques
- CAD4EM-P [60]: Ma et al. [60] propose CAD4EM-P, an automated computer-aided design (CAD) tool designed to fortify circuits against EM side-channel attacks (SCA). Unlike traditional countermeasures that often impose significant overheads and demand specialized expertise from integrated circuit (IC) designers, CAD4EM-P integrates seamlessly into modern IC design flows. This tool focuses on enhancing circuit resistance to EM SCA by implementing security-oriented placement and routing strategies. The resulting IC designs are fortified against SCA attacks while incurring minimal area and power overheads [60,61].CAD4EM-P’s development involves investigating the root causes of EM leakage at the layout level and validating the effectiveness of security-driven placement and routing through mathematical modeling. This approach includes data-dependent register reallocation and adjustments to wire lengths to significantly reduce the correlation between protected data and EM leakage. Experimental simulations on cryptographic circuits demonstrate the efficacy of the developed EM leakage model and the CAD tool in enhancing EM side-channel security [60,61].
4.2.3. Comparison of EM Leakage Assessment Techniques
5. Conclusions and Future Directions
- Machine Learning in Pre-Silicon Assessments: While machine learning techniques have shown promise in post-silicon leakage detection, their application in pre-silicon assessments remains underexplored. Future research could focus on developing machine learning models tailored for pre-silicon environments to improve the accuracy and efficiency of early-stage leakage assessments.
- Cross-Abstraction Leakage Correlation: There is a need for research that bridges the gap between different levels of abstraction (e.g., RTL, gate level, and layout level) in pre-silicon assessments. Establishing a robust correlation between leakage models across these abstractions could lead to more accurate and reliable leakage predictions, enabling designers to make informed decisions early in the design process.
- Automation and Scalability: The current methodologies for pre-silicon side-channel analysis are often manual and resource-intensive. Developing automated frameworks that can scale to handle large and complex designs is essential. These frameworks should also be adaptable to various design paradigms and technologies, ensuring their relevance across different hardware architectures.
- Countermeasure Evaluation: Most pre-silicon assessments focus on identifying potential vulnerabilities, but few consider the effectiveness of side-channel countermeasures at these early stages. Future research should aim to integrate the evaluation of countermeasures into pre-silicon tools, providing a holistic approach that not only identifies vulnerabilities but also assesses the potential impact of countermeasures before they are implemented in silicon.
- Emerging Threats and Standards: As cryptographic standards evolve and new threats emerge, there is a continuous need to update and refine side-channel leakage assessment methodologies. Future research should stay aligned with these evolving standards and threats, ensuring that assessment techniques remain robust and relevant in the face of new challenges.
- Heterogeneous Computing and IoT: The proliferation of heterogeneous computing platforms and IoT devices introduces new complexities in side-channel leakage assessment. Research should focus on developing tailored assessment methodologies for these platforms, considering their unique architectural features and constraints.
Author Contributions
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
- Randolph, M.; Diehl, W. Power side-channel attack analysis: A review of 20 years of study for the layman. Cryptography 2020, 4, 15. [Google Scholar] [CrossRef]
- Socha, P.; Miškovskỳ, V.; Novotnỳ, M. A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis. Sensors 2022, 22, 8096. [Google Scholar] [CrossRef] [PubMed]
- Spence, A.; Bangay, S. Security beyond cybersecurity: Side-channel attacks against non-cyber systems and their countermeasures. Int. J. Inf. Secur. 2022, 21, 437–453. [Google Scholar] [CrossRef]
- Kocher, P.; Jaffe, J.; Jun, B.; Rohatgi, P. Introduction to differential power analysis. J. Cryptogr. Eng. 2011, 1, 5–27. [Google Scholar] [CrossRef]
- Schneider, T.; Moradi, A. Leakage Assessment Methodology: A Clear Roadmap for Side-Channel Evaluations. In Proceedings of the Cryptographic Hardware and Embedded Systems–CHES 2015: 17th International Workshop, Saint-Malo, France, 13–16 September 2015; pp. 495–513. [Google Scholar]
- Gao, S.; Oswald, E. A Novel Framework for Explainable Leakage Assessment. In Cryptology ePrint Archive; IACR: Bellevue, WA, USA, 2022. [Google Scholar]
- He, M.; Park, J.; Nahiyan, A.; Vassilev, A.; Jin, Y.; Tehranipoor, M. RTL-PSC: Automated Power Side-Channel Leakage Assessment At Register-Transfer Level. In Proceedings of the 2019 IEEE 37th VLSI Test Symposium (VTS), Monterey, CA, USA, 23–25 April 2019; pp. 1–6. [Google Scholar]
- Dworkin, M.; Barker, E.; Nechvatal, J.; Foti, J.; Bassham, L.; Roback, E.; Dray, J. Advanced Encryption Standard (AES). 2001. Available online: (accessed on 1 September 2024).
