Side Channel Analysis Countermeasures using Obfuscated Instructions

Proven cryptographic algorithms using adequate key sizes are widely used as the primary protection scheme for software programs and hardware circuits. However, it has been shown that detailed analysis of physical circuit manifestations reveal enough information to help adversaries determine the cipher key. Thus, even the strongest algorithms and techniques can be defeated after key extraction. We illustrate a novel technique towards protecting encryption circuits from specific types of side channel analysis attacks utilizing electromagnetic (EM) and radio frequency (RF) probes. Three encryption algorithms, AES, RSA, and DES, implemented in Java are tested on an FPGA to determine their side channel vulnerabilities. Then, select Java bytecodes are obfuscated dynamically through multiple and fundamentally different execution options for satisfying the function during runtime. The obfuscation techniques cause the power signature and execution time to differ each time the specific bytecode is executed within the same encryption routine. Within our experimental framework, all three encryption algorithms had their respective secret keys extracted. After obfuscation countermeasures were applied, DES and RSA encryption circuits are protected successfully from previous side channel exploits. With protection in place, adversaries must collect and expend a minimum of 4 times the effort to exploit protected circuits.