Enhancement of AES Security On FPGA: Mitigating Side Channel Attacks

Abstract

This work proposes a hardware-augmented variant of the Advanced Encryption Standard (AES) to mitigate side-channel attack (SCA) vulnerabilities. A suite of countermeasures, including noise injection, dummy operations, and current smoothing—aimed at normalising power and electromagnetic emissions, has been applied and evaluated. The augmented AES architecture is synthesised and evaluated on a field-programmable gate array (FPGA) platform using Vivado, demonstrating functional correctness and enhanced resistance to physical attacks with little resource overhead. This approach indicates the efficacy of integrating lightweight defences in cryptographic hardware, offering a fair trade-off between security and performance in practical implementations.

Introduction

• The Advanced Encryption Standard (AES) is widely used in secure applications due to its cryptographic strength and performance.

• Despite algorithmic security, hardware implementations of AES are vulnerable to side-channel attacks (SCAs), which exploit physical leakages like:

  • Power consumption,

  • Electromagnetic (EM) emissions,

  • Timing variations.

• These threats are especially serious in embedded systems and IoT devices, where attackers may have physical access.

2. Common Side-Channel Attacks

• Simple Power Analysis (SPA): Observes power patterns directly.

• Differential Power Analysis (DPA): Uses statistical analysis of multiple power traces to extract keys.

• Electromagnetic Analysis (EMA): Reads EM emissions, often more effectively and contact-free.

• Growing attack sophistication (with ML, signal processing, etc.) demands low-cost and scalable defences.

3. Contributions of This Work

• Proposes three lightweight, RTL-level countermeasures:

  1. Noise Injection

  2. Dummy Operations

  3. Current Smoothing

• These methods aim to disrupt the correlation between physical leakages and secret key operations.

• Validated on Artix-7 FPGA using Xilinx Vivado Design Suite.

4. Related Work

• Previous efforts range from deep learning-based defences, reconfigurable hardware, to graph-based vulnerability detection.

• Challenges in prior works include:

  • High resource overhead,

  • Limited scalability,

  • Targeting specific types of attacks.

5. Threat Model

• Assumes the attacker has non-invasive physical access (e.g., smart cards, FPGAs).

• Attacker can perform:

  • Black-box attacks (only ciphertext),

  • Gray-box attacks (controlled inputs),

  • White-box attacks (input control, no key access).

• Goal: Recover the AES key from power or EM emissions.

6. Proposed Methodology

The methodology includes four phases:

• Threat Analysis:

  • Identifies vulnerable areas in AES (e.g., S-Box, key scheduling).

  • Targets both power and EM leakage sources.

• Countermeasure Design:

  • Noise Injection: Adds random switching/noise to obscure data-dependent signals.

  • Dummy Operations: Inserts fake computations to confuse attackers.

  • Current Smoothing: Evens out power usage over time to hide operational patterns.

• Hardware Implementation:

  • Implemented and tested on Artix-7 FPGA.

  • Uses a Tektronix oscilloscope to capture power traces during encryption.

• Evaluation & Validation:

  • Compared standard vs. protected AES cores in terms of:

    • Power traces,

    • Area (LUTs, FFs),

    • Functionality (validated with AES test vectors).

7. Results and Analysis

• Power Trace Comparison:

  • The protected AES design shows less distinguishable power patterns, indicating better resistance to SCAs.

• Area Overhead:

  • Minor increase in resource usage, validating the low-cost nature of the approach.

• Functionality:

  • Encryption correctness preserved despite added protections.

  • Verified using standard simulation and testbenches in Vivado.

