Sharing is Caring - On the Protection of Arithmetic Logic Units against Passive Physical Attacks

Embedded systems are often used in security-critical scenarios where physical access of an adversary cannot be prevented. An attacker with unrestricted physical access to an embedded device could thus use observation-based attacks like power analysis or chip probing techniques to extract chip-internal secrets. In this work, we investigate how to counteract first-order passive physical attacks on an embedded microcontroller. In particular, we focus on the protection of the central point of data processing in the microcontroller design—the arithmetic logic unit (ALU)—with the provably secure threshold implementation (TI) masking scheme. Our results show that the amount of required fresh random bits—a problem many masked implementations suffer from—can be reduced to only one bit per ALU access and clock cycle. The total chip area overhead for implementing the whole microcontroller of our case study as a three-share TI is about a factor of 2.8.