Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Vulnerability modelling of crypto-chips against scan-based attacks

© The Institution of Engineering and Technology
Received 02/10/2017, Accepted 21/03/2018, Revised 06/02/2018, Published 04/04/2018

In this study, a gate-level vulnerability model is proposed to detect the potential security holes of crypto-chips against scan-based attacks. The proposed model offers a relative measure so-called vulnerability factor (VF) for each net of a given crypto-chip. Nets with the highest VFs are considered as the most vulnerable nets of the crypto-chip. The VF of each gate output is calculated considering (i) VFs of the gate inputs, and (ii) the probability of having a signal transition at the gate output. In order to validate the proposed model, the authors implemented the iterative and pipelined AES, as well as the iterative DES encryption algorithms to find their most vulnerable nets. Then the most vulnerable nets of each design, have been masked by a simple mechanism to explore the accuracy of the proposed model. Results of scan-based attacks which are done by ModelSim simulations show that by masking only 32, 64 and 32 nets in iterative Advanced Encryption Standard (AES), pipelined AES and iterative Data Encryption Standard(DES) designs, respectively, all of the done attacks are failed. Achieved results of the proposed model in comparison with the signal activity and random approaches demonstrate the superiority of the proposed model.

Inspec keywords: cryptography; iterative methods

Other keywords: vulnerability factor; iterative Advanced Encryption Standard; gate inputs; vulnerability modelling; scan-based attacks; vulnerable nets; VF; iterative Data Encryption Standard designs; security holes; crypto-chips; ModelSim simulations; gate-level vulnerability model; iterative DES encryption algorithms; gate output

Subjects: Data security; Cryptography; Interpolation and function approximation (numerical analysis); Interpolation and function approximation (numerical analysis)

References

    1. 1)
      • 16. Dalvadi, D., Kothari, B., Shah, K.: ‘A new differential scan-based side-channel attacks against RSA cryptosystem’. Proc. of Int. Conf. on ICT for Sustainable Development, Bangkok, Thailand, 2016, pp. 133141.
    2. 2)
      • 1. Yang, B., Wu, K., Karri, R.: ‘Scan based side channel attack on dedicated hardware implementations of data encryption standard’. Int. Test Conf. (ITC), Charlotte, North Carolina, USA, 2004, pp. 339344.
    3. 3)
      • 29. ‘Trust-Hub’. Available at http://www.trust-hub.org/aes-t100.php, accessed 29 December 2016.
    4. 4)
      • 17. Da Rolt, J., Di Natale, G., Flottes, M.L., et al: ‘A new scan attack on RSA in presence of industrial countermeasures’, in ‘Constructive side-channel analysis and secure design’ (Springer, Darmstadt, Germany, 2012), pp. 89104.
    5. 5)
      • 4. ‘JTAG’. Available at http://www.jtag.com/en/content/corecommander, accessed 29 December 2016.
    6. 6)
      • 26. Kopf, B., Basin, D.: ‘An information-theoretic model for adaptive side-channel attacks’. Proc. of the 14th ACM Conf. on Computer and Communications Security, Alexandria, Virginia, USA, 2007, pp. 286296.
    7. 7)
      • 20. Da Rolt, J., Di Natale, G., Flottes, M.L., et al: ‘Thwarting scan-based attacks on secure-ICs with on-chip comparison’, IEEE Trans. Very Large Scale Integr. (VLSI) Syst., 2014, 22, (4), pp. 947951.
    8. 8)
      • 7. ‘Gaisler-AES-ECC’. Available at http://www.gaisler.com/doc/aes & ecc_product_sheet.pdf, accessed 29 December 2016.
    9. 9)
      • 24. Sengar, G., Mukhopadhyay, D., Chowdhury, D.R.: ‘Secured flipped scan-chain model for crypto-architecture’, IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., 2007, 26, (11), pp. 20802084.
    10. 10)
      • 3. Jin, Y.: ‘Design-for-security vs. Design-for-testability: a case study on DFT chain in cryptographic circuits’. IEEE Computer Society Annual Symp. on VLSI (ISVLSI), Tampa, Florida, USA, 2014, pp. 1924.
    11. 11)
      • 22. Inoue, M., Yoneda, T., Hasegawa, M., et al: ‘Balanced secure scan: partial scan approach for secret information protection’, J. Electron. Test., 2011, 27, (2), pp. 99108.
    12. 12)
      • 8. ‘Gaisler(Leon4)’. Available at http://www.gaisler.com/doc/LEON4_32-bit_processor_core.pdf, accessed 29 December 2016.
    13. 13)
      • 23. Lee, J., Tehranipoor, M., Patel, C., et al: ‘Securing designs against scan-based side-channel attacks’, IEEE Trans. Dependable Secur. Comput., 2007, 4, (4), pp. 325336.
    14. 14)
      • 15. Ali, S.S., Sinanoglu, O., Saeed, S.M., et al: ‘New scan-based attack using only the test mode’. Int. Conf. on Very Large Scale Integration (VLSI-SoC), Novotel, Istanbul, Turkey, 2013, pp. 234239.
    15. 15)
      • 14. Ali, S.S., Sinanoglu, O., Saeed, S.M., et al: ‘New scan attacks against state-of-the-art countermeasures and DFT’. IEEE Int. Symp. on Hardware-Oriented Security and Trust (HOST), Arlington, Virginia, USA, 2014, pp. 142147.
    16. 16)
      • 12. Da Rolt, J., Di Natale, G., Flottes, M.L., et al: ‘A novel differential scan attack on advanced DFT structures’, ACM Trans. Design Autom. Electron. Syst. (TODAES), 2013, 18, (4), pp. 58.158.22.
    17. 17)
      • 28. ‘Open Cores’. Available at http://www.opencores.org/cores/aes_core, accessed 20 January 2016.
    18. 18)
      • 18. Zou, M.H., Ma, K., Wu, K.J., et al: ‘Scan-based attack on stream ciphers: a case study on eSTREAM finalists’, J. Comput. Sci. Technol., 2014, 29, (4), pp. 646655.
    19. 19)
      • 27. Demme, J., Martin, R., Waksman, A., et al: ‘Side-channel vulnerability factor: a metric for measuring information leakage’, ACM SIGARCH Comput. Archit. News, 2012, 40, (3), pp. 106117.
    20. 20)
      • 13. Da Rolt, J., Di Natale, G., Flottes, M.L., et al: ‘Scan attacks and countermeasures in presence of scan response compactors’. 16th IEEE European Test Symp. (ETS), Norwegian University of Science and Technology, Norway, 2011, pp. 1924.
    21. 21)
      • 2. Bushnell, M.L., Agrawal, V.D.: ‘Essentials of electronic testing for digital, memory and mixed-signal VLSI circuits’ (Springer, New York, 2000).
    22. 22)
      • 9. ‘Qualcomm’. Available at https://developer.qualcomm.com/download/sd600/snapdragon-600-datasheet. pdf, accessed 29 December 2016.
    23. 23)
      • 6. ‘MicroChip’. Available at http://microchip.wikidot.com/32bit:mz-arch-peripherals-overview, accessed 29 December 2016.
    24. 24)
      • 19. Fujishiro, M., Yanagisawa, M., Togawa, N.: ‘Scan-based attack against trivium stream cipher independent of scan structure’. IEEE 10th Int. Conf. on ASIC (ASICON), Shenzhen, China, 2013, pp. 14.
    25. 25)
      • 21. Atobe, Y., Shi, Y., Yanagisawa, M., et al: ‘Dynamically changeable secure scan architecture against scan-based side channel attack’. Int. SoC Design Conf. (ISOCC), Jeju Island, South Korea, 2012, pp. 155158.
    26. 26)
      • 25. Rostami, M., Koushanfar, F., Karri, R.: ‘A primer on hardware security: models, methods, and metrics’, Proc. IEEE, 2014, 102, (8), pp. 12831295.
    27. 27)
      • 11. Saeed, S.M., Ali, S.S., Sinanoglu, O., et al: ‘Test-mode-only scan attack and countermeasure for contemporary scan architectures’. IEEE Int. Test Conf. (ITC), Seattle, Washington, USA, 2014, pp. 18.
    28. 28)
      • 10. Yang, B., Wu, K., Karri, R.: ‘Secure scan: a design-for-test architecture for crypto chips’, IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., 2006, 25, (10), pp. 22872293.
    29. 29)
      • 30. ‘GitHub’. Available at https://github.com/DrKroeger/DESandDESTrojans/tree/master/des_src, accessed 20 August 2017.
    30. 30)
      • 5. Da Rolt, J., Das, A., Di Natale, , et al: ‘Test versus security: past and present’, IEEE Trans. Emerg. Top. Comput., 2014, 2, (1), pp. 5062.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2017.0440
Loading

Related content

content/journals/10.1049/iet-ifs.2017.0440
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address