Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Evaluation of ASIC Implementation of Physical Random Number Generators Using RS Latches Kapitel lesen Erstes Kapitel lesen

2014 | OriginalPaper | Buchkapitel

The Temperature Side Channel and Heating Fault Attacks

verfasst von : Michael Hutter, Jörn-Marc Schmidt

Erschienen in: Smart Card Research and Advanced Applications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

In this paper, we present practical results of data leakages of CMOS devices via the temperature side channel—a side channel that has been widely cited in literature but not well characterized yet. We investigate the leakage of processed data by passively measuring the dissipated heat of the devices. The temperature leakage is thereby linearly correlated with the power leakage model but is limited by the physical properties of thermal conductivity and capacitance. We further present heating faults by operating the devices beyond their specified temperature ratings. The efficiency of this kind of attack is shown by a practical attack on an RSA implementation. Finally, we introduce data remanence attacks on AVR microcontrollers that exploit the Negative Bias Temperature Instability (NBTI) property of internal SRAM cells. We show how to recover parts of the internal memory and present first results on an ATmega162. The work encourages the awareness of temperature-based attacks that are known for years now but not well described in literature. It also serves as a starting point for further research investigations.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Practical Analysis of RSA Countermeasures Against Side-Channel Electromagnetic Attacks
Nächstes Kapitel Glitch It If You Can: Parameter Search Strategies for Successful Fault Injection
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
FROST stands for Forensic Recovery of Scrambled Telephones.
 
2
We set all registers to zero before writing of new values to guarantee the transitions of all bits (avoiding Hamming-distance leaks).
 
3
The temperature melting point of Sn63/Pb37 lead solder, which is commonly used for electrical soldering, is 456 K (\(183\,^{\circ }\)C).
 
4
We disconnected not only the power supply but also the RS232 interface and the clock signal to guarantee that the device (and SRAM respectively) is completely unconnected and not powered by I/O interfaces. Note also that we used hardware relays to actually disconnect all connections.
 
5
We do not assume the knowledge of “preferred power-up values” before burn-in stress to guarantee a realistic attacking scenario.
 
