Side-channel attack

Last updated
An attempt to decode RSA key bits using power analysis. The left pulse represents the CPU power variations during the step of the algorithm without multiplication, the broader right pulse - step with multiplication, allowing an attacker to read bits 0, 1. Power attack.png
An attempt to decode RSA key bits using power analysis. The left pulse represents the CPU power variations during the step of the algorithm without multiplication, the broader right pulse – step with multiplication, allowing an attacker to read bits 0, 1.

In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorithm itself (e.g. flaws found in a cryptanalysis of a cryptographic algorithm) or minor, but potentially devastating, mistakes or oversights in the implementation. (Cryptanalysis also includes searching for side-channel attacks.) Timing information, power consumption, electromagnetic leaks, and sound are examples of extra information which could be exploited to facilitate side-channel attacks.

Contents

Some side-channel attacks require technical knowledge of the internal operation of the system, although others such as differential power analysis are effective as black-box attacks. The rise of Web 2.0 applications and software-as-a-service has also significantly raised the possibility of side-channel attacks on the web, even when transmissions between a web browser and server are encrypted (e.g. through HTTPS or WiFi encryption), according to researchers from Microsoft Research and Indiana University. [1]

Attempts to break a cryptosystem by deceiving or coercing people with legitimate access are not typically considered side-channel attacks: see social engineering and rubber-hose cryptanalysis.

General classes of side-channel attack include:

In all cases, the underlying principle is that physical effects caused by the operation of a cryptosystem (on the side) can provide useful extra information about secrets in the system, for example, the cryptographic key, partial state information, full or partial plaintexts and so forth. The term cryptophthora (secret degradation) is sometimes used to express the degradation of secret key material resulting from side-channel leakage.

Examples

A cache side-channel attack works by monitoring security critical operations such as AES T-table entry [2] [3] [4] or modular exponentiation or multiplication or memory accesses. [5] The attacker then is able to recover the secret key depending on the accesses made (or not made) by the victim, deducing the encryption key. Also, unlike some of the other side-channel attacks, this method does not create a fault in the ongoing cryptographic operation and is invisible to the victim.

In 2017, two CPU vulnerabilities (dubbed Meltdown and Spectre) were discovered, which can use a cache-based side channel to allow an attacker to leak memory contents of other processes and the operating system itself.

A timing attack watches data movement into and out of the CPU or memory on the hardware running the cryptosystem or algorithm. Simply by observing variations in how long it takes to perform cryptographic operations, it might be possible to determine the entire secret key. Such attacks involve statistical analysis of timing measurements and have been demonstrated across networks. [6]

A power-analysis attack can provide even more detailed information by observing the power consumption of a hardware device such as CPU or cryptographic circuit. These attacks are roughly categorized into simple power analysis (SPA) and differential power analysis (DPA). One example is Collide+Power, which affects nearly all CPUs. [7] [8] [9] Other examples use machine learning approaches. [10]

Fluctuations in current also generate radio waves, enabling attacks that analyze measurements of electromagnetic (EM) emanations. These attacks typically involve similar statistical techniques as power-analysis attacks.

A deep-learning-based side-channel attack, [11] [12] [13] using the power and EM information across multiple devices has been demonstrated with the potential to break the secret key of a different but identical device in as low as a single trace.

Historical analogues to modern side-channel attacks are known. A recently declassified NSA document reveals that as far back as 1943, an engineer with Bell telephone observed decipherable spikes on an oscilloscope associated with the decrypted output of a certain encrypting teletype. [14] According to former MI5 officer Peter Wright, the British Security Service analyzed emissions from French cipher equipment in the 1960s. [15] In the 1980s, Soviet eavesdroppers were suspected of having planted bugs inside IBM Selectric typewriters to monitor the electrical noise generated as the type ball rotated and pitched to strike the paper; the characteristics of those signals could determine which key was pressed. [16]

Power consumption of devices causes heating, which is offset by cooling effects. Temperature changes create thermally induced mechanical stress. This stress can create low level acoustic emissions from operating CPUs (about 10 kHz in some cases). Recent research by Shamir et al. has suggested that information about the operation of cryptosystems and algorithms can be obtained in this way as well. This is an acoustic cryptanalysis attack.

