Chris Morrison, Director of Product Marketing, Agile Analog
Over the last decade there has been a significant rise in the frequency and severity of side-channel attacks (SCAs). This Agile Analog blog post outlines some examples of applications that could be impacted by voltage side-channel attacks and explains how agileVGLITCH, our voltage glitch detection solution, can help offer protection.
Voltage side-channel attacks involve unscrupulous individuals attempting to break into electronic systems by using glitching techniques. A successful SCA can expose sensitive data and place the SoC (System on Chip) at risk.
The Agile Analog team has developed a voltage glitch detector IP (agileVGLITCH) that can be integrated into a SoC design to determine when such an attack is occurring and to enable counter-measures. This customizable IP block, along with Agile Analog's temperature glitch detector IP (agileTGLITCH) and clock attack monitor IP (agileCAM) work together to check vital parameters like voltage, temperature, and clock. Changes, such as supply voltage fluctuations or power supply manipulation, might signal an attack on the chip. In this situation, a digital alarm will alert the SoC's processor.
Here are a few examples of applications that could be vulnerable to voltage side-channel attacks.
IoT security system: Using a voltage glitching device the debug mode of an IoT security system can be accessed during a SCA, which then allows all the data associated with the authorized keys to be read, enabling someone to enter the property unrecorded. With agileVGLITCH embedded this detects the voltage glitch incident, informing the system about this unusual activity, as well as providing a time and date that can help to identify the offender.
Security camera: It’s possible that hackers could intercept a security camera before purchase, updating the firmware so it redirects the video recordings to them. This type of SCA means a hacker can reflash unauthorized firmware without going through the standard boot-signing process, resetting the security key to a known value. The agileVGLITCH solution can foil this attempt, stopping unauthorized programmes from being added to the system.
Satellite TV receiver: Removing Digital Rights Management (DRM) from films broadcast over a satellite channel can be achieved by installing a voltage glitcher on a HDMI controller supply to a satellite receiver with a valid subscription. A hacker is able to reset the HDMI output to be non-HDCP validated, allowing decrypted HD content to be sent to a non-secure device. This then re-encodes the content without protection. A voltage glitch detector like agileVGLITCH can discover the voltage glitching and prevent this from happening.
There are four key components of the agileVGLITCH solution:
Bandgap: This is set to operate over a wide voltage range to ensure extensive glitch monitoring and a precise voltage reference. There is a bootstrap circuit for reliable turn-on during start-up and an option for production trimming for enhanced levels of accuracy.
Programmable comparators: There are two programmable comparators to identify over-voltage and under-voltage glitches. The thresholds are configurable for glitch detection and the level-shifters are incorporated to allow the IOs to be driven from the core supply.
Reference selectors: These provide configurable input voltages to the programmable comparators, so it is possible for the glitch side to be adjusted. The thresholds can also be changed, for example, in the case of Dynamic Voltage and Frequency Scaling (DVFS).
Logic: This follows each comparator and provides control of enables based on the digital inputs, latching momentary events on the output of comparators, disabling outputs during testing, as well as 3-way majority voting on the latched outputs.
Optional ADC: There is also the option to include a SAR ADC (Analog-to-Digital Converter) in order to measure the supply value. This can be used for monitoring of the device for issues such as performance degradation.
Unfortunately, it’s likely that side-channel attacks will continue to be an ongoing problem. Therefore, it is important for organizations to be prepared and to implement counter-measures. The combination of Agile Analog's security IP solutions embedded inside an electronic device can help to provide protection from a variety of different vulnerabilities and threats.
Take a look at our Security IP section to learn more about our Voltage Glitch Detector, Temperature Glitch Detector and Clock Attack Monitor.
Agile Analog is transforming the world of analog IP with Composa™, its innovative, highly configurable, multi-process analog IP technology. Headquartered in Cambridge, UK, with a growing number of customers across the globe, Agile Analog has developed a unique way to automatically generate analog IP that meets the customer’s exact specifications, for any foundry and on any process, from legacy nodes right up to the leading edge. The company provides a wide-range of novel analog IP and subsystems for data conversion, power management, IC monitoring, security and always-on IP, with applications including; data centers/HPC, IoT, AI, quantum computing, automotive and aerospace. The digitally wrapped and verified solutions can be seamlessly integrated into any SoC, significantly reducing complexity, time and costs, helping to accelerate innovation in semiconductor design.
Senior IT System Administrator
Core Technology · Head Office · Hybrid Remote
IT Support Engineer Linux/Mac
Core Technology · Head Office · Hybrid Remote
Senior staff Analog Engineer
Core Technology · Head Office · Hybrid Remote
To keep up with our company announcements, industry collaborations and key product developments, please check out our press releases.
