nach oben

Erschienen in:

2016 | OriginalPaper | Buchkapitel

No Place to Hide: Contactless Probing of Secret Data on FPGAs

verfasst von : Heiko Lohrke, Shahin Tajik, Christian Boit, Jean-Pierre Seifert

Erschienen in: Cryptographic Hardware and Embedded Systems – CHES 2016

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Field Programmable Gate Arrays (FPGAs) have been the target of different physical attacks in recent years. Many different countermeasures have already been integrated into these devices to mitigate the existing vulnerabilities. However, there has not been enough attention paid to semi-invasive attacks from the IC backside due to the following reasons. First, the conventional semi-invasive attacks from the IC backside — such as laser fault injection and photonic emission analysis — cannot be scaled down without further effort to the very latest nanoscale technologies of modern FPGAs and programmable SoCs. Second, the more advanced solutions for secure storage, such as controlled Physically Unclonable Functions (PUFs), make the conventional memory-readout techniques almost impossible. In this paper, however, novel approaches have been explored: Attacks based on Laser Voltage Probing (LVP) and its derivatives, as commonly used in Integrated Circuit (IC) debug for nanoscale low voltage technologies, are successfully launched against a 60 nanometer technology FPGA. We discuss how these attacks can be used to break modern bitstream encryption implementations. Our attacks were carried out on a Proof-of-Concept PUF-based key generation implementation. To the best of our knowledge this is the first time that LVP is used to perform an attack on secure ICs.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Mitigating SAT Attack on Logic Locking

Nächstes Kapitel Strong 8-bit Sboxes with Efficient Masking in Hardware

Ear to Ear Oak. http://eartoearoak.com/software/rtlsdr-scanner/. Accessed 6 June 2016

Gqrx SDR. http://gqrx.dk. Accessed 6 June 2016

Helion Technology Limited. http://www.heliontech.com. Accessed 6 June 2016

Intrisic-ID Inc. https://www.intrinsic-id.com. Accessed 6 June 2016

Lewis Innovative Technology Inc. http://lewisinnovative.com. Accessed 6 June 2016

Verayo Inc. http://www.verayo.com. Accessed 6 June 2016

White Paper: Overview of Data Security Using Microsemi FPGAs and SoC FPGAs. Microsemi Corporation, Aliso Viejo, CA (2013)

Altera: Cyclone IV Device Handbook. Altera Corporation, San Jose (2014)

Becker, G.T.: The gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 535–555. Springer, Heidelberg (2015)CrossRef

10.

Beutler, J.: Visible light LVP on bulk silicon devices. In: 41st International Symposium for Testing and Failure Analysis, 1–5 November 2015. ASM (2015)

11.

Boit, C., Kerst, U., Schlangen, R., Kabakow, A., Le Roy, E., Lundquista, T., Pauthnerb, S.: Impact of back side circuit edit on active device performance in bulk silicon ICs. In: International Test Conference. vol. 2, p. 1236 (2005)

12.

Boit, C., Lohrke, H., Scholz, P., Beyreuther, A., Kerst, U., Iwaki, Y.: Contactless visible light probing for nanoscale ICs through 10 \(\upmu {\rm m}\) bulk silicon. In: Proceedings of the 35th Annual NANO Testing Symposium - NANOTS 2015, pp. 215–221 (2015)

13.

Davidson, A.: WP-01220-1.1: A New FPGA Architecture and Leading-Edge FinFET Process Technology Promise to Meet Next-Generation System Requirements. Altera Corporation, San Jose (2015)

14.

Ganji, F., Tajik, S., Seifert, J.-P.: Why attackers win: on the learnability of XOR arbiter PUFs. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) TRUST 2015. LNCS, vol. 9229, pp. 22–39. Springer, Heidelberg (2015)CrossRef

15.

Gassend, B., Clarke, D., Van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. pp. 148–160. ACM (2002)

16.

Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRef

17.

Güneysu, T., Markov, I., Weimerskirch, A.: Securely sealing multi-FPGA systems. In: Choy, O.C.S., Cheung, R.C.C., Athanas, P., Sano, K. (eds.) ARC 2012. LNCS, vol. 7199, pp. 276–289. Springer, Heidelberg (2012)CrossRef

18.

von Haartman, M.: Optical fault isolation and nanoprobing techniques for the 10nm technology node and beyond. In: 41st International Symposium for Testing and Failure Analysis, November 1–5, 2015. ASM (2015)

19.

Hansen, L.: White Paper WP470: Unleash the Unparalleled Power and Flexibility of Zynq UltraScale+ MPSoCs. Xilinx, Inc., San Jose, CA (2015)

20.

Helfmeier, C., Boit, C., Nedospasov, D., Seifert, J.P.: Cloning physically unclonable functions. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 1–6. IEEE (2013)

21.

Helfmeier, C., Nedospasov, D., Tarnovsky, C., Krissler, J.S., Boit, C., Seifert, J.P.: Breaking and entering through the silicon. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, pp. 733–744. ACM (2013)

22.

Herder, C., Ren, L., van Dijk, M., Yu, M.D.M., Devadas, S.: Trapdoor computational fuzzy extractors and stateless cryptographically-secure physical unclonable functions. IEEE Trans. Dependable Secur. Comput. 2016(99), 1–1 (2016)CrossRef

23.