If the surface of the CPU chip, or in some cases the CPU package, can be observed, infrared images can also provide information about the code being executed on the CPU, known as a thermal-imaging attack.[ citation needed ]

An optical side-channel attack examples include gleaning information from the hard disk activity indicator [17] to reading a small number of photons emitted by transistors as they change state. [18]

Allocation-based side channels also exist and refer to the information that leaks from the allocation (as opposed to the use) of a resource such as network bandwidth to clients that are concurrently requesting the contended resource. [19]

Countermeasures

Because side-channel attacks rely on the relationship between information emitted (leaked) through a side channel and the secret data, countermeasures fall into two main categories: (1) eliminate or reduce the release of such information and (2) eliminate the relationship between the leaked information and the secret data, that is, make the leaked information unrelated, or rather uncorrelated, to the secret data, typically through some form of randomization of the ciphertext that transforms the data in a way that can be undone after the cryptographic operation (e.g., decryption) is completed.

Under the first category, displays with special shielding to lessen electromagnetic emissions, reducing susceptibility to TEMPEST attacks, are now commercially available. Power line conditioning and filtering can help deter power-monitoring attacks, although such measures must be used cautiously, since even very small correlations can remain and compromise security. Physical enclosures can reduce the risk of surreptitious installation of microphones (to counter acoustic attacks) and other micro-monitoring devices (against CPU power-draw or thermal-imaging attacks).

Another countermeasure (still in the first category) is to jam the emitted channel with noise. For instance, a random delay can be added to deter timing attacks, although adversaries can compensate for these delays by averaging multiple measurements (or, more generally, using more measurements in the analysis). When the amount of noise in the side channel increases, the adversary needs to collect more measurements.

Another countermeasure under the first category is to use security analysis software to identify certain classes of side-channel attacks that can be found during the design stages of the underlying hardware itself. Timing attacks and cache attacks are both identifiable through certain commercially available security analysis software platforms, which allow for testing to identify the attack vulnerability itself, as well as the effectiveness of the architectural change to circumvent the vulnerability. The most comprehensive method to employ this countermeasure is to create a Secure Development Lifecycle for hardware, which includes utilizing all available security analysis platforms at their respective stages of the hardware development lifecycle. [20]

In the case of timing attacks against targets whose computation times are quantized into discrete clock cycle counts, an effective countermeasure against is to design the software to be isochronous, that is to run in an exactly constant amount of time, independently of secret values. This makes timing attacks impossible. [21] Such countermeasures can be difficult to implement in practice, since even individual instructions can have variable timing on some CPUs.

One partial countermeasure against simple power attacks, but not differential power-analysis attacks, is to design the software so that it is "PC-secure" in the "program counter security model". In a PC-secure program, the execution path does not depend on secret values. In other words, all conditional branches depend only on public information. (This is a more restrictive condition than isochronous code, but a less restrictive condition than branch-free code.) Even though multiply operations draw more power than NOP on practically all CPUs, using a constant execution path prevents such operation-dependent power differences (differences in power from choosing one branch over another) from leaking any secret information. [21] On architectures where the instruction execution time is not data-dependent, a PC-secure program is also immune to timing attacks. [22] [23]

Another way in which code can be non-isochronous is that modern CPUs have a memory cache: accessing infrequently used information incurs a large timing penalty, revealing some information about the frequency of use of memory blocks. Cryptographic code designed to resist cache attacks attempts to use memory in only a predictable fashion (like accessing only the input, outputs and program data, and doing so according to a fixed pattern). For example, data-dependent table lookups must be avoided because the cache could reveal which part of the lookup table was accessed.

Other partial countermeasures attempt to reduce the amount of information leaked from data-dependent power differences. Some operations use power that is correlated to the number of 1 bits in a secret value. Using a constant-weight code (such as using Fredkin gates or dual-rail encoding) can reduce the leakage of information about the Hamming weight of the secret value, although exploitable correlations are likely to remain unless the balancing is perfect. This "balanced design" can be approximated in software by manipulating both the data and its complement together. [21]

Several "secure CPUs" have been built as asynchronous CPUs; they have no global timing reference. While these CPUs were intended to make timing and power attacks more difficult, [21] subsequent research found that timing variations in asynchronous circuits are harder to remove. [24]

A typical example of the second category (decorrelation) is a technique known as blinding . In the case of RSA decryption with secret exponent and corresponding encryption exponent and modulus , the technique applies as follows (for simplicity, the modular reduction by m is omitted in the formulas): before decrypting, that is, before computing the result of for a given ciphertext , the system picks a random number and encrypts it with public exponent to obtain . Then, the decryption is done on to obtain . Since the decrypting system chose , it can compute its inverse modulo to cancel out the factor in the result and obtain , the actual result of the decryption. For attacks that require collecting side-channel information from operations with data controlled by the attacker, blinding is an effective countermeasure, since the actual operation is executed on a randomized version of the data, over which the attacker has no control or even knowledge.

A more general countermeasure (in that it is effective against all side-channel attacks) is the masking countermeasure. The principle of masking is to avoid manipulating any sensitive value directly, but rather manipulate a sharing of it: a set of variables (called "shares") such that (where is the XOR operation). An attacker must recover all the values of the shares to get any meaningful information. [25]

Recently, white-box modeling was utilized to develop a low-overhead generic circuit-level countermeasure [26] against both EM as well as power side-channel attacks. To minimize the effects of the higher-level metal layers in an IC acting as more efficient antennas, [27] the idea is to embed the crypto core with a signature suppression circuit, [28] [29] routed locally within the lower-level metal layers, leading towards both power and EM side-channel attack immunity.

See also

Related Research Articles

<span class="mw-page-title-main">Advanced Encryption Standard</span> Standard for the encryption of electronic data

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage and exchange of data, where such data is secured and authenticated via encryption.

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

In computer security, a covert channel is a type of attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The term, originated in 1973 by Butler Lampson, is defined as channels "not intended for information transfer at all, such as the service program's effect on system load," to distinguish it from legitimate channels that are subjected to access controls by COMPUSEC.

A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also referred to as a cryptographic random number generator (CRNG).

<span class="mw-page-title-main">Timing attack</span> Cryptographic attack

In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input. Finding secrets through timing information may be significantly easier than using cryptanalysis of known plaintext, ciphertext pairs. Sometimes timing information is combined with cryptanalysis to increase the rate of information leakage.

A cryptosystem is considered to have information-theoretic security if the system is secure against adversaries with unlimited computing resources and time. In contrast, a system which depends on the computational cost of cryptanalysis to be secure is called computationally, or conditionally, secure.

<span class="mw-page-title-main">Power analysis</span> Form of side channel attack

Power analysis is a form of side channel attack in which the attacker studies the power consumption of a cryptographic hardware device. These attacks rely on basic physical properties of the device: semiconductor devices are governed by the laws of physics, which dictate that changes in voltages within the device require very small movements of electric charges (currents). By measuring those currents, it is possible to learn a small amount of information about the data being manipulated.

Information flow in an information theoretical context is the transfer of information from a variable to a variable in a given process. Not all flows may be desirable; for example, a system should not leak any confidential information to public observers—as it is a violation of privacy on an individual level, or might cause major loss on a corporate level.

<span class="mw-page-title-main">Physical unclonable function</span> Unreproducible object used in digital security

A physical unclonable function, or PUF, is a physical object whose operation cannot be reproduced ("cloned") in physical way, that for a given input and conditions (challenge), provides a physically defined "digital fingerprint" output (response). that serves as a unique identifier, most often for a semiconductor device such as a microprocessor. PUFs are often based on unique physical variations occurring naturally during semiconductor manufacturing. A PUF is a physical entity embodied in a physical structure. PUFs are implemented in integrated circuits, including FPGAs, and can be used in applications with high-security requirements, more specifically cryptography, Internet of Things (IOT) devices and privacy protection.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.

A Hardware Trojan (HT) is a malicious modification of the circuitry of an integrated circuit. A hardware Trojan is completely characterized by its physical representation and its behavior. The payload of an HT is the entire activity that the Trojan executes when it is triggered. In general, Trojans try to bypass or disable the security fence of a system: for example, leaking confidential information by radio emission. HTs also could disable, damage or destroy the entire chip or components of it.

Elliptic curve scalar multiplication is the operation of successively adding a point along an elliptic curve to itself repeatedly. It is used in elliptic curve cryptography (ECC). The literature presents this operation as scalar multiplication, as written in Hessian form of an elliptic curve. A widespread name for this operation is also elliptic curve point multiplication, but this can convey the wrong impression of being a multiplication between two points.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

<span class="mw-page-title-main">Speck (cipher)</span> Family of block ciphers

Speck is a family of lightweight block ciphers publicly released by the National Security Agency (NSA) in June 2013. Speck has been optimized for performance in software implementations, while its sister algorithm, Simon, has been optimized for hardware implementations. Speck is an add–rotate–xor (ARX) cipher.

Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves. SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). Other applications include concealment of proprietary algorithms and of encryption keys.