- Easttom, C. Asymmetric Algorithms. In Modern Cryptography: Applied Mathematics for Encryption and Information Security; Springer: Berlin/Heidelberg, Germany, 2022; pp. 233–252. [Google Scholar]
- Rodrigues, C.; Oliveira, D.; Pinto, S. BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect. In Proceedings of the 2024 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–23 May 2024; pp. 3679–3696. [Google Scholar]
- Clavier, C.; Marion, D.; Wurcker, A. Simple power analysis on AES key expansion revisited. In Proceedings of the Cryptographic Hardware and Embedded Systems–CHES 2014: 16th International Workshop, Busan, Republic of Korea, 23–26 September 2014; pp. 279–297. [Google Scholar]
- Bhunia, S.; Tehranipoor, M. Hardware Security: A Hands-On Learning Approach; Morgan Kaufmann: San Francisco, CA, USA, 2018. [Google Scholar]
- Brier, E.; Clavier, C.; Olivier, F. Correlation Power Analysis With A Leakage Model. In Proceedings of the Cryptographic Hardware and Embedded Systems-CHES 2004: 6th International Workshop, Cambridge, MA, USA, 11–13 August 2004; pp. 16–29. [Google Scholar]
- Bhandari, J.; Nabeel, M.; Mankali, L.; Sinanoglu, O.; Karri, R.; Knechtel, J. Lightweight Masking Against Static Power Side-Channel Attacks. arXiv preprint 2024, arXiv:2402.03196. [Google Scholar]
- Gierlichs, B.; Batina, L.; Tuyls, P.; Preneel, B. Mutual information analysis: A generic side-channel distinguisher. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems, Washington, DC, USA, 10–13 August 2008; pp. 426–442. [Google Scholar]
- Batina, L.; Gierlichs, B.; Prouff, E.; Rivain, M.; Standaert, F.X.; Veyrat-Charvillon, N. Mutual information analysis: A comprehensive study. J. Cryptol. 2011, 24, 269–291. [Google Scholar] [CrossRef]
- Chari, S.; Rao, J.R.; Rohatgi, P. Template attacks. In Cryptographic Hardware and Embedded Systems—CHES 2002: 4th International Workshop, Redwood Shores, CA, USA, 13–15 August 2002; Revised Papers 4; Springer: Berlin/Heidelberg, Germany, 2003; pp. 13–28. [Google Scholar]
- Gierlichs, B.; Lemke-Rust, K.; Paar, C. Templates vs. stochastic methods: A performance analysis for side channel cryptanalysis. In Proceedings of the Cryptographic Hardware and Embedded Systems-CHES 2006: 8th International Workshop, Yokohama, Japan, 10–13 October 2006; pp. 15–29. [Google Scholar]
- Maghrebi, H. Deep Learning based Side Channel Attacks in Practice; IACR: Bellevue, WA, USA, 2020. [Google Scholar]
- Wu, L.; Perin, G.; Picek, S. Deep Learning on Side-Channel Analysis. In Security and Artificial Intelligence: A Crossdisciplinary Approach; Springer International Publishing: Cham, Switzerland, 2022; Volume 13211, pp. 48–71. [Google Scholar]
- De Mulder, E.; Eisenbarth, T.; Schaumont, P. Identifying and Eliminating Side-Channel Leaks in Programmable Systems. IEEE Des. Test 2018, 35, 74–89. [Google Scholar] [CrossRef]
- Salomon, D.; Weiss, A.; Levi, I. Improved Filtering Techniques for Single-and Multi-Trace Side-Channel Analysis. Cryptography 2021, 5, 24. [Google Scholar] [CrossRef]
- Biryukov, A.; Dinu, D.; Le Corre, Y.; Udovenko, A. Optimal first-order boolean masking for embedded iot devices. In Smart Card Research and Advanced Applications: 16th International Conference, CARDIS 2017, Lugano, Switzerland, 13–15 November 2017; Revised Selected Papers; Springer: Berlin/Heidelberg, Germany, 2018; pp. 22–41. [Google Scholar]
- Groß, H.; Mangard, S.; Korak, T. Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. In Cryptology ePrint Archive; IACR: Bellevue, WA, USA, 2016. [Google Scholar]
- Fumaroli, G.; Martinelli, A.; Prouff, E.; Rivain, M. Affine Masking against Higher-Order Side Channel Analysis. In International Workshop on Selected Areas in Cryptography; Springer: Berlin/Heidelberg, Germany, 2010; pp. 262–280. [Google Scholar]
