Side channel attack based upon the analysis of power traces is an effective way of obtaining the encryption key from secure processors. Power traces can be used to detect bitflips which betray the secure key. Balancing the bitflips with opposite bitflips have been proposed, by the use of opposite logic. This is an expensive solution, where the balancing processor continues to balance even when encryption is not carried out in the processor.

We propose, for the first time, a multiprocessor algorithmic balancing technique to prevent power analysis of a processor executing an AES cryptographic program, a popular encryption standard for embedded systems. Our technique uses a dual processor architecture where two processors execute the same program in parallel, but with complementary intermediate data, thus balancing the bitflips. The second processor works in conjunction with the first processor for balancing only when the AES encryption is performed, and both processors carry out independent tasks when no encryption is being performed.

Accessing the encryption key or the input data by the first processor begins the obfuscation by the second processor. To stop the encryption by the second processor, we use a novel signature detection technique, which detects the end of the encryption automatically. The multiprocessor balancing approach (MUTEAES) proposed here reduces performance by 0.42% and increases the size of the hardware by 2X (though reduces to 0.1% when no encryption is being performed). We show that Differential Power Analysis (DPA) fails when our technique is applied to AES. We further illustrate, that by the use of this balancing strategy, the adversary is left with noise from the power profile with little useful information.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	The PEAS Team. ASIP Meister, 2002. Available at: edameister. org/asipmeister.
	2	Chip Multi Processor Watch, 2007. Available at: http://view.eecs.berkeley.edu/wiki/Chip_Multi_Processor_Watch.
	3	Technology@Intel Magazine, 2007. Available at: http://www.intel.com/technology/magazine/computing/Core-programming-0606.htm.
	4	Mehdi-Laurent Akkar , Régis Bevan , Paul Dischamp , Didier Moyart, Power Analysis, What Is Now Possible..., Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.489-502, December 03-07, 2000
	5	Jude Angelo Ambrose , Roshan G. Ragel , Sri Parameswaran, A smart random code injection to mask power analysis based side channel attacks, Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis, September 30-October 03, 2007, Salzburg, Austria  [doi>10.1145/1289816.1289832]
	6	E. Brier, C. Clavier, and F. Olivier. Optimal Statistical Power Analysis, 2003. Cryptology ePrint Archive, Report 2003/152.
	7	E. Brier, C. Clavier, and F. Olivier. Correlation power analysis with a leakage model. In CHES, pages 16--29, 2004.
	8	David Brumley , Dan Boneh, Remote timing attacks are practical, Proceedings of the 12th conference on USENIX Security Symposium, p.1-1, August 04-08, 2003, Washington, DC
	9	Jean-Sébastien Coron , Louis Goubin, On Boolean and Arithmetic Masking against Differential Power Analysis, Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems, p.231-237, August 17-18, 2000
	10	J. Daemen and V. Rijmen. Resistance against implementation attacks: a comparative study of the AES proposals, 1999.
	11	M. T. DiBrino. Apparatus and method for managing interrupts in a multiprocessor system. U.S. Patent 5265215, 1993.
	12	C. Gebotys. A Table Masking Countermeasure for Low-Energy Secure Embedded Systems. IEEE Trans. on VLSI, 14(7):740--753, 2006.
	13	David D. Hwang , Patrick Schaumont , Kris Tiri , Ingrid Verbauwhede, Securing Embedded Systems, IEEE Security and Privacy, v.4 n.2, p.40-49, March 2006  [doi>10.1109/MSP.2006.51]
	14	A. Janapsatya, A. Ignjatovic, and S. Parameswaran. Exploiting statistical information for implementation of instruction scratch memory in embedded system. IEEE Trans. on VLSI, 14(8):816--829, 2006.
	15	M. Joye, P. Paillier, and B. Schoenmakers. On second-order differential power analysis. In CHES, pages 293--308, 2005.
	16	P. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. 1998. DPA First Article.
	17	S. Mangard. A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion. In icisc 2002, pages 343--358, 2003.
	18	David May , Henk L. Muller , Nigel P. Smart, Non-deterministic Processors, Proceedings of the 6th Australasian Conference on Information Security and Privacy, p.115-129, July 11-13, 2001
	19	Thomas S. Messerges , Ezzy A. Dabbish , Robert H. Sloan, Investigations of power analysis attacks on smartcards, Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, p.17-17, May 10-11, 1999, Chicago, Illinois
	20	Thomas S. Messerges , Ezzat A. Dabbish , Robert H. Sloan, Examining Smart-Card Security under the Threat of Power Analysis Attacks, IEEE Transactions on Computers, v.51 n.5, p.541-552, May 2002  [doi>10.1109/TC.2002.1004593]
	21	Radu Muresan , Catherine Gebotys, Current flattening in software and hardware for security applications, Proceedings of the 2nd IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis, September 08-10, 2004, Stockholm, Sweden  [doi>10.1145/1016720.1016773]
	22	Mladen Nikitovic , Mats Brorsson, An adaptive chip-multiprocessor architecture for future mobile terminals, Proceedings of the 2002 international conference on Compilers, architecture, and synthesis for embedded systems, October 08-11, 2002, Grenoble, France  [doi>10.1145/581630.581638]
	23	E. Oswald, S. Mangard, C. Herbst, and S. Tillich. Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In ct-rsa 2006, pages 192--207. Springer, 2006.
	24	Jorgen Peddersen , Seng Lin Shee , Andhi Janapsatya , Sri Parameswaran, Rapid Embedded Hardware/Software System Generation, Proceedings of the 18th International Conference on VLSI Design held jointly with 4th International Conference on Embedded Systems Design, p.111-116, January 03-07, 2005  [doi>10.1109/ICVD.2005.145]
	25	Jean-Jacques Quisquater , David Samyde, ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards, Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security, p.200-210, September 19-21, 2001
	26	Girish B. Ratanpal , Ronald D. Williams , Travis N. Blalock, An On-Chip Signal Suppression Countermeasure to Power Analysis Attacks, IEEE Transactions on Dependable and Secure Computing, v.1 n.3, p.179-189, July 2004  [doi>10.1109/TDSC.2004.25]
	27	T. Samuelsson, M. Akerholm, P. Nygren, J. Stärner, and L. Lindh. A comparison of multiprocessor real-time operating systems implemented in hardware and software. In ARTOSS, Porto, Portugal, July 2003.
	28	H. Saputra , N. Vijaykrishnan , M. Kandemir , M. J. Irwin , R. Brooks , S. Kim , W. Zhang, Masking the Energy Behavior of DES Encryption, Proceedings of the conference on Design, Automation and Test in Europe, p.10084, March 03-07, 2003
	29	S. Shimizu , H. Ishikawa , A. Satoh , T. Aihara, On-demand design service innovations, IBM Journal of Research and Development, v.48 n.5/6, p.751-765, September/November 2004
	30	Danil Sokolov , Julian Murphy , Alexander Bystrov , Alex Yakovlev, Design and Analysis of Dual-Rail Circuits for Security Applications, IEEE Transactions on Computers, v.54 n.4, p.449-460, April 2005  [doi>10.1109/TC.2005.61]
	31	K. Tiri , D. Hwang , A. Hodjat , B. Lai , S. Yang , P. Schaumont , I. Verbauwhede, A side-channel leakage free coprocessor IC in 0.18µm CMOS for embedded AES-based cryptographic and biometric processing, Proceedings of the 42nd annual conference on Design automation, June 13-17, 2005, Anaheim, California, USA  [doi>10.1145/1065579.1065639]
	32	Kris Tiri , Ingrid Verbauwhede, A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation, Proceedings of the conference on Design, automation and test in Europe, p.10246, February 16-20, 2004
	33	K. Tiri and I. Verbauwhede. A digital design flow for secure integrated circuits. In IEEE Trans. on CAD of Integrated Circuits and Systems, volume 25, pages 1197--1208, 2006.
	34	Elena Trichina , Domenico De Seta , Lucia Germani, Simplified Adaptive Multiplicative Masking for AES, Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems, p.187-197, August 13-15, 2002
	35	J. Waddle and D. Wagner. Towards efficient second-order power analysis. In CHES, pages 1--15, 2004.
	36	Wayne Wolf, Multimedia Applications of Multiprocessor Systems-on-Chips, Proceedings of the conference on Design, Automation and Test in Europe, p.86-89, March 07-11, 2005  [doi>10.1109/DATE.2005.217]