Algebraic Eraser (AE) is an anonymous key agreement protocol that allows two parties, each having an AE public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key that can then be used to encrypt subsequent communications using a symmetric key cipher. Algebraic Eraser was developed by Iris Anshel, Michael Anshel, Dorian Goldfeld and Stephane Lemieux. SecureRF owns patents covering the protocol and unsuccessfully attempted to standardize the protocol as part of ISO/IEC 29167-20, a standard for securing radio-frequency identification devices and wireless sensor networks.

In cryptography, electromagnetic attacks are side-channel attacks performed by measuring the electromagnetic radiation emitted from a device and performing signal analysis on it. These attacks are a more specific type of what is sometimes referred to as Van Eck phreaking, with the intention to capture encryption keys. Electromagnetic attacks are typically non-invasive and passive, meaning that these attacks are able to be performed by observing the normal functioning of the target device without causing physical damage. However, an attacker may get a better signal with less noise by depackaging the chip and collecting the signal closer to the source. These attacks are successful against cryptographic implementations that perform different operations based on the data currently being processed, such as the square-and-multiply implementation of RSA. Different operations emit different amounts of radiation and an electromagnetic trace of encryption may show the exact operations being performed, allowing an attacker to retrieve full or partial private keys.

<span class="mw-page-title-main">Spectre (security vulnerability)</span> Processor security vulnerability

Spectre is one of the two original transient execution CPU vulnerabilities, which involve microarchitectural side-channel attacks. These affect modern microprocessors that perform branch prediction and other forms of speculation. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.

<span class="mw-page-title-main">Hertzbleed</span>

Hertzbleed is a hardware security attack which describes exploiting dynamic frequency scaling to reveal secret data. The attack is a kind of timing attack, bearing similarity to previous power analysis vulnerabilities. Hertzbleed is more dangerous than power analysis, as it can be exploited by a remote attacker. Disclosure of cryptographic keys is the main concern regarding the exploit but other uses of the attack have been demonstrated since its initial discovery.

