The run-time electromagnetic (EM) emanation of microprocessors presents a side-channel that leaks the confidentiality of the applications running on them. Many recent works have demonstrated successful attacks leveraging such side-channels to extract the confidentiality of diverse applications, such as the key of cryptographic algorithms and the hyperparameter of neural network models. This paper proposes ShuffleV, a microarchitecture defense strategy against EM Side-Channel Attacks (SCAs). ShuffleV adopts the moving target defense (MTD) philosophy, by integrating hardware units to randomly shuffle the execution order of program instructions and optionally insert dummy instructions, to nullify the statistical observation by attackers across repetitive runs. We build ShuffleV on the open-source RISC-V core and provide six design options, to suit different application scenarios. To enable rapid evaluation, we develop a ShuffleV simulator that can help users to (1) simulate the performance overhead for each design option and (2) generate an execution trace to validate the randomness of execution on their workload. We implement ShuffleV on a Xilinx PYNQ-Z2 FPGA and validate its performance with two representative victim applications against EM SCAs, AES encryption, and neural network inference. The experimental results demonstrate that ShuffleV can provide automatic protection for these applications, without any user intervention or software modification.

翻译：微处理器运行时的电磁辐射构成了一个侧信道，会泄露其上运行应用程序的机密性。近期许多研究工作已证明，利用此类侧信道可成功提取多种应用程序的机密信息，例如加密算法的密钥和神经网络模型的超参数。本文提出ShuffleV，一种针对电磁侧信道攻击的微架构防御策略。ShuffleV采用移动目标防御理念，通过集成硬件单元来随机重排程序指令的执行顺序，并可选择性地插入伪指令，从而消除攻击者在多次重复运行中通过统计观测获取信息的可能性。我们在开源RISC-V内核上构建了ShuffleV，并提供了六种设计选项以适应不同的应用场景。为支持快速评估，我们开发了ShuffleV模拟器，可帮助用户：（1）模拟各设计选项的性能开销；（2）生成执行轨迹以验证其工作负载上执行过程的随机性。我们在Xilinx PYNQ-Z2 FPGA上实现了ShuffleV，并针对两种典型的电磁侧信道攻击受害应用（AES加密和神经网络推理）验证了其性能。实验结果表明，ShuffleV能够为这些应用程序提供自动保护，且无需任何用户干预或软件修改。