Conclusion

This paper presents the design, implementation, and evaluation of a single hardware-focused countermeasure approach against side-channel analysis (SCA) vulnerabilities in cryptographic hardware. The approach utilises three complementary methods—randomisation, noise injection, and current smoothing—within a single framework. The methods were selected because they could mask power consumption profiles in combination and inject sources of randomness into the hardware operation, hence making the hardware more power-side-channel attack proof. The countermeasure suite was implemented on an FPGA platform, and the design was synthesised to analyse the impact on area and timing performance. Power traces were collected from the FPGA under cryptographic load to evaluate the effectiveness of the two-layer protection technique. The two-layer testing allowed a complete evaluation of how the proposed techniques fare in an actual hardware environment, balancing security enhancement and implementation expense. The findings of the present work highlight the value of an end-to-end, multi-faceted approach to side-channel resistance enhancement that takes advantage of randomness and signal camouflage to shield sensitive operations from unwanted physical probing. Future work might explore the deployment of the countermeasures in ASIC designs, where power dissipation and performance constraints are varied from those in FPGA-based implementations. Additionally, the integration of machine learning-driven leakage detection into the design process might provide more dynamic guidance for tuning the security-functionality balance

References

[1] M. Alioto, \"Trends in Hardware Security: From Basics to ASICs,\" in IEEE Solid-State Circuits Magazine, vol. 11, no. 3, pp. 56-74, August 2019 [2] L. Kampel, P. Kitsos and D. E. Simos, \"Locating Hardware Trojans Using Combinatorial Testing for Cryptographic Circuits,\" in IEEE Access, vol. 10, pp. 18787-18806, 2022 [3] A. Srivastava ;Sanjay Das and Navnil Choudhary, \"SCAR: Power Side-Channel Analysis at RTL Level,\" in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 32, no. 6, pp. 1110-1123, June 2024 [4] Luca Crocetti, Luca Baldanzi, Matteo Bertolucci, Luca Sarti, Berardino Carnevale, Luca Fanucci \" A simulated approach to evaluate side-channel attack countermeasures for the Advanced Encryption Standard”, Integration, vol. 68, pp. 80-86, September 2019 [5] J. R. Rao and B. Sunar, “A very compact S-Box for AES”, in Cryptographic Hardware and Embedded Systems – CHES, vol. 3659, pp. 441–455, 2005 [6] V. Iyer, M. Wang, J. Kulkarni and A. E. Yilmaz, \"A Systematic Evaluation of EM and Power Side-Channel Analysis Attacks on AES Implementations,\" 2021 IEEE International Conference on Intelligence and Security Informatics (ISI), San Antonio, TX, USA, 2021, pp. 1-6 [7] T. Moos, A. Moradi and B. Richter, \"Static Power Side-Channel Analysis—An Investigation of Measurement Factors,\" in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 28, no. 2, pp. 376-389, Feb. 2020 [8] S R Bommana, Sreehari V, Syed Ershad and M B Srinivas \"Mitigating Side-Channel Attacks on FPGA through Deep Learning and Dynamic Reconfiguration,\" Scientific Reports, vol. 14, no. 1, pp. 1–13, 202 [9] Akter, S., Khalil, K. & Bayoumi, M. A survey on hardware security: Current trends and challenges. IEEE Access. 11, 77543–77565 (2023). [10] Piessens, F. & van Oorschot, P. C. Side-channel attacks: A short tour. IEEE Secur. Priv. 22, 75–80 (2024). [11] Prates, N., Vergütz, A., Macedo, R. T., Santos, A. & Nogueira, M. A defense mechanism for timing-based side-channel attacks on iot traffic. In GLOBECOM 2020-2020 IEEE Global Communications Conference, 1–6 (IEEE, 2020) [12] Gattu, N., Khan, M. N. I., De, A. & Ghosh, S. Power side channel attack analysis and detection. In Proceedings of the 39th International Conference on Computer-Aided Design, 1–7 (2020). [13] He, J., Guo, X., Tehranipoor, M. M., Vassilev, A. & Jin, Y. Em side channels in hardware security: Attacks and defenses. IEEE Des. Test. 39, 100–111 (2022). [14] Harrison, J., Toreini, E. & Mehrnezhad, M. A practical deep learning-based acoustic side channel attack on keyboards. In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW). 270–280 (IEEE, 2023). [15] Boutros, A. & Betz, V. FPGA architecture: Principles and progression. IEEE Circuits Syst. Mag. 21, 4–29 (2021).

Copyright

Copyright © 2025 Arcot Someshwaran Tushar, Nirmala Devi M. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.