Spread Spectrum-Based Countermeasures for Cryptographic RISC-V SoC

Side-channel analysis attacks have become the primary method for exploiting the vulnerabilities of cryptographic devices. Therefore, focusing on countermeasures to enhance the security level of these implementations evolves even more urgently. This article proposes a time-based hiding countermeasure by using spread-spectrum signals. In our RISC-V system on chip (SoC), cryptographic accelerators are given by random dynamic frequency-hopping signals. We found 223 available parameter sets for a Xilinx Mixed-Mode Clock Manage primitive in spread spectrum mode and achieved better effectiveness in the occupied bandwidth (OBW) metric. The mixed mode clock managers (MMCMs) output signal and the range of frequencies within the spread will be changed randomly, resulting in multiple clocks for individual encryption. The effectiveness of this proposal is demonstrated by conducting realistic side-channel attacks (SCAs) and state-of-the-art leakage assessment methodologies on the well-known data encryption standard, i.e., the Advanced Encryption Standard (AES) accelerator. Even though we used up to five million power traces, the test results show that our defense can stand up to a regular correlation power analysis (CPA) attack as well as alignment preprocessing methods, like CPA attacks that use a sliding window or an amplitude peak location algorithm. Furthermore, the t-test methodology cannot detect any first-order information leakage in five million traces; meanwhile, the deep learning leakage assessment (DLLA) requires nearly one million power traces in the training test to detect leakage points.