Side-channel information leakage analysis and countermeasures in an embedded CPU microarchitecture

•Based on the implementation of the AES-128, a detailed analysis of side-channel information leakage in an embedded CPU and its components from the perspective of hardware architecture is carried out, to guide the design of a security CPU.•According to the results of information leakage analysis, three flexibly configurable countermeasures are proposed and implemented on the embedded CPU. Compared with current works on side-channel analysis of the CPU architecture, this article mainly studies hardware-based countermeasures according to the leakage analysis in different CPU components, and achieves a better anti-attack effect.•Furthermore, the effects of the three countermeasures are analyzed and compared. Side-channel attacks (SCAs) have become a significant threat nowadays to cryptographic devices, especially central processing units (CPUs). Based on the implementation of AES-128, the side-channel information leakage analysis is carried out in a 32-bit CPU microarchitecture in this work. Correlation power analysis (CPA) results show that it is obvious to reveal the secret key by using only 30 power traces based on the net-list simulation. Three flexibly configurable hardware-based countermeasures are proposed to prevent information leakage in the arithmetic and logic unit (ALU), register file (RF) and load/store unit (LSU), respectively, which are the most sensitive components according to our analysis. The proposed countermeasures have different protection effects on the CPU since the required trace number to reveal the secret key has increased from 30 to 100∼120,000. Moreover, the anti-attack capability of the CPU is improved by 4000 times using the three countermeasures simultaneously. The proposed countermeasures can be freely combined while considering the CPU security and implementation overhead. In practice, the anti-attack capability of the CPU can be further improved when the proposed countermeasures are implemented in real-world measurements, because additional noise will be introduced during the measurements.