- Bhasin, S.; Guilley, S.; Souissi, Y.; Danger, J.L. Efficient FPGA Implementation of dual-rail countermeasures using Stochastic Models. In Proceedings of the Non-Invasive Attack Testing Workshop (NIAT 2011), Nara, Japan, 26–27 September 2011; Volume 10. [Google Scholar]
- Nawaz, K.; Kamel, D.; Standaert, F.X.; Flandre, D. Scaling Trends For Dual-Rail Logic Styles Against Side-Channel Attacks: A Case-Study. In Constructive Side-Channel Analysis and Secure Design: 8th International Workshop, COSADE 2017, Paris, France, 13–14 April 2017; Revised Selected Papers 8; Springer: Berlin/Heidelberg, Germany, 2017; pp. 19–33. [Google Scholar]
- Bucci, M.; Giancane, L.; Luzzi, R.; Scotti, G.; Trifiletti, A. Delay-based dual-rail precharge logic. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 2010, 19, 1147–1153. [Google Scholar] [CrossRef]
- Bellizia, D.; Scotti, G.; Trifiletti, A. TEL logic style as a countermeasure against side-channel attacks: Secure cells library in 65 nm CMOS and experimental results. IEEE Trans. Circuits Syst. I Regul. Pap. 2018, 65, 3874–3884. [Google Scholar] [CrossRef]
- Roy, D.B.; Bhasin, S.; Guilley, S.; Heuser, A.; Patranabis, S.; Mukhopadhyay, D. CC meets FIPS: A hybrid test methodology for first order side channel analysis. IEEE Trans. Comput. 2018, 68, 347–361. [Google Scholar] [CrossRef]
- Ahmed, B.; Bepary, M.K.; Pundir, N.; Borza, M.; Raikhman, O.; Garg, A.; Donchin, D.; Cron, A.; Abdel-moneum, M.A.; Farahmandi, F.; et al. Quantifiable assurance: From ips to platforms. arXiv preprint 2022, arXiv:2204.07909. [Google Scholar]
- Nahiyan, A.; Park, J.; He, M.; Iskander, Y.; Farahmandi, F.; Forte, D.; Tehranipoor, M. Script: A cad framework for power side-channel vulnerability assessment using information flow tracking and pattern generation. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 2020, 25, 1–27. [Google Scholar] [CrossRef]
- Farahmandi, F.; Rahman, M.S.; Rajendran, S.R.; Tehranipoor, M. CAD for Power Side-Channel Detection. In CAD for Hardware Security; Springer International Publishing: Cham, Switzerland, 2023; pp. 123–147. [Google Scholar]
- Wang, Y.; Tang, M. A Survey of Side-Channel Leakage Assessment. Electronics 2023, 12, 3461. [Google Scholar] [CrossRef]
- Yano, Y.; Iokibe, K.; Toyota, Y.; Teshima, T. Signal-to-Noise Ratio Measurements Of Side-Channel Traces For Establishing Low-Cost Countermeasure Design. In Proceedings of the 2017 Asia-Pacific International Symposium on Electromagnetic Compatibility (APEMC), Seoul, Republic of Korea, 20–23 June 2017; pp. 93–95. [Google Scholar]
- Mangard, S. Hardware Countermeasures Against DPA–a Statistical Analysis of Their Effectiveness. In Proceedings of the Topics in Cryptology–CT-RSA 2004: The Cryptographers’ Track at the RSA Conference 2004, San Francisco, CA, USA, 23–27 February 2004; pp. 222–235. [Google Scholar]
- Šijačić, D.; Balasch, J.; Yang, B.; Ghosh, S.; Verbauwhede, I. Towards efficient and automated side-channel evaluations at design time. J. Cryptogr. Eng. 2020, 10, 305–319. [Google Scholar] [CrossRef]
- Becker, G.; Cooper, J.; De Mulder, E.; Goodwill, G.; Jaffe, J.; Kenworthy, G. Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES. In Proceedings of the International Cryptographic Module Conference, Gaithersburg, MD, USA, 24–26 September 2013. [Google Scholar]
- Kiaei, P.; Liu, Z.; Eren, R.K.; Yao, Y.; Schaumont, P. Saidoyoki: Evaluating Side-Channel Leakage In Pre-And Post-Silicon Setting. In Cryptology ePrint Archive; IACR: Bellevue, WA, USA, 2021. [Google Scholar]
