Side-channel sniffing is designed to grab encryption keys by measuring the power consumption or electromagnetic radiation emitted by the encryption engine, be it a CPU or other device. Google security researchers warned earlier this year that attacks such as Spectre wouldn’t end, unless chip manufacturers, like as AMD and Intel, changed their CPU architectures. To help protect against side-channel attacks, researchers from Georgia Tech and Intel have designed a circuit that mitigates sniffing by masking the electromagnetic and power emissions.
“Side-sniffing has been a longtime problem in cryptography, and we’ve always known that you could theoretically make the chip do 1,000 redundant jobs to mask the signal, but [previously, that wasn’t] realistic unless you were okay with the battery running out in 15 minutes. That’s where we got interested because as circuit designers we know how to make things last longer.” — Georgia Tech professor Saibal Mukhopadhya
Their circuit functions by introducing random noise into the signal, which scrambles the timing of the outputs. More specifically, the circuit employs an all-digital version of an analog low-dropout voltage regulator to power 128-bit encryption engines in 130nm CMOS using random fast voltage dithering (RFVD). An integrated voltage regulator with bond-wire inductors and an on-chip all-digital clock modulation circuit enable that RFVD.
According to the researchers, the circuit isn’t 100% effective at guarding against attacks, but it would take hackers 3,579 times as long to breach the platform over a standard circuit, which can be circumvented in a matter of minutes or seconds. What’s more, the circuit has a performance overhead of just 10%, and while that may not seem that great, it’s reportedly better than previous side-channel attack mitigations.