Malicious Off-chip Leakage Enabled by Side-channels

Similar documents
Side Channel Analysis and Embedded Systems Impact and Countermeasures

Hardware Trojans Detection Methods Julien FRANCQ

PFP Technology White Paper

Microsemi Security Center of Excellence

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Applying Remote Side-Channel Analysis Attacks on a Security-enabled NFC Tag

CHASE Survey on 6 Most Important Topics in Hardware Security

Horst Görtz Institute for IT-Security

On Security Evaluation Testing

Understanding Integrated Circuit Security Threats. Asif Iqbal Senior Program Manager, Apple Inc. SDM 11

A Study on Smart Card Security Evaluation Criteria for Side Channel Attacks

Introduction to Digital System Design

Spike-Based Sensing and Processing: What are spikes good for? John G. Harris Electrical and Computer Engineering Dept

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Reviving smart card analysis

AC : DEVELOPING AN INDUSTRY-DRIVEN GRADUATE CERTIFICATE IN TEST ENGINEERING FOR ELECTRICAL ENGINEERING TECHNOLOGISTS

IC-EMC Simulation of Electromagnetic Compatibility of Integrated Circuits

VON BRAUN LABS. Issue #1 WE PROVIDE COMPLETE SOLUTIONS ULTRA LOW POWER STATE MACHINE SOLUTIONS VON BRAUN LABS. State Machine Technology

How To Perform Differential Frequency Analysis (Dfa) On A Powerline (Aes) On An Iphone Or Ipad (Ase) On Microsoft Powerline 2 (Aces) On Pc Or Ipa (Aas)

Pervasive Computing und. Informationssicherheit

Introduction to Information Security

Efficient Interconnect Design with Novel Repeater Insertion for Low Power Applications

Memristor-Based Reactance-Less Oscillator

Harmonics and Noise in Photovoltaic (PV) Inverter and the Mitigation Strategies

True Identity solution

TRUE SINGLE PHASE CLOCKING BASED FLIP-FLOP DESIGN

UNCLASSIFIED Version 1.0 May 2012

White Paper Utilizing Leveling Techniques in DDR3 SDRAM Memory Interfaces

Strengthen RFID Tags Security Using New Data Structure

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Hardware Security Modules for Protecting Embedded Systems

ESP-CV Custom Design Formal Equivalence Checking Based on Symbolic Simulation

Problems of Security in Ad Hoc Sensor Network

The Reduced Address Space (RAS) for Application Memory Authentication

Adversary Modelling 1

90% of data breaches are caused by software vulnerabilities.

My Funding Provided By: Special Thanks: Dr. Zhizhang Chen. Cryptography Research Inc

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Breakthrough silicon scanning discovers backdoor in military chip (DRAFT of 05 March 2012)

Testing of Digital System-on- Chip (SoC)

Digital vs. Analog Volume Controls

How To Attack A Key Card With A Keycard With A Car Key (For A Car)

Application of Physical Attacks

StarRC Custom: Next-Generation Modeling and Extraction Solution for Custom IC Designs

Current vs. Voltage Feedback Amplifiers

NATIONAL SUN YAT-SEN UNIVERSITY

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

Lightweight Cryptography From an Engineers Perspective

Timing Errors and Jitter

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

McPAT: An Integrated Power, Area, and Timing Modeling Framework for Multicore and Manycore Architectures

FREQUENCY RESPONSE ANALYZERS

Security and protection of digital images by using watermarking methods

Steganography in OFDM Symbols of Fast IEEE n Networks

Computer Scientist. Conduct research in latest computer and network security technologies for high assurance system security solutions

Secure application programming in the presence of side channel attacks. Marc Witteman & Harko Robroch Riscure 04/09/08 Session Code: RR-203

Cybersecurity in a Quantum World: will we be ready?

W a d i a D i g i t a l

USB 3.0* Radio Frequency Interference Impact on 2.4 GHz Wireless Devices

'Possibilities and Limitations in Software Defined Radio Design.

A New Programmable RF System for System-on-Chip Applications

PUF Physical Unclonable Functions

AMS Verification at SoC Level: A practical approach for using VAMS vs SPICE views

SENSE Security overview 2014

Body Area Network Security: Robust Secret Sharing

Side Channel Attacks on Smartphones and Embedded Devices using Standard Radio Equipment

DDX 7000 & Digital Partial Discharge Detectors FEATURES APPLICATIONS

Product Overview. DSL Xpert Advantages. Flexible Configuration Options. User-Friendly PC-Controlled GUI. Testing of ADSL, ADSL2 and ADSL2+

Juniper Networks Secure

Closing Wireless Loopholes for PCI Compliance and Security

RF Measurements Using a Modular Digitizer

Chapter 1: Introduction

Architectural Level Power Consumption of Network on Chip. Presenter: YUAN Zheng

addressed. Specifically, a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which a crypto-biometric key is derived from

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Phase coherency of CDMA caller location processing based on TCXO frequency reference with intermittent GPS correction

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

An On-chip Security Monitoring Solution For System Clock For Low Cost Devices

Yier Jin RESEARCH INTERESTS

Side Channels: Hardware or Software threat?