- Zhang, T.; Park, J.; Tehranipoor, M.; Farahmandi, F. PSC-TG: RTL Power Side-Channel Leakage Assessment with Test Pattern Generation. In Proceedings of the 2021 58th ACM/IEEE Design Automation Conference (DAC), San Francisco, CA, USA, 5–9 December 2021; pp. 709–714. [Google Scholar]
- Pundir, N.; Park, J.; Farahmandi, F.; Tehranipoor, M. Power side-channel leakage assessment framework at register-transfer level. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 2022, 30, 1207–1218. [Google Scholar] [CrossRef]
- Kiaei, P.; Yao, Y.; Liu, Z.; Fern, N.; Breunesse, C.B.; Van Woudenberg, J.; Gillis, K.; Dich, A.; Grossmann, P.; Schaumont, P. Gate-level side-channel leakage assessment with architecture correlation analysis. arXiv preprint 2022, arXiv:2204.11972. [Google Scholar]
- Bepary, M.K.; Zhang, T.; Azar, K.Z.; Rahman, F.; Farahmandi, F.; Tehranipoor, M. EMSC-GL: Security Assessment and Modeling of Electromagnetic Side-channel Leakage at Gate-level. In Proceedings of the Annual Government Microelectronic Applications and Critical Technology Conference (GOMACTech), San Diego, CA, USA, 20–23 March 2023. [Google Scholar]
- He, J.; Ma, H.; Guo, X.; Zhao, Y.; Jin, Y. Design for EM Side-Channel Security Through Quantitative Assessment of Rtl Implementations. In Proceedings of the 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC), Beijing, China, 13–16 January 2020; pp. 62–67. [Google Scholar]
- Park, J.; Tyagi, A. Security Metrics For Power Based SCA Resistant Hardware Implementation. In Proceedings of the 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID), Kolkata, India, 4–8 January 2016; pp. 541–546. [Google Scholar]
- Kiaei, P.; Liu, Z.; Schaumont, P. Leverage the average: Averaged Sampling in Pre-Silicon Side-Channel Leakage Assessment. In Proceedings of the Proceedings of the Great Lakes Symposium on VLSI 2022, Irvine, CA, USA, 6–8 June 2022; pp. 3–8. [Google Scholar]
- Liu, Z.; Schaumont, P. Root-Cause Analysis of Power-Based Side-Channel Leakage in Lightweight Cryptography Candidates. In Proceedings of the NIST 5th Lightweight Cryptography Workshop (2022), Virtual, 9–11 May 2022. [Google Scholar]
- Shanmugam, D.; Schaumont, P. Improving Side-channel Leakage Assessment Using Pre-silicon Leakage Models. In Proceedings of the International Workshop on Constructive Side-Channel Analysis and Secure Design, Munich, Germany, 3–4 April 2023; pp. 105–124. [Google Scholar]
- Fadl, O.S.; Abu-Elyazeed, M.F.; Abdelhalim, M.B.; Amer, H.H.; Madian, A.H. Accurate dynamic power estimation for CMOS combinational logic circuits with real gate delay model. J. Adv. Res. 2016, 7, 89–94. [Google Scholar] [CrossRef] [PubMed]
- KF, M.A.; Ganesan, V.; Bodduna, R.; Rebeiro, C. PARAM: A Microprocessor Hardened for Power Side-Channel Attack Resistance. In Proceedings of the 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), San Jose, CA, USA, 7–11 December 2020; pp. 23–34. [Google Scholar]
- Yao, Y.; Kathuria, T.; Ege, B.; Schaumont, P. Architecture Correlation Analysis (ACA): Identifying the Source of Side-Channel Leakage at Gate-Level. In Proceedings of the 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), San Jose, CA, USA, 7–11 December 2020; pp. 188–196. [Google Scholar]
- Le Corre, Y.; Großschädl, J.; Dinu, D. Micro-Architectural Power Simulator for Leakage Assessment of Cryptographic Software on ARM Cortex-M3 Processors. In Proceedings of the Constructive Side-Channel Analysis and Secure Design: 9th International Workshop, COSADE 2018, Singapore, 23–24 April 2018; pp. 82–98. [Google Scholar]
- Slpsk, P.; Vairam, P.K.; Rebeiro, C.; Kamakoti, V. Karna: A Gate-Sizing Based Security Aware EDA Flow for Improved Power Side-Channel Attack Protection. In Proceedings of the 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Westminster, CO, USA, 4–7 November 2019; pp. 1–8. [Google Scholar]
- Das, D.; Nath, M.; Chatterjee, B.; Ghosh, S.; Sen, S. STELLAR: A generic EM Side-Channel Attack Protection Through Ground-Up Root-Cause Analysis. In Proceedings of the 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, USA, 5–10 May 2019; pp. 11–20. [Google Scholar]
- Das, D.; Sen, S. Electromagnetic and power side-channel analysis: Advanced attacks and low-overhead generic countermeasures through white-box approach. Cryptography 2020, 4, 30. [Google Scholar] [CrossRef]
- Kumar, A.; Scarborough, C.; Yilmaz, A.; Orshansky, M. Efficient Simulation of EM Side-Channel Attack Resilience. In Proceedings of the 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Irvine, CA, USA, 13–16 November 2017; pp. 123–130. [Google Scholar]
- Lin, L.; Zhu, D.; Wen, J.; Chen, H.; Lu, Y.; Chang, N.; Chow, C.; Shrivastav, H.; Chen, C.W.; Monta, K.; et al. Multiphysics Simulation of EM Side-Channels From Silicon Backside with ML-Based Auto-POI Identification. In Proceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, USA, 13–14 December 2021; pp. 270–280. [Google Scholar]
- Das, D.; Nath, M.; Ghosh, S.; Sen, S. Killing EM Side-Channel Leakage At Its Source. In Proceedings of the 2020 IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS), Springfield, MA, USA, 9–12 August 2020; pp. 1108–1111. [Google Scholar]
- Wang, M.; Iyer, V.V.; Xie, S.; Li, G.; Mathew, S.K.; Kumar, R.; Orshansky, M.; Yilmaz, A.E.; Kulkarni, J.P. Physical Design Strategies For Mitigating Fine-Grained Electromagnetic Side-Channel Attacks. In Proceedings of the 2021 IEEE Custom Integrated Circuits Conference (CICC), Virtual, 25–30 April 2021; pp. 1–2. [Google Scholar]
- Ma, H.; He, J.; Liu, Y.; Zhao, Y.; Jin, Y. CAD4EM-P: Security-Driven Placement Tools For Electromagnetic Side Channel Protection. In Proceedings of the 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), Xi’an, China, 16–17 December 2019; pp. 1–6. [Google Scholar]
- Ma, H.; He, J.; Liu, Y.; Liu, L.; Zhao, Y.; Jin, Y. Security-Driven Placement And Routing Tools For Electromagnetic Side-Channel Protection. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 2020, 40, 1077–1089. [Google Scholar] [CrossRef]
- Gao, Y.; Ma, H.; Kong, J.; He, J.; Zhao, Y.; Jin, Y. EMSim+: Accelerating Electromagnetic Security Evaluation with Generative Adversarial Network. In Proceedings of the 2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD), San Francisco, CA, USA, 28 October–2 November 2023; pp. 1–8. [Google Scholar]
Pre-Silicon Assessment | Post-Silicon Assessment | |||
RTL | Gate Level | Layout Level | ||
Time | Medium | High | Very high | Low |
Accuracy | Low | Medium | High | Very high |
Flexibility | High | Medium | Low | Not feasible (ASIC); challenging (FPGA) |
Properties | RTL | Gate-Level Netlist | Layout-Level |
Available information | Switching activity | Switching activity | Switching activity |
Register counts | # of fanouts (approx. Load capacitance: ) | Load capacitance (), resistance | |
Submodules (hierarchy) | Library definition | Library, parasitics, geometry, metal layers | |
Functional testbench | Functional and parametric testbench | Functional and parametric testbench | |
Simulation granularity | Transition of each clock cycle | n-time samples per clock cycle | Transistor level SPICE simulation |
For each submodule | For each node | For each transistor | |
Tool | Synopsys VCS (SAIF), Cadence Incisive (VCD) | Synopsys VCS (SAIF), Cadence Incisive (VCD) | Ansys Redhawk, Cadence Voltus, Spectre, Synopsys HSPICE |
