Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHES 2015 Finding the AES Bits in the Haystack:

Published byBrent Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "CHES 2015 Finding the AES Bits in the Haystack:"— Presentation transcript:

1 CHES 2015 Finding the AES Bits in the Haystack:
Reverse Engineering and SCA Using Voltage Contrast Christian Kison, Jürgen Frinken and Christof Paar

2 Voltage Contrast SCA Outline
Motivation Voltage Contrast Passive/Active Voltage Contrast (VC) Capacitive Coupled Voltage Contrast (CCVC) Voltage Contrast Side Channel Analysis (VCSCA) Hardware Reverse Engineering Correlation Attack Conclusion and Future Work

3 Voltage Contrast SCA Motivation – The Haystack
Goal: Hardware Reverse Engineering Straightforward Approach Sand-and-scan Netlist extraction Search Region-of-Interest (ROI) Todays IC chips Millions of Gates ROI Location: Needle in the haystack Infeasible manual work

4 Voltage Contrast SCA Region of Interest – The Needle
Finding the ROI (Region of Interest) : Mandatory for Hardware Reverse Engineering Precise Fault Attacks Laser, UV light, EM induction, Probing, … Improves EM SCA Multiple approaches suggested: EM cartography Photon Emission Images Surface Liquid Crystal Fault Attacks Voltage Contrast / E-Beam AES?? FLASH RAM ANALOG IO

5 Voltage Contrast SCA Voltage Contrast - Introduction
Voltage Contrast used for Failure Analysis Locate badly connected wires High resistance Negative charge of electrons in beams Commercial E-Beam Prober Very fast Expensive Non-contact voltmeter Scanning Electron Microscope (SEM) Slow Mid-cost Academically well distributed

6 Voltage Contrast SCA Voltage Contrast - ROI
Target: Atmel XMega AES Co-Processor Proof of Concept Decap package Top layer visible XMega in SEM vacuum chamber Power-up device Trigger AES

7 Voltage Contrast SCA Passive/Active Voltage Contrast
SEM SEM primary beam primary beam imaging detector imaging detector - - - - - - secondary electrons - - - - - secondary electrons - - - - + + + + + + + + + + + + + + + - - - - - - - Structure Grounded structure

8 Voltage Contrast SCA VCA in a SEM
Neutral (not connected) Working (cycle x) Working (cycle x+1) Slow SEM Some kHz External clock control! Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult.

9 Voltage Contrast SCA Setup – Low Cost SEM Control
SEM Control PC (2) SEM (2) primary beam Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult. Keyboard emulation generated clock Controller (3) setup PC (4) DUT (1) USART

10 Voltage Contrast SCA Capacitive Coupled Voltage Contrast
With passivation 2 phases separated by a cycle Charge (Clock cycle) Evaluate External clock control! Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult. Schematic Top metal layer Wire Wire dielectric SiO2 2nd metal layer Wire

11 Voltage Contrast SCA Capacitive Coupled VC – Phase 1
SEM - primary beam accumulated charge Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult. - - - - - - - - - - - - - - - - - - + + + + + + + + Top metal layer +3 V + GND - - - - - - - - - - - - - - - - - - - - Secondmetal layer dielectric SiO2 +3 V + Schematic

12 Voltage Contrast SCA Capacitive Coupled VC – Phase 2
Note: Clock cycle takes place SEM (accumulated) secondary electrons primary beam Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult. - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + Top metal layer GND - +3V + - - - - - - - - - - - - - - - - - - - Secondmetal layer dielectric SiO2 GND - Schematic

13 Voltage Contrast SCA A Single Tracevideo – 5 Frames / 1 Clock cycle
Suche nach einem Grashalm auf einem Fußballfeld The effect of setting the lock bits by UV-light is used to find it’s location. If the lock bit is set it is not under the mask. Otherwise it is in the covered area. Using the effect of setting the lock bits by UV-light it is possible to find the location of interest. Therefore we cover the half of the interesting area with an UV-absorbing mask, irradiate with UV-light for some minutes and read the lock bit. If the lock bit is set we know that it is not under the mask. Otherwise it is in the covered area. repeat this until the handling of the mask is to difficult.

14 Voltage Contrast SCA Proof-of-Concept
We know: Key Plaintext/Ciphertext Traces: Tracevideo frames Pearson correlation Hamming Weight model Intermediate AES bits and raw VCSCA videoframe 2-bit logic functions of intermediate bits ( SCA Reverse Engineering) Simple Side Channel Analysis (single trace, nor plain/key known) Trace Acquisition 300 Traces ~3 Hz external clock Tracevideos T1 T2 T… T300 Frames F1 F2 F… Fn Intermediate AES bits Correlate Located correlation frame

15 Voltage Contrast SCA Results – Locate Bit 1 of Subbytes Byte 1
Frame 48 Subbytes Byte X Bit 1 Sequentially byte-wise pipelined Common Load/Store Unit Frame 48 Subbytes Byte 1 Bit 1

