RNG-Aliasing: Synthetic DVFS-Driven RNG Obfuscation

INTRODUCTION:
In today’s connected world, digital security relies not just on strong encryption but also on the hardware executing it. While encryption algorithms are mathematically secure, attackers often bypass them through side-channel attacks (SCAs), which exploit variations in power consumption, timing, or electromagnetic signals to extract secret data.
Among these, power side-channel attacks (PSCAs) pose a major risk to embedded and IoT systems. With modern machine learning, attackers can now detect subtle power patterns that reveal cryptographic keys. One key target is the True Random Number Generator (TRNG) in microcontrollers like the STM32F446RE, which can unintentionally leak information through power traces.
Hardware countermeasures such as Dynamic Voltage and Frequency Scaling (DVFS) exist but are costly and impractical for low-power devices. To address this, our project introduces RNG-Aliasing — a firmware-level defense that injects controlled randomness into clock timing and execution speed. This disrupts predictable power patterns, reducing the effectiveness of ML-based attacks.
In essence, RNG-Aliasing offers a lightweight, low-cost, and hardware-free solution to strengthen embedded systems against power side-channel threats.

LITERATURE SURVEY ON EXISTING METHODS:
Over the past few years, researchers have increasingly focused on the threat of power side-channel attacks (PSCAs), which exploit physical leakages like power traces to extract secret information from cryptographic systems. Bhatta and Amsaad [1] demonstrated how machine learning (ML) can enhance the precision of side-channel analysis, enabling efficient detection and classification of hardware-level threats such as trojans. Their work highlights how AI techniques can make attacks more effective — a growing concern for embedded system security.
Bisheh-Niasar et al. [2] addressed this by designing countermeasures for Curve448 cryptography on ARM Cortex-M4 microcontrollers. Their approach focused on improving resistance to SCAs without significantly increasing computation overhead. Similarly, Chowdhury et al. [3] explored vulnerabilities in True Random Number Generators (TRNGs), physically unclonable functions (PUFs), and post-quantum systems, underlining how even fundamental security primitives can leak information through side channels.
Other researchers have focused on hardware-level defences. Dobkin et al. [4] proposed DVFS-based security architectures that obscure timing and power variations, while Ghosh et al. [5] introduced time-varying transfer functions as a low-overhead countermeasure against PSCAs. Although these methods show strong protection, they require specialized hardware and increased power consumption, limiting their use in resource-constrained devices.
Ngo and Dubrova [8] directly analyzed the TRNG in STM32 microcontrollers, revealing that attackers could extract patterns from power traces to predict supposedly random outputs. This finding is especially significant for IoT and embedded devices, which depend on these generators for secure key generation.
Together, these studies emphasize an urgent need for lightweight, firmware-level defences that can be easily implemented without hardware modifications — motivating the development of techniques like RNG-Aliasing, which aim to disrupt power trace consistency through controlled randomness.

1. Identifying the Problem
   Power side-channel attacks exploit fluctuations in a device’s power consumption to extract sensitive data such as cryptographic keys. During encryption operations (for example, AES), even minute variations in current draw can reveal information about the internal data being processed. This vulnerability poses a major threat to embedded and IoT systems that rely on hardware-based encryption.

2. Designing the Countermeasure: RNG-Aliasing
   To mitigate side-channel vulnerabilities, the proposed approach — RNG-Aliasing — introduces controlled randomness into the device’s operation:
   • Randomized Clock Frequency: Slight, unpredictable changes are made to the processor’s clock frequency during encryption.
   • Instruction Flow Obfuscation: Random idle cycles are inserted before reading outputs from the True Random Number Generator (TRNG).
   These randomizations desynchronize the timing between encryption operations and the corresponding power traces, making them misaligned and difficult for attackers to analyze.

3. Implementation Details
   The RNG-Aliasing technique was implemented at the firmware level, meaning:

4. It does not require additional or complex hardware like Dynamic Voltage and Frequency Scaling (DVFS) modules.

5. It can be easily integrated into existing embedded platforms with minimal resource overhead.

6. This makes it lightweight, cost-effective, and practical for IoT and low-power devices.

7. Integration with AES-256 Security Architecture
   The system uses AES-256 encryption as the cryptographic backbone:
   • AES-256 Characteristics:
   o 256-bit key size and 14 transformation rounds.
   o Key expansion to generate unique round keys for each encryption round.
   • Advantages:
   o Strong resistance to brute-force and cryptanalysis.
   o Efficient performance for real-time and large-scale data processing.
   o Wide compatibility across hardware and software.
   By combining AES-256 with RNG-Aliasing, the architecture enhances both algorithmic and implementation-level security — protecting against digital and physical attacks alike.

