Blindsight: Blinding EM Side-Channel Leakage using Built-In Fully Integrated Inductive Voltage Regulator

Modern high-performance as well as powerconstrained System-on-Chips (SoC) are increasingly using hardware accelerated encryption engines to secure computation, memory access, and communication operations. The electromagnetic (EM) emission from a chip leaks information of the underlying logical operation being performed by the chip. As the EM information leakage can be collected using low-cost instruments and non-invasive measurements, EM based sidechannel attacks (EMSCA) have emerged as a major threat to security of encryption engines in a SoC. This paper presents the concept of Blindsight where an high-frequency inductive voltage regulator integrated on the same chip with an encryption engine is used to increase resistance against EMSCA. High-frequency (∼100MHz) inductive integrated voltage regulators (IVR) are present in modern microprocessors to improve energy-efficiency. We show that an IVR with a randomized control loop (RIVR) can reduce EMSCA as the integrated inductance acts as a strong EM emitter and blinds an adversary from EM emission of the encryption engine. The measurements are performed on a prototype circuit board with a test-chip containing two architectures of a 128-bit Advanced Encryption Standard (AES) engine powered by a high-frequency (125MHz) R-IVR with wirebond inductor. The EM measurements are performed under two attack scenarios, one, where an adversary gains complete physical access of the target device (EMSCA with Physical Access) and the other, where the adversary is only in proximity of the device (Proximity EMSCA). The resistance to EMSCA is characterized considering a naive adversary as well as a skilled one with intelligent post-processing capabilities. In both attack modes, for a naive adversary, EM emission from a baseline IVR (B-IVR, without control loop randomization) increases EMSCA resistance compared to a standalone AES engine. However, a skilled adversary with intelligent post-processing can observe information leakage in Test Vector Leakage Assessment (TVLA) test. Subsequently, we show that EM emission from the R-IVR blinds the attacker and significantly reduces SCA vulnerability of the AES engine. A range of practical side-channel analysis including TVLA, Correlation Electromagnetic Analysis (CEMA), and a template based CEMA shows that R-IVR can reduce information leakage and prevent key extraction even against a skilled adversary.