Side(channel attacks
techni,ues that allo# the attacker to monitor the analog characteristics of
po#er supply and interface connections and any electromagnetic radiation
Soft#are attacks
use the normal communication interface and e$ploit security vulnerabilities
found in the protocols" cryptographic algorithms" or their implementation
,ault generation
use abnormal environmental conditions to generate malfunctions in the
system that provide additional access
&icropro!ing
can be used to access the chip surface directly" so #e can observe"
manipulate" and interfere #ith the device
-everse engineering
used to understand the inner structure of the device and learn or emulate
its functionality. re,uires the use of the same technology available to
semiconductor manufacturers and gives similar capabilities to the attacker
/
Design and Security of Cryptographic Algorithms and Devices (ECRYPT II Al!ena" #ulgaria" $% &ay ' ( )une $*++
Attack methods
fill the gap bet#een non(invasive and invasive types" being both
ine$pensive and easily repeatable
1
Design and Security of Cryptographic Algorithms and Devices (ECRYPT II Al!ena" #ulgaria" $% &ay ' ( )une $*++
argets of fault attacks
2mbedded memory
S-A3" 22&-43" Flash" -43
5&6
instructions" data" result" 7umps
Security
reset fuse" force debug" access
5ommon components
5&6
3emory
I84
high(voltage operation
S-A3
ools
digital multimeter
I5 soldering8desoldering station
signal generator
F&;A board
prototyping boards
<
Design and Security of Cryptographic Algorithms and Devices (ECRYPT II Al!ena" #ulgaria" $% &ay ' ( )une $*++
0on(invasive attacks: fault in7ection
;litch attacks
clock glitches
corrupting data
crypto(coprocessors
soft#are countermeasures
B>
Design and Security of Cryptographic Algorithms and Devices (ECRYPT II Al!ena" #ulgaria" $% &ay ' ( )une $*++
Invasive attacks
&enetrative attacks
ools
I5 soldering8desoldering station
microprobing station
signal generator
Decapsulation
manual #ith fuming nitric acid %=04
+
' and acetone at 9>I5
automatic using mi$ture of =04
+
and =
2
S4
/
full or partial
4ptical imaging
less e$pensive and easier to setup and repeat than invasive attacks
ools
I5 soldering8desoldering station
signal generator
F&;A board
prototyping boards
Decapsulation
manual #ith fuming nitric acid %=04
+
' and acetone at 9>I5
automatic using mi$ture of =04
+
and =
2
S4
/
full or partial
code is e$ecuted from the internal S-A3 that can be loaded from
A2S(encrypted e$ternal 0A0D" SD or S&I Flash memory
once activated the A2S key is read protected and cannot be altered
Actel
]
&roASI5+
]
>KB+Qm" : metal layers" Flash F&;A
o&&er one o& the hi!hest levels o& 'esi!n securit" in the in'ustr"#
memory access via FA; for 2rase" &rogram and !erify operations
chip on a test board under microscope #ith 2>O and B>91nm laser
+H
Design and Security of Cryptographic Algorithms and Devices (ECRYPT II Al!ena" #ulgaria" $% &ay ' ( )une $*++
-esults
searching for single Y>Y bit" then t#o Y>Y and so on until passed
Slo# process
special securit" ke"s are hi''en throu!hout the &a%ric o& the
'evice preventin! internal pro%in! an' overwritin!. 0he" are
locate' such that the" cannot %e accesse' or %"passe' without
'estro"in! the rest o& the 'evice makin! %oth invasive an' more
su%tle noninvasive attacks ine&&ective#
Do a bit of research
user A2S D3R is used for Actel I& core protection %D3R J 3B key'
/<
Design and Security of Cryptographic Algorithms and Devices (ECRYPT II Al!ena" #ulgaria" $% &ay ' ( )une $*++
Dual(key security in Actel F&;A
#hen protection for both user I& and vendor I& are re,uired then
A2S ReyJ=%user key" vendor key'" = secure hash function
in 3BAFS9>> the 2
nd
key J 3B key" #hat is the 2
nd
key in AFS9>>*
/H
Design and Security of Cryptographic Algorithms and Devices (ECRYPT II Al!ena" #ulgaria" $% &ay ' ( )une $*++
=o# the A2S key can be attacked*
+ second #ith D!@(2 board using special S5A sensor from D!@
all Actel +
rd
generation Flash F&;A devices %&roASI5+" &roASI5+@"
&roASI5+ nano" Igloo" Igloo plus" Igloo nano" Fusion" SmartFusion'
share the same factory secret master key
memory access via FA; for 2rase" &rogram and !erify operations
#o #ays of approaching
set !
-2F
Tmin%!
=
' to flip all bits to bBV
set !
-2F
Pma$%!
=
' to flip all bits to b>V
&o#er glitching of !
55
for the duration of 0 #ords and
search for matching value
5hange !
-2F
and repeat !
55
glitching until all bits are found
;litching !
55
at the time #hen the #ord value is latched
into internal register and ad7usting the timing in 21ns steps
searching for single Y>b bit" then t#o Y>Y and so on until passed
t#ice as fast
19
Design and Security of Cryptographic Algorithms and Devices (ECRYPT II Al!ena" #ulgaria" $% &ay ' ( )une $*++
5ountermeasures
4ld devices
Additional protections
soft#are countermeasures
S3icroelectronics SB9 smartcard Fu7itsu secure microcontroller
9>
Design and Security of Cryptographic Algorithms and Devices (ECRYPT II Al!ena" #ulgaria" $% &ay ' ( )une $*++
Defence technologies: #hat goes #rong*
Duicker turnaround
4ther e$amples
Slides
http:88###KclKcamKacKuk8Usps+2825-a&2>BBdBKpdf
@iterature:
http:88###KclKcamKacKuk8Usps+28
http:88###KclKcamKacKuk8Usps+28A&ublications