The security of devices in the Internet of Things is an increasingly important area of development. While microcontrollers used in the IoT have added AES encryption units, these are still vulnerable to side channel attacks (SCA) via the power consumption and electromagnetic emissions to crack encryption keys. So a team at Rice University’s Brown School of Engineering led by Kaiyuan Yang, an assistant professor of electrical and computer engineering, have used the power management regulators in the chip to obscure the EMI.
Low-Dropout Regulators (LDOs) are commonly used to give ﬁne-grained power management in IoT chips with a small die area, high current efﬁciency, and small output ripple. Digital LDOs (DLDOs) are increasingly adopted in recent years thanks to voltage and process scalability. However, achieving a fast response to a load change requires a conventional synchronous DLDO to either increase its sampling frequency with a large power overhead, or include a large output capacitor (COUT) with increased chip area and cost.
Voltage regulators are also found to be useful in enhancing the resistance of cryptographic engines and processors against such SCA attacks. Using regulators for SCA defence in power management is promising because they are already used in most systems and require no modiﬁcations to existing computing architectures and algorithms like other circuit-level defences.
The team at Rice designed a 65nm SCA-aware DLDO using a new technique called an Edge-Chasing Quantizer (ECQ) that essentially ‘smears’ the EMI randomly to make it less detectable.
The DLDO prototype developed by Yan He and Kaiyuan Yang achieves a 101.7mV droop and 506ns settling time after a 20mA, 0.1ns step load change, with only a 0.1nF capacitor and occupies 0.018mm2 active area and 99.4 percent peak current efﬁciency.
The DLDO consists of an ECQ, a second path booster, a digital controller, a PMOS switch array and a 10b output register to eliminate switching glitches.
The ECQ quantizes the input-voltage difference using an even-stage ring oscillator, by measuring the time to integrate the difference of two input-voltage controlled delay paths until reaching a threshold. The time is inversely proportional to the input difference (voltage error in LDOs), making it a continuously running quantizer with input-dependent sampling frequency and non-linear quantization. This allows the DLDO to respond quickly after load changes, and perform updates slower but more accurately during steady state to save power and reduce steady-state error.
However the integration process limits the DLDO’s response speed, especially when supply voltage is under 0.9V, so the second boosting path is used to boost the current. This comes from the PMOS switch and an RC ﬁlter that is used to slow down the recovery to avoid abrupt changes in the output voltage.
The ring oscillator (RO) has two NAND gates at opposite positions to inject edges simultaneously, and is forced into oscillation until the two injected edges collapse due to different propagation paths. By connecting the current limiting PMOS of alternating stages to different input voltages, the RO behaves like a comparator.
However, since the reference voltage (VREF) and LDO output voltage (VOUT) are too high at around 1.2V to directly control the current limiting transistors, they are ﬁrst shifted down using a programmable Input Level Shifter (ILS)
Conﬁguring the width of the PMOS pulse in the ILS with a tunable 6kΩ to 200kΩ resistor effectively changes the frequency of the ECQ and so obscures the EMI. To keep the ECQ operating continuously and asynchronously, a self-triggered resetting circuit is designed to detect oscillation collapse and restart the RO, without using an external clock.
Compared to conventional DLDOs, the nonlinearity and varying frequency of the ECQ-based DLDO shows stronger obfuscation of power signatures. This can be further boosted with a resistance randomizer in the ILS to randomize both the resolution and gain of the ECQ, and a reference-voltage randomizer can also be added without significant overhead in area or power. For even more security, a truly random source such as a digital synthesizable true random number generator can also be easily deployed in the design.
The test chip is fabricated in 65nm LP process and with a 20mA/100ps load step at nominal condition (VIN = 1.2V, VOUT = 1.15V), the DLDO achieves a minimum voltage droop (Vdroop) of 101.9mV and 180µA quiescent current (IQ) without turning on the second path until the input vltage drops to 0.9V.
By reconﬁguring the ILS and ECQ oscillation frequency, the DLDO can be reconﬁgured for performance and power trade-offs. For example, at 1.2V VIN and 30mA ILOAD, the maximum current efﬁciency of 99.4 percent is reached.
The DLDO was tested alongside an AES encryption block using 32K traces from the Test Vector Leakage Assessment (TVLA) tool and 7 million traces on Correlation Power Analysis (CPA). The test vectors showed a reduction from 82.9 in baseline AES to less than 4.5 when the voltage reference randomizer is enabled, while no key was revealed after the 7 million traces with both randomizers turned on. This is a 14000x improvement over current designs.