Enhancing reactive countermeasure against EM attacks with low overhead

This paper proposes a method for improving Electromagnetic (EM) attack sensor precision for countering a wider range of EM attacks on cryptographic modules. During an attack, an EM attack sensor determines the proximity of a probe to an LSI chip by detecting a change in the mutual inductance between the probe and the LSI chip from the shift in the oscillation frequency of the LC oscillator of the sensor. The subsequent would-be attack is thwarted by instantaneous detection of the proximity of the probe. We show that smaller oscillation frequency shifts can be detected by extending the time required for the detection process, and demonstrate that extending the time enables attacks to be detected even when they are coming from the back surface of the LSI chip, which was earlier difficult to achieve. We then examine the possibility of operating the crypto core and sensor simultaneously as a method for reducing the performance overheads of the proposed system. Through evaluation experiments, we show that the simultaneous operation of the crypto core and sensor has no significant effect on the precision of probe detection. Furthermore, we discuss an alternative method for improving the detection sensitivity by a time-to-digital converter without extending the detection process time.

[1]  Fa Foster Dai,et al.  A 12-bit vernier ring time-to-digital converter in 0.13μm CMOS technology , 2009, 2009 Symposium on VLSI Circuits.

[2]  David Naccache,et al.  3D Hardware Canaries , 2012, CHES.

[3]  Eric Peeters,et al.  Power and electromagnetic analysis: Improved model, consequences and comparisons , 2007, Integr..

[4]  Foster F. Dai,et al.  A 12-Bit Vernier Ring Time-to-Digital Converter in 0.13 $\mu{\hbox {m}}$ CMOS Technology , 2010, IEEE Journal of Solid-State Circuits.

[5]  Daisuke Suzuki,et al.  On Measurable Side-Channel Leaks Inside ASIC Design Primitives , 2013, CHES.

[6]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[7]  P. Dudek,et al.  A high-resolution CMOS time-to-digital converter utilizing a Vernier delay line , 2000, IEEE Journal of Solid-State Circuits.

[8]  David Naccache,et al.  Random Active Shield , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[9]  Nagata Makoto,et al.  Side-Channel Leakage on Silicon Substrate of CMOS Cryptographic Chip , 2014 .

[10]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[11]  Yu-ichi Hayashi,et al.  EM Attack Is Non-invasive? - Design Methodology and Validity Verification of EM Attack Sensor , 2014, CHES.

[12]  Toru Nakura,et al.  A calibration-free time difference accumulator using two pulses propagating on a single buffer ring , 2015, 2015 IEEE Asian Solid-State Circuits Conference (A-SSCC).