16 Voltage Contrast SCA Results - Hardware Reverse Engineering
SEM pictures 1st and 2nd layer Overlayed with 50% transparent result (dark cloud) Align and Trace down DFFs Mark in extracted netlist

17 Voltage Contrast SCA Results – Correlation Attack
New Assumption: Key unknown Known plaintext Aquire 100 Traces Key Hypothesis Set to 1 Correlation close to -1 or +1 Full AES-128 key recovered

18 Voltage Contrast SCA Conclusion
Voltage Contrast is mid-cost Scanning Electronic Microscope Widely available in academia Second hand for < €10k Low cost adjustment Hardware Reverse Engineering tool Pinpoint ROI within minutes Front side Might be shielded Powerful Side Channel (VCSCA)

19 Voltage Contrast SCA Future Work
Hardware Reverse Engineering Tool Optimize the setup Faster Less noisy Verify netlist assumptions Hardware Debugging tool? Research shows feasibility of backside CCVC[1] [1] Schlangen et.al, Backside e-beam probing on nano scale devices, Journal of Materials Science: Materials in Electronics

20 Thank You! Questions?

Download ppt "CHES 2015 Finding the AES Bits in the Haystack:"

Similar presentations

Nanoscience, Nanotechnology and Nanomanufacturing Exciting new science and technology for the 21st century.

Nanoscience, Nanotechnology and Nanomanufacturing Exciting new science and technology for the 21st century.
Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.

Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.
Packaging.

Packaging.
Information Security – Theory vs. Reality 0368-4474-01, Winter 2011 Guest Lecturer: Yossi Oren 1.

Information Security – Theory vs. Reality , Winter 2011 Guest Lecturer: Yossi Oren 1.
Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
Slides based on Kewal Saluja

Slides based on Kewal Saluja
9/20/6Lecture 3 - Instruction Set - Al1 The Hardware Interface.

9/20/6Lecture 3 - Instruction Set - Al1 The Hardware Interface.
Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity 1.

Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity 1.
Introduction to electronics lab ENGRI 1810 Using: Solderless prototype board (white board) Digital multimeter (DMM) Power Supply Signal Generator Oscilloscope.

Introduction to electronics lab ENGRI 1810 Using: Solderless prototype board (white board) Digital multimeter (DMM) Power Supply Signal Generator Oscilloscope.
On-chip inductance and coupling Zeynep Dilli, Neil Goldsman Thanks to Todd Firestone and John Rodgers for providing the laboratory equipment and expertise.

On-chip inductance and coupling Zeynep Dilli, Neil Goldsman Thanks to Todd Firestone and John Rodgers for providing the laboratory equipment and expertise.
Oscilloscope Watch Teardown. Agenda History and General overview Hardware design: – Block diagram and general overview – Choice of the microcontroller.

Oscilloscope Watch Teardown. Agenda History and General overview Hardware design: – Block diagram and general overview – Choice of the microcontroller.
Computer Hardware Introduction. Computer System Components Input Keyboard, Mouse, Camera, Touch Pad Processing CPU Output Monitor, Printer Storage Floppy,

Computer Hardware Introduction. Computer System Components Input Keyboard, Mouse, Camera, Touch Pad Processing CPU Output Monitor, Printer Storage Floppy,
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS 2012- Singapore.

Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS Singapore.
©2005 David LavoDiagnosis & FA Case Study1 Fault Diagnosis & Failure Analysis Case Study David Lavo January 13, 2005.

©2005 David LavoDiagnosis & FA Case Study1 Fault Diagnosis & Failure Analysis Case Study David Lavo January 13, 2005.
Optical side-channel attack on PIC16F84A Martin Hlaváč Charles University in Prague CNES internship summary (part of USE IT project) ECRYPT Ph. D. Summer.

Optical side-channel attack on PIC16F84A Martin Hlaváč Charles University in Prague CNES internship summary (part of USE IT project) ECRYPT Ph. D. Summer.
1-1 ICS102: Introduction To Computing I King Fahd University of Petroleum & Minerals College of Computer Science & Engineering Information & Computer Science.

1-1 ICS102: Introduction To Computing I King Fahd University of Petroleum & Minerals College of Computer Science & Engineering Information & Computer Science.
Electric Curcuits and Measurements Basic Electrical components and their functions Measurements of electrical circuits characteristics - Multimeter - Oscilloscope.

Electric Curcuits and Measurements Basic Electrical components and their functions Measurements of electrical circuits characteristics - Multimeter - Oscilloscope.
Imaging Science Fundamentals Chester F. Carlson Center for Imaging Science Display Systems Viewing Images.

Imaging Science Fundamentals Chester F. Carlson Center for Imaging Science Display Systems Viewing Images.
BASIC ELECTRONICS.

BASIC ELECTRONICS.

Similar presentations

Ads by Google