Key Extraction using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs

Thermal laser stimulation (TLS) is a failure analysis technique, which can be deployed by an adversary to localize and read out stored secrets in the SRAM of a chip. To this date, a few proof-of-concept experiments based on TLS or similar approaches have been reported in the literature, which do not reflect a real attack scenario. Therefore, it is still questionable whether this attack technique is applicable to modern ICs equipped with side-channel countermeasures. The primary aim of this work is to assess the feasibility of launching a TLS attack against a device with robust security features. To this end, we select a modern FPGA, and more specifically, its key memory, the so-called battery-backed SRAM (BBRAM), as a target. We demonstrate that an attacker is able to extract the stored 256-bit AES key used for the decryption of the FPGA’s bitstream, by conducting just a single non-invasive measurement. Moreover, it becomes evident that conventional countermeasures are incapable of preventing our attack since the FPGA is turned off during key recovery. Based on our time measurements, the required effort to develop the attack is shown to be less than 7 hours. To avert this powerful attack, we propose a low-cost and CMOS compatible countermeasure circuit, which is capable of protecting the BBRAM from TLS attempts even when the FPGA is powered off. Using a proof-of-concept prototype of our countermeasure, we demonstrate its effectiveness against TLS key extraction attempts.

[1]  Sergei P. Skorobogatov Optically Enhanced Position-Locked Power Analysis , 2006, CHES.

[2]  Jean-Pierre Seifert,et al.  On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs , 2017, CCS.

[3]  N. Otsu A threshold selection method from gray level histograms , 1979 .

[4]  Stephen M. Trimberger,et al.  FPGA Security: Motivations, Features, and Applications , 2014, Proceedings of the IEEE.

[5]  Min Cao,et al.  A 20nm 112Mb SRAM in High-к metal-gate with assist circuitry for low-leakage and low-VMIN applications , 2013, 2013 IEEE International Solid-State Circuits Conference Digest of Technical Papers.

[6]  Ross J. Anderson,et al.  On a new way to read data from memory , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[7]  Elham Amini,et al.  STUDENT PAPER: Backside Protection Structure for Security Sensitive ICs , 2017 .

[8]  Christian Boit,et al.  Ultra high precision circuit diagnosis through seebeck generation and charge monitoring , 2013, Proceedings of the 20th IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA).

[9]  Christof Paar,et al.  Physical Security Evaluation of the Bitstream Encryption Mechanism of Altera Stratix II and Stratix III FPGAs , 2015, TRETS.

[10]  Stephan Saalfeld,et al.  Globally optimal stitching of tiled 3D microscopic image acquisitions , 2009, Bioinform..

[11]  Johannes E. Schindelin,et al.  Fiji: an open-source platform for biological-image analysis , 2012, Nature Methods.

[12]  Philippe Perdu,et al.  Implementing Thermal Laser and Photoelectric Laser Stimulation in a failure analysis laboratory , 2003, Proceedings of the 10th International Symposium on the Physical and Failure Analysis of Integrated Circuits. IPFA 2003.

[13]  Jean-Pierre Seifert,et al.  Invasive PUF Analysis , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[14]  Matthijs C. Dorst Distinctive Image Features from Scale-Invariant Keypoints , 2011 .

[15]  Amir Moradi,et al.  Improved Side-Channel Analysis Attacks on Xilinx Bitstream Encryption of 5, 6, and 7 Series , 2016, COSADE.

[16]  Ujjwal Guin,et al.  Invasion of the hardware snatchers , 2017, IEEE Spectrum.

[17]  Jean-Pierre Seifert,et al.  PUFMon: Security monitoring of FPGAs using physically unclonable functions , 2017, 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS).