CHES 2015 Finding the AES Bits in the Haystack:

Slides:



Advertisements
Similar presentations
Nanoscience, Nanotechnology and Nanomanufacturing Exciting new science and technology for the 21st century.
Advertisements

Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.
Packaging.
Information Security – Theory vs. Reality , Winter 2011 Guest Lecturer: Yossi Oren 1.
Statistical Tools Flavor Side-Channel Collision Attacks
Slides based on Kewal Saluja
9/20/6Lecture 3 - Instruction Set - Al1 The Hardware Interface.
Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity 1.
Introduction to electronics lab ENGRI 1810 Using: Solderless prototype board (white board) Digital multimeter (DMM) Power Supply Signal Generator Oscilloscope.
On-chip inductance and coupling Zeynep Dilli, Neil Goldsman Thanks to Todd Firestone and John Rodgers for providing the laboratory equipment and expertise.
Oscilloscope Watch Teardown. Agenda History and General overview Hardware design: – Block diagram and general overview – Choice of the microcontroller.
Computer Hardware Introduction. Computer System Components Input Keyboard, Mouse, Camera, Touch Pad Processing CPU Output Monitor, Printer Storage Floppy,
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS Singapore.
©2005 David LavoDiagnosis & FA Case Study1 Fault Diagnosis & Failure Analysis Case Study David Lavo January 13, 2005.
Optical side-channel attack on PIC16F84A Martin Hlaváč Charles University in Prague CNES internship summary (part of USE IT project) ECRYPT Ph. D. Summer.
1-1 ICS102: Introduction To Computing I King Fahd University of Petroleum & Minerals College of Computer Science & Engineering Information & Computer Science.
Electric Curcuits and Measurements Basic Electrical components and their functions Measurements of electrical circuits characteristics - Multimeter - Oscilloscope.
Imaging Science Fundamentals Chester F. Carlson Center for Imaging Science Display Systems Viewing Images.
BASIC ELECTRONICS.
Advanced Phasor Measurement Units for the Real-Time Monitoring
Switched capacitor DC-DC converter ASICs for the upgraded LHC trackers M. Bochenek 1,2, W. Dąbrowski 2, F. Faccio 1, S. Michelis 1 1. CERN, Conseil Européen.
Performance of SPIROC chips in SKIROC mode
Readout Electronics: SIDECAR ASIC Hardware
S12X Full-Emulator: Pictures of the Emulator Hardware.
1 4. EMC measurement methods. 2 Why EMC standard measurement methods Check EMC compliance of ICs, equipments and systems Comparison of EMC performances.
3 1 3 C H A P T E R Hardware: Input, Processing, and Output Devices.
Kaitlin Peranski Spencer Wasilewski Kyle Jensen Kyle Lasher Jeremy Berke Chris Caporale.
1HSSPG Georgia Tech High Speed Image Acquisition System for Focal-Plane-Arrays Doctoral Dissertation Presentation by Youngjoong Joo School of Electrical.
EGRE 427 Advanced Digital Design Figures from Application-Specific Integrated Circuits, Michael John Sebastian Smith, Addison Wesley, 1997 Chapter 4 Programmable.
1 Embedded Systems Computer Architecture. Embedded Systems2 Memory Hierarchy Registers Cache RAM Disk L2 Cache Speed (faster) Cost (cheaper per-byte)
Testing of integrated circuits and design for testability J. Christiansen CERN - EP/MIC
1 A ROOT Tool for 3D Event Visualization in ATLAS Calorimeters Luciano Andrade José de Seixas Federal University of Rio de Janeiro/COPPE.
Smart card security Nora Dabbous Security Technologies Department.
CSE 494: Electronic Design Automation Lecture 2 VLSI Design, Physical Design Automation, Design Styles.
Advanced Design Applications Power and Energy © 2014 International Technology and Engineering Educators Association STEM  Center for Teaching and Learning™
Development of a high-speed single photon pixellated detector for visible wavelengths Introduction A photon incident on the photocathode produces a photoelectron.
Penn ESE370 Fall DeHon 1 ESE370: Circuit-Level Modeling, Design, and Optimization for Digital Systems Day 33: November 20, 2013 Crosstalk.
Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.
A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.
Basic Structure Discharge Mechanism Wall Charge Concept Drive of PDP.
COEN 180 Flash Memory. Floating Gate Fundamentals Floating Gate between control gate and channel in MOSFET. Not directly connected to an outside line.
LC Power Distribution & Pulsing Workshop, May 2011 Super-ALTRO Demonstrator Test Results LC Power Distribution & Pulsing Workshop, May nd November.
New Methods for Cost-Effective Side- Channel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper.
1 Information Security – Theory vs. Reality , Winter Lecture 3: Power analysis, correlation power analysis Lecturer: Eran Tromer.
Lecture7 –More on Attacks Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009.
El-Mul Technologies Ltd – Confidential & Proprietary El-Mul Technologies El-Mul Technologies Ltd – Confidential & Proprietary Prof. Eli Cheifetz, Chairman.
Mullard Space Science Laboratory Using a CCD for the direct detection of electrons in a low energy space plasma spectrometer A CCD in place of an MCP:
Timing System R+D for the NLC Josef Frisch. NLC and PEPII Phase and Timing Requirements (approximate)
Presented by-REHAN FAZAL. (1) Introduction to projectors (2) Types of projectors (3) Advantages and disadvantages (4) conclusion Table of contents.
USE-IT 2007, Toulouse France Valery Ray PBS&T FREUD Methods FIB Invasive Attacks and Countermeasures.
AHCAL Electronics. Status of Integration Mathias Reinecke for the DESY AHCAL developers AHCAL main and analysis meeting Hamburg, July 16th and 17th, 2009.
MADEIRA Valencia report V. Stankova, C. Lacasta, V. Linhart Ljubljana meeting February 2009.
Yossi Oren, yos strudel bgu.ac.il, yossioren System Security Engineering course, Dec
Introduction to ASICs ASIC - Application Specific Integrated Circuit
By ADITYA NAGARAJ MASKERI 1DS07EE006
VLSI Testing Lecture 5: Logic Simulation
Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser
VLSI Testing Lecture 5: Logic Simulation
SLS Timing Master Timo Korhonen, PSI.
Test Slab Status CALICE ECAL test slab: what is it all about?
Components of Computer
Course Title : Sessional on EEE 1119
Computer Hardware Introduction.
S12X Full-Emulator: Pictures of the Emulator Hardware
Day 33: November 19, 2014 Crosstalk
Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav.
Day 31: November 23, 2011 Crosstalk
Circuit Modeling of Dynamic Secondary Electron Contrasts in an SEM
GCSE OCR 4 Storage Computer Science J276 Unit 1
Presentation transcript:

CHES 2015 Finding the AES Bits in the Haystack: Reverse Engineering and SCA Using Voltage Contrast Christian Kison, Jürgen Frinken and Christof Paar 16.09.2015

Voltage Contrast SCA Outline Motivation Voltage Contrast Passive/Active Voltage Contrast (VC) Capacitive Coupled Voltage Contrast (CCVC) Voltage Contrast Side Channel Analysis (VCSCA) Hardware Reverse Engineering Correlation Attack Conclusion and Future Work

Voltage Contrast SCA Motivation – The Haystack Goal: Hardware Reverse Engineering Straightforward Approach Sand-and-scan Netlist extraction Search Region-of-Interest (ROI) Todays IC chips Millions of Gates ROI Location: Needle in the haystack Infeasible manual work http://edocumentsciences.com/wp-content/uploads/2011/10/Finding-A-Password-In-A-Haystack.jpg

Voltage Contrast SCA Region of Interest – The Needle Finding the ROI (Region of Interest) : Mandatory for Hardware Reverse Engineering Precise Fault Attacks Laser, UV light, EM induction, Probing, … Improves EM SCA Multiple approaches suggested: EM cartography Photon Emission Images Surface Liquid Crystal Fault Attacks Voltage Contrast / E-Beam AES?? FLASH RAM ANALOG IO

