A Very Noisy Signal: Intel Circuit Squashes Side-Channel Sniffing

Photo: Georgia Institute of Technology
The Georgia Tech team concluded that it would take an attacker up to 3,579 times longer to figure out the encryption key for their circuit, compared with a standard model.

Encryption sounds beautifully simple at its core: Encoded messages can’t be read unless you’re authorized with a key to decode them. But through a sneaky attack called side-channel sniffing, unauthorized bad actors can figure out the key by measuring the encryption engine’s power consumption or electromagnetic outputs and having a computer do a bit of math.

Now, an Intel-funded team at the Georgia Institute of Technology has created a circuit with significantly increased resistance to those side-sniffing attacks.

The circuit masks electromagnetic and power emissions by introducing random noise into the signal and scrambling the timing of the outputs. And unlike other masking methods, it does so with only a 10-percent performance overhead.

“Side-sniffing has been a longtime problem in cryptography, and we’ve always known that you could theoretically make the chip do 1,000 redundant jobs to mask the signal,” says Saibal Mukhopadhyay, a professor at Georgia Tech’s School of Electrical and Computer Engineering and co-author of the November paper [account signup required] describing the study. “But [previously, that wasn’t] realistic unless you were okay with the battery running out in 15 minutes. That’s where we got interested, because as circuit designers we know how to make things last longer.”

Mukhopadhyay’s team began this journey in late 2015, when they were working on ways to reduce circuits’ power requirements. That work had nothing to do with side-sniffing, Mukhopadhyay notes, but he and his students realized power reduction could be an important element of a solution to that problem.

For the next few years, they worked on the circuit, which uses an all-digital version of a traditionally analog low-dropout voltage regulator to power 128-bit encryption engines. The engines they were using injected noise into the chip’s emissions and scrambled the timing of outputs. The result: Sniffing out the encryption key for this type of circuit would take an attacker as much as 3,579 times as long as it would with a standard circuit, which can be broken in a matter of minutes—or seconds in some cases.

“Any [encryption key] can eventually be broken if you have the computer work on it long enough, but the key is to make it take so long that it’s not worth it,” says Mukhopadhyay, an IEEE Fellow. “Making it take 20 minutes instead of one minute, isn’t that exciting. But when you can get to several days or a week, it gets interesting.”

The team published the first paper on the work in 2017, “which marked the first time [we could demonstrate this resistance to side-channel sniffing] in silicon…using an inductive regulator—a component which the chips already have,” says Mukhopadhyay. At that point, he and his colleagues knew that “We could really make it difficult for someone to steal a cryptographic key.”

The team published additional work in November 2018, and it presented at last month’s IEEE International Solid State Circuit Conference (ISSCC). Intel funded the research and has been a “close collaborator,” Mukhopadhyay says, with the company visiting the campus frequently and students in turn visiting Intel.

“There are things we can do at the university in the lab setting, but you have to bridge the gap when you’re talking about making a real product,” Mukhopadhyay says.

That real-world lens has been a core part of the approach from the beginning. Mukhopadhyay says he’s most excited that the solution involves simply “repurposing” existing regulators in the circuits.

“Energy and security have to be taken as a coupled problem, because you must think of security in the context of the entire system rather than as an independent issue,” Mukhopadhyay says. “You can lock a chip in a room and make sure no one comes near it, or you can add the noise of 1,000 redundant tasks and kill the battery in 15 minutes. Both of those would keep it secure but they’re not realistic in the real world.”

While there is still more testing to be done to ensure the signal-masking works across different types of encryption and hardware, Mukhopadhyay is optimistic.

“If we can get security at low power and cost,” he says, “we expect this to have an impact on everything from sensors to high-performance computers.”

Read Next