Hori, Y., Katashita, T., Sasaki, A., Satoh, A.: Electromagnetic side-channel attack against 28-nm FPGA device. In: Pre-proceedings of WISA (2012)

24.

Kindereit, U., Woods, G., Tian, J., Kerst, U., Leihkauf, R., Boit, C.: Quantitative Investigation of laser beam modulation in electrically active devices as used in laser voltage probing. IEEE Trans. Device Mater. Reliab. 7(1), 19–30 (2007)CrossRef

25.

Lu, T., Kenny, R., Atsatt, S.: White Paper WP-01252-1.0: Stratix 10 Secure Device Manager Provides Best-in-Class FPGA and SoC Security. Altera Corporation, San Jose, CA (2015)

26.

Luis, W., Richard Newell, G., Alexander, K.: Differential power analysis countermeasures for the configuration of SRAM FPGAs. In: IEEE Military Communications Conference, MILCOM 2015–2015. pp. 1276–1283. IEEE (2015)

27.

Maes, R.: Physically Unclonable Functions: Constructions: Properties and Applications. Springer, Heidelberg (2013)CrossRefMATH

28.

Maes, R., van der Leest, V., van der Sluis, E., Willems, F.: Secure key generation from biased PUFs. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 517–534. Springer, Heidelberg (2015)CrossRef

29.

Merli, D., Schuster, D., Stumpf, F., Sigl, G.: Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In: Proceedings of the Workshop on Embedded Systems Security, p. 2. ACM (2011)

30.

Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx virtex-II FPGAs. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. pp. 111–124. ACM (2011)

31.

Moradi, A., Oswald, D., Paar, C., Swierczynski, P.: Side-channel attacks on the bitstream encryption mechanism of altera stratix II: facilitating black-box analysis using software reverse-engineering. In: Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays. pp. 91–100. ACM (2013)

32.

Moradi, A., Schneider, T.: Improved Side-Channel Analysis Attacks on Xilinx Bitstream Encryption of 5, 6, and 7 Series, COSADE 2016, Graz, Austria, 14 April 2016

33.

Nedospasov, D., Seifert, J.P., Helfmeier, C., Boit, C.: Invasive PUF analysis. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 30–38. IEEE (2013)

34.

Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)CrossRef

35.

Peterson, E.: White Paper WP468: Leveraging Asymmetric Authentication to Enhance Security-Critical Applications Using Zynq-7000 All Programmable SoCs. Xilinx, Inc., San Jose (2015)

36.

Ravikanth, P.S.: Physical one-way functions. Ph.D. thesis, Massachusetts Institute of Technology (2001)

37.

Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber1, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security. pp. 237–249 (2010)

38.

Schlangen, R., Leihkauf, R., Kerst, U., Lundquist, T., Egger, P., Boit, C.: Physical analysis, trimming and editing of nanoscale IC function with backside FIB processing. Microelectron. Reliab. 49(9), 1158–1164 (2009)CrossRef

39.

Selmke, B., Brummer, S., Heyszl, J., Sigl, G.: Precise laser fault injections into FPGA BRAMs in 90 nm and 45 nm feature size. In: 14th Smart Card Research and Advanced Application Conference - CARDIS 2015 (2015)

40.

Simpson, E., Schaumont, P.: Offline hardware/software authentication for reconfigurable platforms. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 311–323. Springer, Heidelberg (2006)CrossRef

41.

Tajik, S., Dietz, E., Frohmann, S., Dittrich, H., Nedospasov, D., Helfmeier, C., Seifert, J.P., Boit, C., Hübers, H.W.: Photonic side-channel analysis of arbiter PUFs. J. Cryptol. 1–22 (2016). doi:10.1007/s00145-016-9228-6

42.

Tajik, S., Dietz, E., Frohmann, S., Seifert, J.-P., Nedospasov, D., Helfmeier, C., Boit, C., Dittrich, H.: Physical characterization of arbiter PUFs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 493–509. Springer, Heidelberg (2014)

43.

Tajik, S., Ganji, F., Seifert, J.P., Lohrke, H., Boit, C.: Laser fault attack on physically unclonable functions. In: 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), IEEE (2015)

44.

Tajik, S., Nedospasov, D., Helfmeier, C., Seifert, J.P., Boit, C.: Emission analysis of hardware implementations. In: 2014 17th Euromicro Conference on Digital System Design (DSD), pp. 528–534. IEEE (2014)

45.

Trimberger, S.M.: Copy protection without non-volatile memory. US Patent 8,416,950 (2013)

46.

Trimberger, S.M., Moore, J.J.: FPGA security: motivations, features, and applications. Proc. IEEE 102(8), 1248–1265 (2014)CrossRef

47.

Tuyls, P., Schrijen, G.-J., Škorić, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 369–383. Springer, Heidelberg (2006)CrossRef

Titel: No Place to Hide: Contactless Probing of Secret Data on FPGAs
verfasst von: Heiko Lohrke
Shahin Tajik
Christian Boit
Jean-Pierre Seifert
Verlag: Springer Berlin Heidelberg
Buch: Cryptographic Hardware and Embedded Systems – CHES 2016
Print ISBN: 978-3-662-53139-6

Electronic ISBN: 978-3-662-53140-2

Copyright-Jahr: 2016
DOI: https://doi.org/10.1007/978-3-662-53140-2_8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"