No Place to Hide: Contactless Probing of Secret Data on FPGAs

详细信息    查看全文

• 关键词：FPGA security ; Laser voltage probing ; Physically unclonable function ; Semi ; invasive backside attack.
• 刊名：Lecture Notes in Computer Science
• 出版年：2016
• 出版时间：2016
• 年：2016
• 卷：9813
• 期：1
• 页码：147-167
• 全文大小：2,106 KB
• 参考文献：1.Ear to Ear Oak. http://​eartoearoak.​com/​software/​rtlsdr-scanner/​ . Accessed 6 June 2016
  2.Gqrx SDR. http://​gqrx.​dk . Accessed 6 June 2016
  3.Helion Technology Limited. http://​www.​heliontech.​com . Accessed 6 June 2016
  4.Intrisic-ID Inc. https://​www.​intrinsic-id.​com . Accessed 6 June 2016
  5.Lewis Innovative Technology Inc. http://​lewisinnovative.​com . Accessed 6 June 2016
  6.Verayo Inc. http://​www.​verayo.​com . Accessed 6 June 2016
  7.White Paper: Overview of Data Security Using Microsemi FPGAs and SoC FPGAs. Microsemi Corporation, Aliso Viejo, CA (2013)
  8.Altera: Cyclone IV Device Handbook. Altera Corporation, San Jose (2014)
  9.Becker, G.T.: The gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 535–555. Springer, Heidelberg (2015)CrossRef
  10.Beutler, J.: Visible light LVP on bulk silicon devices. In: 41st International Symposium for Testing and Failure Analysis, 1–5 November 2015. ASM (2015)
  11.Boit, C., Kerst, U., Schlangen, R., Kabakow, A., Le Roy, E., Lundquista, T., Pauthnerb, S.: Impact of back side circuit edit on active device performance in bulk silicon ICs. In: International Test Conference. vol. 2, p. 1236 (2005)
  12.Boit, C., Lohrke, H., Scholz, P., Beyreuther, A., Kerst, U., Iwaki, Y.: Contactless visible light probing for nanoscale ICs through 10 \(\upmu {\rm m}\) bulk silicon. In: Proceedings of the 35th Annual NANO Testing Symposium - NANOTS 2015, pp. 215–221 (2015)
  13.Davidson, A.: WP-01220-1.1: A New FPGA Architecture and Leading-Edge FinFET Process Technology Promise to Meet Next-Generation System Requirements. Altera Corporation, San Jose (2015)
  14.Ganji, F., Tajik, S., Seifert, J.-P.: Why attackers win: on the learnability of XOR arbiter PUFs. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) TRUST 2015. LNCS, vol. 9229, pp. 22–39. Springer, Heidelberg (2015)CrossRef
  15.Gassend, B., Clarke, D., Van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. pp. 148–160. ACM (2002)
  16.Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRef
  17.Güneysu, T., Markov, I., Weimerskirch, A.: Securely sealing multi-FPGA systems. In: Choy, O.C.S., Cheung, R.C.C., Athanas, P., Sano, K. (eds.) ARC 2012. LNCS, vol. 7199, pp. 276–289. Springer, Heidelberg (2012)CrossRef
  18.von Haartman, M.: Optical fault isolation and nanoprobing techniques for the 10nm technology node and beyond. In: 41st International Symposium for Testing and Failure Analysis, November 1–5, 2015. ASM (2015)
  19.Hansen, L.: White Paper WP470: Unleash the Unparalleled Power and Flexibility of Zynq UltraScale+ MPSoCs. Xilinx, Inc., San Jose, CA (2015)
  20.Helfmeier, C., Boit, C., Nedospasov, D., Seifert, J.P.: Cloning physically unclonable functions. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 1–6. IEEE (2013)
  21.Helfmeier, C., Nedospasov, D., Tarnovsky, C., Krissler, J.S., Boit, C., Seifert, J.P.: Breaking and entering through the silicon. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, pp. 733–744. ACM (2013)
  22.Herder, C., Ren, L., van Dijk, M., Yu, M.D.M., Devadas, S.: Trapdoor computational fuzzy extractors and stateless cryptographically-secure physical unclonable functions. IEEE Trans. Dependable Secur. Comput. 2016(99), 1–1 (2016)CrossRef
  23.Hori, Y., Katashita, T., Sasaki, A., Satoh, A.: Electromagnetic side-channel attack against 28-nm FPGA device. In: Pre-proceedings of WISA (2012)
  24.Kindereit, U., Woods, G., Tian, J., Kerst, U., Leihkauf, R., Boit, C.: Quantitative Investigation of laser beam modulation in electrically active devices as used in laser voltage probing. IEEE Trans. Device Mater. Reliab. 7(1), 19–30 (2007)CrossRef
  25.Lu, T., Kenny, R., Atsatt, S.: White Paper WP-01252-1.0: Stratix 10 Secure Device Manager Provides Best-in-Class FPGA and SoC Security. Altera Corporation, San Jose, CA (2015)
  26.Luis, W., Richard Newell, G., Alexander, K.: Differential power analysis countermeasures for the configuration of SRAM FPGAs. In: IEEE Military Communications Conference, MILCOM 2015–2015. pp. 1276–1283. IEEE (2015)
  27.Maes, R.: Physically Unclonable Functions: Constructions: Properties and Applications. Springer, Heidelberg (2013)CrossRef MATH
  28.Maes, R., van der Leest, V., van der Sluis, E., Willems, F.: Secure key generation from biased PUFs. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 517–534. Springer, Heidelberg (2015)CrossRef
  29.Merli, D., Schuster, D., Stumpf, F., Sigl, G.: Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In: Proceedings of the Workshop on Embedded Systems Security, p. 2. ACM (2011)
  30.Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx virtex-II FPGAs. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. pp. 111–124. ACM (2011)
  31.Moradi, A., Oswald, D., Paar, C., Swierczynski, P.: Side-channel attacks on the bitstream encryption mechanism of altera stratix II: facilitating black-box analysis using software reverse-engineering. In: Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays. pp. 91–100. ACM (2013)
  32.Moradi, A., Schneider, T.: Improved Side-Channel Analysis Attacks on Xilinx Bitstream Encryption of 5, 6, and 7 Series, COSADE 2016, Graz, Austria, 14 April 2016
  33.Nedospasov, D., Seifert, J.P., Helfmeier, C., Boit, C.: Invasive PUF analysis. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 30–38. IEEE (2013)
  34.Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)CrossRef
  35.Peterson, E.: White Paper WP468: Leveraging Asymmetric Authentication to Enhance Security-Critical Applications Using Zynq-7000 All Programmable SoCs. Xilinx, Inc., San Jose (2015)
  36.Ravikanth, P.S.: Physical one-way functions. Ph.D. thesis, Massachusetts Institute of Technology (2001)
  37.Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber1, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security. pp. 237–249 (2010)
  38.Schlangen, R., Leihkauf, R., Kerst, U., Lundquist, T., Egger, P., Boit, C.: Physical analysis, trimming and editing of nanoscale IC function with backside FIB processing. Microelectron. Reliab. 49(9), 1158–1164 (2009)CrossRef
  39.Selmke, B., Brummer, S., Heyszl, J., Sigl, G.: Precise laser fault injections into FPGA BRAMs in 90 nm and 45 nm feature size. In: 14th Smart Card Research and Advanced Application Conference - CARDIS 2015 (2015)
  40.Simpson, E., Schaumont, P.: Offline hardware/software authentication for reconfigurable platforms. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 311–323. Springer, Heidelberg (2006)CrossRef
  41.Tajik, S., Dietz, E., Frohmann, S., Dittrich, H., Nedospasov, D., Helfmeier, C., Seifert, J.P., Boit, C., Hübers, H.W.: Photonic side-channel analysis of arbiter PUFs. J. Cryptol. 1–22 (2016). doi:10.​1007/​s00145-016-9228-6
  42.Tajik, S., Dietz, E., Frohmann, S., Seifert, J.-P., Nedospasov, D., Helfmeier, C., Boit, C., Dittrich, H.: Physical characterization of arbiter PUFs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 493–509. Springer, Heidelberg (2014)
  43.Tajik, S., Ganji, F., Seifert, J.P., Lohrke, H., Boit, C.: Laser fault attack on physically unclonable functions. In: 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), IEEE (2015)
  44.Tajik, S., Nedospasov, D., Helfmeier, C., Seifert, J.P., Boit, C.: Emission analysis of hardware implementations. In: 2014 17th Euromicro Conference on Digital System Design (DSD), pp. 528–534. IEEE (2014)
  45.Trimberger, S.M.: Copy protection without non-volatile memory. US Patent 8,416,950 (2013)
  46.Trimberger, S.M., Moore, J.J.: FPGA security: motivations, features, and applications. Proc. IEEE 102(8), 1248–1265 (2014)CrossRef
  47.Tuyls, P., Schrijen, G.-J., Škorić, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 369–383. Springer, Heidelberg (2006)CrossRef
  