Literatur
1.
Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Kaliski Jr, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003) CrossRef
2.
Altet, J., Rubio, A., Schaub, E., Dilhaire, S., Claeys, W.: Thermal coupling in integrated circuits: application to thermal testing. IEEE J. Solid-State Circ. 36(1), 81–91 (2001)CrossRef
3.
Anderson, R.J., Kuhn, M.G.: Low cost attacks on tamper resistant devices. In: Christianson, B., Lomas, M., Crispo, B., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998) CrossRef
4.
Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, pp. 3–11 (2004)
5.
Atmel Corporation.: ATmega 162/v Datasheet (2003)
6.
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s apprentice guide to fault attacks. Cryptology ePrint Archive. Report 2004/100 (2004). http://​eprint.​iacr.​org/​
7.
Barenghi, A., Bertoni, G., Parrinello, E., Pelosi, G.: Low voltage fault attacks on the RSA cryptosystem. In: Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC 2009, pp. 23–31, Lausanne, Switzerland, 2009. Proceedings (2009)
8.
Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)CrossRef
9.
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997) CrossRef
10.
Brouchier, J., Dabbous, N., Kean, T., Marsh, C., Naccache, D.: Thermocommunication. ePrint (2009)
11.
Brouchier, J., Kean, T., Marsh, C., Naccache, D.: Temperature attacks. IEEE Secur. Priv. 7(2), 79–82 (2009)CrossRef
12.
Cakir, C., Bhargava, M., Mai, K.: 6 T SRAM and 3 T DRAM data retention and remanence characterization in 65 nm bulk CMOS. In: Custom Integrated Circuits Conference - CICC 2012, pp. 1–4, San Jose, USA, 9–12 Sept 2012
13.
Carluccio, D., Lemke, K., Paar, C.: Electromagnetic side channel analysis of a contactless smart card: first results. In: Oswald, E. (ed.) Workshop on RFID and Lightweight Crypto (RFIDSec05), pp. 44–51, Graz, Austria, 13–15 July 2005
14.
Ershov, M., Saxena, S., Karbasi, H., Winters, S., Minehane, S., Babcock, J., Lindley, R., Clifton, P., Redford, M., Shibkov, A.: Dynamic recovery of negative bias temperature instability in p-type metal-oxide-semiconductor field-effect transistors. Appl. Phys. Lett. 83(8), 1647–1649 (2003)CrossRef
15.
Ferrigno, J., Hlavá\({\hat{\text{ c }}}\), M.: When AES blinks: introducing optical side channel. IET Inf. Secur. 2(3), 94–98 (2008)
16.
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001) CrossRef
17.
Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. ePrint, Dec 2013
18.
Giogetti, J., Scotti, G., Simonetti, A., Trifiletti, A.: Analysis of data dependence of leakage current in CMOS cryptographic hardware. In: Proceedings of the 17th ACM Great Lakes Symposium on VLSI, pp. 78–83, Stresa-Lago Maggiore, Italy. ACM, 11–13 Mar 2007
19.
Govindavajhala, S., Appel, A.W.: Using memory errors to attack a virtual machine. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, pp. 154–165 (2003)
20.
Gutmann, P.: Data remanence in semiconductor devices. In : USENIX 2001 - Proceedings of the 10th Conference on USENIX Security Symposium, Washington, DC, USA, Berkeley, CA, USA, 2001. USENIX Association, 13–17 Aug 2001
21.
Halderman, J., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryption keys. In: 17th USENIX Security Symposium, pp. 45–60, San Jose, CA, July 2008
22.
Hutter, M., Schmidt, J.-M., Plos, T.: RFID and its vulnerability to faults. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 363–379. Springer, Heidelberg (2008) CrossRef
23.
Karaklajíc, D., Schmidt, J.-M., Verbauwhede, I.: Hardware designers guide to fault attacks. In: IEEE Transactions on Very Large Scale Integration (VLSI) Systems, pp. 1–12 (2012)
24.
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
25.
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) CrossRef
26.
Lin, L., Burleson, W.: Leakage-based differential power analysis (LDPA) on sub-90 nm CMOS cryptosystems. In: ISCAS 2008 - IEEE International Symposium on Circuits and Systems, pp. 252–255, Seattle, USA, 18–21 May 2008
27.
28.
Moradi, A.: Side-channel leakage through static power - should we care about in practice? ePrint, Jan 2014
29.
Müller, T., Spreitzenbarth, M.: FROST. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 373–388. Springer, Heidelberg (2013) CrossRef
30.
Otto, M.: Fault attacks and countermeasures. Ph.D. thesis, Universität Paderborn (2005)
31.
Quisquater, J.-J., Samyde, D.: A new tool for non-intrusive analysis of smart cards based on electro-magnetic emissions, the SEMA and DEMA methods. Presented at the rump session of EUROCRYPT 2000 (2000)
32.
Quisquater, J.-J., Samyde, D.: Eddy current for magnetic analysis with active sensor. In: Proceedings of the 3rd International Conference on Research in SmartCards (E-Smart’02), pp. 185–194, Nice, France. UCL, Sept 2002
33.
34.
Samyde, D., Skorobogatov, S.P., Anderson, R.J., Quisquater, J.-J.: On a new way to read data from memory. In: IEEE Security in Storage Workshop (SISW02), pp. 65–69. IEEE Computer Society (2002)
35.
Schlösser, A., Nedospasov, D., Krämer, J., Orlic, S., Seifert, J.-P.: Simple photonic emission analysis of AES. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 41–57. Springer, Heidelberg (2012) CrossRef
36.
Schmidt, J.-M., Hutter, M.: Optical and EM fault-attacks on CRT-based RSA: concrete results. In: Posch, K.C., Wolkerstorfer, J. (eds.) Proceedings of Austrochip 2007, pp. 61–67, Graz, Austria. Verlag der Technischen Universität Graz, 11 Oct 2007. ISBN 978-3-902465-87-0
37.
Schroder, D.K.: Negative bias temperature instability: what do we understand? J. Microelectr. Reliab. 47(6), 841–852 (2006)CrossRef
38.
Skorobogatov, S.: Using optical emission analysis for estimating contribution to power consumption. In: Fault Diagnosis and Tolerance in Cryptography (FDTC) (2009)
39.
40.
Skorobogatov, S.: Low temperature data remanence in static RAM. Technical report, University of Cambridge Computer Laboratory, June 2002
41.
42.
Vijaykumar, A.: DPA resistance of cryptographic circuits considering temperature and process variations. Master’s thesis, University of Cincinnati, Engineering and Applied Science: Computer Engineering, July 2012
43.
Zhuang, L., Zhou, F., Tyga, J.D.: Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. 13(1), 373–382 (2009)CrossRef
Metadaten
Titel
The Temperature Side Channel and Heating Fault Attacks
verfasst von
Michael Hutter
Jörn-Marc Schmidt
Copyright-Jahr
2014
Buch
Smart Card Research and Advanced Applications

Print ISBN: 978-3-319-08301-8

Electronic ISBN: 978-3-319-08302-5

Copyright-Jahr: 2014

DOI
https://doi.org/10.1007/978-3-319-08302-5_15