ShuffleV: A Microarchitectural Defense Strategy against Electromagnetic Side-Channel Attacks in Microprocessors

Abstract

ShuffleV is a novel microarchitectural defense strategy developed to counter Electromagnetic Side-Channel Attacks (EM SCAs) by adopting a Moving Target Defense (MTD) philosophy. It integrates hardware units into the open-source RISC-V core to randomly shuffle instruction execution order and optionally insert dummy instructions, effectively nullifying the statistical observations required by attackers. Validated on an FPGA using AES encryption and neural network inference, ShuffleV provides automatic, non-invasive protection against physical attacks.

Report

Key Highlights

• Defense Mechanism: ShuffleV is a microarchitectural strategy specifically designed to defend microprocessors against Electromagnetic Side-Channel Attacks (EM SCAs).
• Security Philosophy: It implements a Moving Target Defense (MTD) approach, aiming to disrupt the statistical consistency across repetitive program runs.
• Core Functionality: The defense relies on hardware units that randomize the execution order of program instructions and can optionally insert spurious, dummy instructions.
• Implementation Target: ShuffleV is built upon the open-source RISC-V core architecture.
• Design Flexibility: The paper presents six distinct design options to cater to various application scenarios and performance requirements.
• Non-Invasive Protection: The protection is automatic, requiring no user intervention or modifications to the application software.

Technical Details

• Architectural Integration: The defense mechanism is implemented via dedicated hardware units integrated directly into the processor microarchitecture.
• Randomization Technique: The mechanism primarily relies on execution shuffling to decorrelate the EM emanation timing from the actual program flow across different executions.
• Noise Injection: Dummy instructions can be inserted to increase the measurable noise and further obscure the leakage trace.
• Evaluation Tools: The authors developed a specialized ShuffleV simulator, allowing users to: (1) estimate the performance overhead for each design option, and (2) generate execution traces to verify the randomness achieved under specific workloads.
• Validation Platform: The ShuffleV design was practically implemented and validated on a Xilinx PYNQ-Z2 Field-Programmable Gate Array (FPGA).
• Victim Applications: Validation tests were performed successfully against two critical targets prone to SCAs: the AES encryption algorithm and neural network inference models.

Implications

• RISC-V Security Enhancement: ShuffleV provides a critical, microarchitectural security hardening layer for the rapidly growing RISC-V ecosystem, especially important for constrained IoT and embedded devices handling sensitive data.
• Physical Security Advancement: By integrating MTD concepts directly into the silicon architecture, this work significantly raises the bar for hardware side-channel adversaries, demanding much more complex attack methodologies.
• Usability and Deployment: The ability of ShuffleV to provide protection automatically, without requiring software or compiler changes, greatly simplifies its adoption in existing and future hardware designs.
• Protecting AI/ML Models: Demonstrating effectiveness against neural network inference addresses a rising concern regarding the confidentiality of proprietary AI hyperparameters and models deployed on edge devices.