AES Implementation and Power Analysis on STM32
In our recent project, we explored how AES encryption can run efficiently on both desktop systems and embedded hardware. Our goal was to test whether the same encryption algorithm could produce identical results across two very different environments.
AES Implementation
We began by coding AES in C for desktop use, ensuring each stage—key expansion, substitution, and mixing—worked correctly. The results matched standard AES test vectors, confirming accurate encryption.
Next, we moved the same algorithm to an STM32 microcontroller through the Arduino IDE.The board successfully performed the full AES process and produced the same ciphertext as the desktop version. This showed that even resource-limited IoT devices can handle secure encryption when optimized properly.

Power Analysis
To study power behavior during AES operations, we connected a 1Ω/10Ω resistor in series with the power line and monitored voltage changes.
Initially, we used a logic analyzer, which captured only digital transitions—helpful for verifying operation but insufficient for deeper power analysis.
Switching to a CRO/DSO revealed more meaningful analog current variations. The addition of a low-pass RC filter reduced noise and gave us a much cleaner waveform, ideal for observing subtle power fluctuations linked to side-channel activity.

Future Research
Looking ahead, our next step is to strengthen the RNG-Aliasing approach against more advanced forms of power analysis — especially Differential Power Analysis (DPA), which uses complex statistical techniques to extract hidden patterns from power traces. We also plan to evaluate the performance–security trade-off across different microcontrollers, ensuring that the method remains both lightweight and effective.
Another important direction is to make RNG-Aliasing adaptive — allowing the firmware to dynamically adjust its obfuscation levels based on real-time operating conditions. Finally, integrating software-based protections like RNG-Aliasing with lightweight hardware enhancements could create a powerful, multi-layered defense system capable of safeguarding embedded devices from evolving side-channel threats.

Conclusion
This research demonstrates that strong security doesn’t always require complex or expensive hardware. Through simple firmware-level modifications, RNG-Aliasing effectively disrupts the predictable power patterns that attackers rely on, making it a practical and scalable solution for modern embedded systems.
The experiments show that even low-cost microcontrollers can support robust encryption like AES and still resist power-based attacks when protected intelligently. By focusing on software-driven methods, this work opens the door to affordable, adaptable, and widely deployable defenses for IoT, automation, and secure communication devices.
In essence, RNG-Aliasing represents a key step toward making embedded security accessible to all — turning firmware itself into the first line of defense against next-generation cyber threats.
References

1. Bhatta, Niraj Prasad, and Fathi Amsaad. ML assisted techniques in power side channel analysis for trojan classification. Cluster Computing, vol. 28, no. 3, 2025.
2. Bisheh-Niasar, Mojtaba, et al. Side-channel analysis and countermeasure design for implementation of Curve448 on Cortex-M4. In Proc. of the 11th Int. Workshop on Hardware and Architectural Support for Security and Privacy, 2022, pp. 10–17.
3. Chowdhury, Sreeja, et al. Physical security in the post-quantum era: A survey on side-channel analysis, random number generators, and physically unclonable functions. arXiv preprint arXiv:2005.04344, 2020.
4. Dobkin, Daniel, et al. RAD-FS: Remote Timing and Power SCA Security in DVFS-augmented Ultra-Low-Power Embedded Systems. ACM Trans. on Embedded Computing Systems, vol. 24, no. 2, 2025, pp. 1–27.
5. Ghosh, Archisman, Debayan Das, and Shreyas Sen. Physical time-varying transfer function as generic low-overhead power-SCA countermeasure. IEEE Open Journal of Circuits and Systems, vol. 4, 2023, pp. 228–240.
6. Li, Huimin, and Guilherme Perin. A systematic study of data augmentation for protected AES implementations. Journal of Cryptographic Engineering, vol. 14, no. 4, 2024, pp. 649–666.
7. LeGrow, Jason T., et al. Masking Countermeasures Against Side-Channel Attacks on Quantum Computers. In 2024 IEEE Int. Conf. on Quantum Computing and Engineering (QCE), vol. 1, 2024, pp. 1809–1816.
8. Ngo, Kalle, and Elena Dubrova. Side-channel analysis of the random number generator in STM32 MCUs. In Proc. of the Great Lakes Symposium on VLSI, 2022, pp. 15–20.
9. Xu, Chuanqi, et al. Quantum Computer Fault Injection Attacks. In 2024 IEEE Int. Conf. on Quantum Computing and Engineering (QCE), vol. 1, 2024, pp. 331–337.

This work is done under the guidance of Dr.P.Muthu Subramanian,
Associate Professor, Coimbatore Institute of Technology and along with my teammates Shageetha Johnson A, Shobana S, Visweshwara J V, Meyarrasu and finally myself Raghubathi Raja T K