References

  1. Shuo Chen; Rui Wang; XiaoFeng Wang & Kehuan Zhang (May 2010). "Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow" (PDF). Microsoft Research. IEEE Symposium on Security & Privacy 2010. Archived (PDF) from the original on 2016-06-17. Retrieved 2011-12-16.
  2. Ashokkumar C.; Ravi Prakash Giri; Bernard Menezes (2016). "Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks". 2016 IEEE European Symposium on Security and Privacy (EuroS&P). pp. 261–275. doi:10.1109/EuroSP.2016.29. ISBN   978-1-5090-1751-5. S2CID   11251391.
  3. Gorka Irazoqui; Mehmet Sinan Inci; Thomas Eisenbarth; Berk Sunar, Wait a minute! A fast, Cross-VM attack on AES (PDF), archived (PDF) from the original on 2017-08-11, retrieved 2018-01-07
  4. Yuval Yarom; Katrina Falkner, Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack (PDF), archived (PDF) from the original on 2017-07-05, retrieved 2018-01-07
  5. Mehmet S. Inci; Berk Gulmezoglu; Gorka Irazoqui; Thomas Eisenbarth; Berk Sunar, Cache Attacks Enable Bulk Key Recovery on the Cloud (PDF), archived (PDF) from the original on 2016-07-17, retrieved 2018-01-07
  6. David Brumley; Dan Boneh (2003). "Remote timing attacks are practical" (PDF). Archived (PDF) from the original on 2011-07-28. Retrieved 2010-11-05.
  7. Kovacs, Eduard (2023-08-01). "Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack". SecurityWeek. Archived from the original on 2024-07-11. Retrieved 2023-08-02.
  8. Claburn, Thomas. "Another CPU data-leak flaw found. Luckily, it's impractical". www.theregister.com. Retrieved 2023-08-02.
  9. Collide+Power, Institute of Applied Information Processing and Communications (IAIK), 2023-08-01, archived from the original on 2023-08-01, retrieved 2023-08-02
  10. Lerman, Liran; Bontempi, Gianluca; Markowitch, Olivier (1 January 2014). "Power analysis attack: an approach based on machine learning". International Journal of Applied Cryptography. 3 (2): 97–115. doi:10.1504/IJACT.2014.062722. ISSN   1753-0563. Archived from the original on 25 January 2021. Retrieved 25 September 2020.
  11. Timon, Benjamin (2019-02-28). "Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis". IACR Transactions on Cryptographic Hardware and Embedded Systems: 107–131. doi:10.13154/tches.v2019.i2.107-131. ISSN   2569-2925. S2CID   4052139. Archived from the original on 2021-11-12. Retrieved 2021-11-19.
  12. "X-DeepSCA: Cross-Device Deep Learning Side Channel Attack" Archived 2020-02-22 at the Wayback Machine by D. Das, A. Golder, J. Danial, S. Ghosh, A. Raychowdhury and S. Sen, in 56th ACM/IEEE Design Automation Conference (DAC) 2019.
  13. "Practical Approaches Toward Deep-Learning-Based Cross-Device Power Side-Channel Attack" Archived 2024-07-11 at the Wayback Machine by A. Golder, D. Das, J. Danial, S. Ghosh, A. Raychowdhury and S. Sen, in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Vol. 27, Issue 12, 2019.
  14. "Declassified NSA document reveals the secret history of TEMPEST". Wired. Wired.com. April 29, 2008. Archived from the original on May 1, 2008. Retrieved May 2, 2008.
  15. "An Introduction to TEMPEST | SANS Institute". Archived from the original on 2017-09-05. Retrieved 2015-10-06.
  16. Church, George (April 20, 1987). "The Art of High-Tech Snooping". Time. Archived from the original on June 4, 2011. Retrieved January 21, 2010.
  17. Eduard Kovacs (February 23, 2017), "Hard Drive LED Allows Data Theft From Air-Gapped PCs", Security Week, archived from the original on 2017-10-07, retrieved 2018-03-18
  18. J. Ferrigno; M. Hlaváč (September 2008), "When AES blinks: introducing optical side channel", IET Information Security, 2 (3): 94–98, doi:10.1049/iet-ifs:20080038, archived from the original on 2018-01-11, retrieved 2017-03-16
  19. S. Angel; S. Kannan; Z. Ratliff, "Private resource allocators and their Applications" (PDF), Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2020., archived (PDF) from the original on 2020-06-24, retrieved 2020-06-23
  20. Tortuga Logic (2018). "Identifying Isolation Issues in Modern Microprocessor Architectures". Archived from the original on 2018-02-24. Retrieved 2018-02-23.
  21. 1 2 3 4 "A Network-based Asynchronous Architecture for Cryptographic Devices" Archived 2011-09-29 at the Wayback Machine by Ljiljana Spadavecchia 2005 in sections "3.2.3 Countermeasures", "3.4.2 Countermeasures", "3.5.6 Countermeasures", "3.5.7 Software countermeasures", "3.5.8 Hardware countermeasures", and "4.10 Side-channel analysis of asynchronous architectures".
  22. "The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks" Archived 2009-04-19 at the Wayback Machine by David Molnar, Matt Piotrowski, David Schultz, David Wagner (2005).
  23. ""The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks" USENIX Work-in-Progress presentation of paper" (PDF). Archived (PDF) from the original on 2017-08-14. Retrieved 2014-10-04.
  24. Jeong, C.; Nowick, S. M. (January 2007). "Optimization of Robust Asynchronous Circuits by Local Input Completeness Relaxation". 2007 Asia and South Pacific Design Automation Conference. pp. 622–627. doi:10.1109/ASPDAC.2007.358055. ISBN   978-1-4244-0629-6. S2CID   14219703.
  25. "Masking against Side-Channel Attacks: A Formal Security Proof" Archived 2017-08-11 at the Wayback Machine by Emmanuel Prouff, Matthieu Rivain in Advances in Cryptology – EUROCRYPT 2013.
  26. "EM and Power SCA-Resilient AES-256 in 65nm CMOS Through >350× Current-Domain Signature Attenuation" Archived 2020-08-07 at the Wayback Machine by D. Das et al., in IEEE International Solid-State Circuits Conference (ISSCC), 2020,
  27. "STELLAR: A Generic EM Side-Channel Attack Protection through Ground-Up Root-cause Analysis" Archived 2020-02-22 at the Wayback Machine by D. Das, M. Nath, B. Chatterjee, S. Ghosh, and S. Sen, in IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, 2019.
  28. "ASNI: Attenuated Signature Noise Injection for Low-Overhead Power Side-Channel Attack Immunity" Archived 2020-02-22 at the Wayback Machine by D. Das, S. Maity, S.B. Nasir, S. Ghosh, A. Raychowdhury and S. Sen, in IEEE Transactions on Circuits and Systems I: Regular Papers, 2017, Vol. 65, Issue 10.
  29. "High efficiency power side-channel attack immunity using noise injection in attenuated signature domain" Archived 2020-02-22 at the Wayback Machine by D. Das, S. Maity, S.B. Nasir, S. Ghosh, A. Raychowdhury and S. Sen, in IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, 2017.

Further reading

Books

Articles