• 作者单位：Heiko Lohrke (15)
  Shahin Tajik (16)
  Christian Boit (15)
  Jean-Pierre Seifert (16)
  
  15. Semiconductor Devices, Technische Universität Berlin, Berlin, Germany
  16. Security in Telecommunications, Technische Universität Berlin, Berlin, Germany
  
• 丛书名：Cryptographic Hardware and Embedded Systems ¨C CHES 2016
• ISBN：978-3-662-53140-2
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349
• 卷排序：9813

文摘

Field Programmable Gate Arrays (FPGAs) have been the target of different physical attacks in recent years. Many different countermeasures have already been integrated into these devices to mitigate the existing vulnerabilities. However, there has not been enough attention paid to semi-invasive attacks from the IC backside due to the following reasons. First, the conventional semi-invasive attacks from the IC backside — such as laser fault injection and photonic emission analysis — cannot be scaled down without further effort to the very latest nanoscale technologies of modern FPGAs and programmable SoCs. Second, the more advanced solutions for secure storage, such as controlled Physically Unclonable Functions (PUFs), make the conventional memory-readout techniques almost impossible. In this paper, however, novel approaches have been explored: Attacks based on Laser Voltage Probing (LVP) and its derivatives, as commonly used in Integrated Circuit (IC) debug for nanoscale low voltage technologies, are successfully launched against a 60 nanometer technology FPGA. We discuss how these attacks can be used to break modern bitstream encryption implementations. Our attacks were carried out on a Proof-of-Concept PUF-based key generation implementation. To the best of our knowledge this is the first time that LVP is used to perform an attack on secure ICs.