Voltage Contrast SCA Voltage Contrast - Introduction Voltage Contrast used for Failure Analysis Locate badly connected wires High resistance … Negative charge of electrons in beams Commercial E-Beam Prober Very fast Expensive Non-contact voltmeter Scanning Electron Microscope (SEM) Slow Mid-cost Academically well distributed http://www.nationalparts.com/pes/images/failure_analysis.jpg

Voltage Contrast SCA Voltage Contrast - ROI Target: Atmel XMega AES Co-Processor Proof of Concept Decap package Top layer visible XMega in SEM vacuum chamber Power-up device Trigger AES http://www.muanalysis.com/_documents/300%20series%20images/304.jpg http://jeffreyhill.typepad.com/.a/6a00d8341d417153ef016768405219970b-800wi

Voltage Contrast SCA Passive/Active Voltage Contrast SEM SEM primary beam primary beam imaging detector imaging detector - - - - - - secondary electrons - - - - - secondary electrons - - - - + + + + + + + + + + + + + + + - - - - - - - Structure Grounded structure

Voltage Contrast SCA VCA in a SEM Neutral (not connected) Working (cycle x) Working (cycle x+1) Slow SEM Some kHz External clock control! Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult.

Voltage Contrast SCA Setup – Low Cost SEM Control SEM Control PC (2) SEM (2) primary beam Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult. Keyboard emulation generated clock Controller (3) setup PC (4) DUT (1) USART

Voltage Contrast SCA Capacitive Coupled Voltage Contrast With passivation 2 phases separated by a cycle Charge (Clock cycle) Evaluate External clock control! Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult. Schematic Top metal layer Wire Wire dielectric SiO2 2nd metal layer Wire

Voltage Contrast SCA Capacitive Coupled VC – Phase 1 SEM - primary beam accumulated charge Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult. - - - - - - - - - - - - - - - - - - + + + + + + + + Top metal layer +3 V + GND - - - - - - - - - - - - - - - - - - - - Secondmetal layer dielectric SiO2 +3 V + Schematic

Voltage Contrast SCA Capacitive Coupled VC – Phase 2 Note: Clock cycle takes place SEM (accumulated) secondary electrons primary beam Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult. - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + Top metal layer GND - +3V + - - - - - - - - - - - - - - - - - - - Secondmetal layer dielectric SiO2 GND - Schematic

Voltage Contrast SCA A Single Tracevideo – 5 Frames / 1 Clock cycle Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult.

Voltage Contrast SCA Proof-of-Concept We know: Key Plaintext/Ciphertext Traces: Tracevideo frames Pearson correlation Hamming Weight model Intermediate AES bits and raw VCSCA videoframe 2-bit logic functions of intermediate bits ( SCA Reverse Engineering) Simple Side Channel Analysis (single trace, nor plain/key known) Trace Acquisition 300 Traces ~3 Hz external clock Tracevideos T1 T2 T… T300 Frames F1 F2 F… Fn Intermediate AES bits Correlate Located correlation frame

Voltage Contrast SCA Results – Locate Bit 1 of Subbytes Byte 1 Frame 48 Subbytes Byte X Bit 1 Sequentially byte-wise pipelined Common Load/Store Unit Frame 48 Subbytes Byte 1 Bit 1

Voltage Contrast SCA Results - Hardware Reverse Engineering SEM pictures 1st and 2nd layer Overlayed with 50% transparent result (dark cloud) Align and Trace down DFFs … Mark in extracted netlist

Voltage Contrast SCA Results – Correlation Attack New Assumption: Key unknown Known plaintext Aquire 100 Traces Key Hypothesis Set to 1 Correlation close to -1 or +1 Full AES-128 key recovered

Voltage Contrast SCA Conclusion Voltage Contrast is mid-cost Scanning Electronic Microscope Widely available in academia Second hand for < €10k Low cost adjustment Hardware Reverse Engineering tool Pinpoint ROI within minutes Front side Might be shielded Powerful Side Channel (VCSCA)

Voltage Contrast SCA Future Work Hardware Reverse Engineering Tool Optimize the setup Faster Less noisy Verify netlist assumptions Hardware Debugging tool? Research shows feasibility of backside CCVC[1] [1] Schlangen et.al, Backside e-beam probing on nano scale devices, Journal of Materials Science: Materials in Electronics

Thank You! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.