Side-channel metric | TVLA, KL divergence | TVLA, KL divergence | TVLA, KL divergence |
Accuracy | Low | Medium | High |
Complexity | Medium | High | Very high |
Technique | Description | Applicability | Evaluation Time | Complexity | Accuracy | Technology Dependency |
NCSIM [49]/ PLAN/ PARAM [50] | Estimates power consumption at various abstraction levels. Focuses on gate-level DPA resistance. | Best for early-stage design and DPA resistance | Hours to days | High | Moderate to high | Low (Generic simulation tools) |
ACA [51] | Identifies leakage sources at cell granularity using a differential leakage model. | Complex SoC designs | Moderate | Moderate to high | High | Medium (Specific IC designs) |
RTL-PSC [7,41] | Assesses power side-channel leakage via RTL simulation, using transition counts to estimate power profiles. | Early design stages | Minutes to hours | Low to moderate | Moderate | Low (RTL design stages) |
PSC-TG [40] | Uses RTL information flow tracking to predict vulnerabilities, employing formal assertions to develop test patterns. | Early and middle design phases | Minutes to hours | Moderate | High | Medium (Depends on RTL info) |
MAPS [52] | Assesses leakage in cryptographic software on specific processors, focusing on pipeline leakages. | Software on ARM Cortex-M3 | Fast (seconds to minutes) | Low | High | High (Specific to ARM Cortex) |
KARNA [53] | Enhances side-channel security within the EDA flow by reconfiguring vulnerable gates to enhance resistance, using standard cell library gates without extras. | Final design stages, before manufacturing | Hours | Moderate to high | High | Medium (Depends on EDA tools) |
Technique | Description | Applicability | Evaluation Time | Complexity | Accuracy | Technology Dependency |
White-Box Analysis [54,55] | Focuses on detecting EM leakage from higher metal layers using detailed analysis and specific countermeasures. | High-level ICs susceptible to EM attacks | Hours to days | High | High | High (Specific IC designs) |
DEMA Simulation [56] | Utilizes a hybrid simulation approach combining gate-level and transistor-level analyses to identify EM vulnerabilities. | Early to mid-stage design phases | Hours to days | Moderate to high | High | Medium (Specific IC layouts) |
Multi-Physics Simulation [57] | Integrates layout-level power simulation with EM modeling and leakage analysis, enhanced by machine learning for POI detection. | Complex IC designs considering both front and back side emissions | Hours to days | High | Very high | High (Advanced IC designs) |
CAD4EM-P [60] | Enhances circuit resistance to EM SCA via security-oriented placement and routing within modern IC design flows. | Late-stage design phases focusing on EM SCA resistance | Hours | Moderate | High | Medium (Depends on EDA tools) |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (
Share and Cite
Bepary, M.K.; Zhang, T.; Farahmandi, F.; Tehranipoor, M. PreSCAN: A Comprehensive Review of Pre-Silicon Physical Side-Channel Vulnerability Assessment Methodologies. Chips 2024, 3, 311-333.
Bepary MK, Zhang T, Farahmandi F, Tehranipoor M. PreSCAN: A Comprehensive Review of Pre-Silicon Physical Side-Channel Vulnerability Assessment Methodologies. Chips. 2024; 3(4):311-333.
Chicago/Turabian StyleBepary, Md Kawser, Tao Zhang, Farimah Farahmandi, and Mark Tehranipoor. 2024. "PreSCAN: A Comprehensive Review of Pre-Silicon Physical Side-Channel Vulnerability Assessment Methodologies" Chips 3, no. 4: 311-333.
APA StyleBepary, M. K., Zhang, T., Farahmandi, F., & Tehranipoor, M. (2024). PreSCAN: A Comprehensive Review of Pre-Silicon Physical Side-Channel Vulnerability Assessment Methodologies. Chips, 3(4), 311-333.