Hardware Implementation of AES Encryption and Decryption System Based on FPGA

Ciphire Mail. Abstract

b 1 is the most significant bit (MSB) The MSB is the bit that has the most (largest) influence on the analog output

Experimental DRM Architecture Using Watermarking and PKI

Physical Security: Status and Outlook

Curriculum and Concept Module Development in RF Engineering

Transcription:

MOLES: Malicious Off-chip Leakage Enabled by Side-channels Lang Lin* Wayne Burleson* Christof Paar* # *University of Massachusetts Amherst, USA # Ruhr University Bochum, Germany ICCAD, November 2009 This work is supported by NSF Grants 0916854, 0627529

MOLES: Malicious Off-chip Leakage Enabled by Side-channels Lang Lin* Wayne Burleson* Christof Paar* # *University of Massachusetts Amherst, USA # Ruhr University Bochum, Germany ICCAD, November 2009 This work is supported by NSF Grants 0916854, 0627529

Our recent related research www.rfid-cusp.org Power analysis attack in deep-submicron circuits: Leakage-Based Differential Power Analysis (LDPA) on Sub-90nm CMOS Cryptosystems, by L. Lin and W. Burleson, In IEEE International Symposium on Circuits and Systems (ISCAS), May 2008. Process variation impacts on power analysis attacks: Analysis and Mitigation of Process Variation Impacts on Power-Attack Tolerance, by L. Lin and W. Burleson, In Proceedings of ACM/IEEE Design Automation Conference (DAC), July 2009. The concept and FPGA implementation of Trojan sidechannels: Trojan side-channels: lightweight hardware Trojans through side-channel engineering, by L. Lin, M. Kasper, T. Guneysu, C. Paar and W. Burleson, In Workshop on Cryptographic p Hardware and Embedded Systems (CHES), September 2009. 3

What are/is MOLES? In the spy world, moles are double agents In this work, MOLES is Malicious Off-chip Leakage Enabled by Side-channels A novel class of hardware Trojans to intentionally leak secret information Hidden communication channel 4

High performance microchip supply, Defense Science Board, 2005; The hunt for the kill switch, IEEE Spectrum, 45-5, pp. 34-39, 2008. 5

Threat Model Design Company Design deliverables Untrusted Foundry Insider Attacker Compromised IC Evaluator The secret key is 01010110. Attacker IC deployment Parties: Insider Attacker: implant MOLES Evaluator: IC test lab (Common Criteria ) Attacker: extract the secret information 6

Challenges in Hiding Mission of the insider attacker: to hide the implanted Trojans to evade the evaluators! Where to hide on a chip? How to trigger? How large is the implementation? How to evade various post-silicon validations? Layout inspection Function tests Security evaluation tests 7

MOLES Uses Side-channels Inherent side-channels of IC: electromagnetic radiation, power consumption, path delay We engineer a side-channel to convey secret information Analog signals: no violation to the functions Hard to test by traditional methods Unique exploitability: attackers control the design MOLES circuitry Key bus X0 X1 8

Challenges in Detection REQUIREMENT: Only attackers can detect, while evaluators cannot! 1. Detection under low information leakage signal-to-noise power ratio (SNR) Noise power at the global power grid (esp. non-crypto circuits) Process variation Attackers can amplify SNR by performing many measurements of the side-channel leakage. 2. Unique exploitability Attackers can modulate (encrypt) the side-channel leakage by pseudo-random sequences. 9

Spread-Spectrum Techniques Advantages: 1. Spread the side-channel leakage over a long time for hiding 2. Only the attackers gain knowledge of the modulation 3. Can leak multi-bit key simultaneously by code division 9 8 7 6 5 4 3 2 1 0 10 11 x 5 x 9 x 13 12 13 14 15 16 17 18 19 K r K6 r 6 K r K4 4 K 2 r K2 K 0 r K0 r K7 r K5 r K3 r K1 K 7 K 5 K 3 K 1 An experimental MOLES circuit using CDMA methods: 20-degree Linear Feedback Shift Register to leak 8-bit secret keys through capacitive loads 10

Design Spaces How many key bits to leak? Attackers often leak partial secret key bits to reduce the key searching space How big is the load capacitance? How to implement the Pseudo-Random Number Generator (initial state, feedback loop)? How to model the noise power? What type of side-channels for a generic MOLES? Power, but can be electromagnetic or timing side-channels 11

Design Flow Determine design g spaces p Design g of MOLES circuit SPICE MOLES implantation Power Trace generation Design of crypto circuit NO Key extraction by tt k? attackers? YES! YES! Detection by evaluators? NO Design done! SNR calibration Design Verification Determine the noise model Simulated measurement power (SMP) profile MATLAB 12

MOLES Works! Implementation: AES substitution box compromised by a MOLES circuit leaking 8-bit key 01010110 Device model: 45nm predictive technology model Number of power traces analyzed VS. differential power (DP) Solid lines: correct key guesses; Dash lines: wrong key guesses RPT (required number of power traces) -20dB SNR with additive Gaussian white noise model RPT 13

Properties of MOLES Usually larger than 10000 RPT to extract all key bits Key value impacts ---- very weak Noise power impacts on RPT ---- near inverse-linear dependence on SNR (in db) x10 4 2 x 10 key00 1.5 key01 key10 key11 RPT 1 0.5-10 -20-30 -40 0 SNR (db) 14

Conclusion and Future Work CONTRIBUTION: demonstration of MOLES for the first time MOLES can leak multi-bit secret information Attackers can uniquely exploit MOLES Constructive uses in the future! Enhancing the chip testability Post-silicon validation Built-In Self-Test (BIST) Cryptography applications IC fingerprinting, PUF Crypto primitives 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information