论文信息 - On a new way to read data from memory

On a new way to read data from memory

This paper explains a new family of techniques to extract data from semiconductor memory, without using the read-out circuitry provided for the purpose. What these techniques have in common is the use of semi-invasive probing methods to induce measurable changes in the analogue characteristics of the memory cells of interest. The basic idea is that when a memory cell, or read-out amplifier, is scanned appropriately with a laser, the resulting increase in leakage current depends on its state; the same happens when we induce an eddy current in a cell. These perturbations can be carried out at a level that does not modify the stored value, but still enables it to be read out. Our techniques build on it number of recent advances in semi-invasive attack techniques, low temperature data remanence, electromagnetic analysis and eddy current induction. They can be used against a wide range of memory structures, from registers through RAM to FLASH. We have demonstrated their practicality by reading out DES keys stored in RAM without using the normal read-out circuits. This suggests that vendors of products such as smartcards and secure microcontrollers should review their memory encryption, access control and other storage security issues with care.

[1] Dakshi Agrawal,et al. The EM Side-Channel(s) , 2002, CHES.

[2] P. Kocher,et al. Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[3] M. Kuhn,et al. The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[4] Paul C. Kocher,et al. Differential Power Analysis , 1999, CRYPTO.

[5] George S. Taylor,et al. Balanced self-checking asynchronous logic for smart card applications , 2003, Microprocess. Microsystems.

[6] Peter Gutmann,et al. Data Remanence in Semiconductor Devices , 2001, USENIX Security Symposium.

[7] George S. Taylor,et al. Improving smart card security using self-timed circuits , 2002, Proceedings Eighth International Symposium on Asynchronous Circuits and Systems.

[8] Ross J. Anderson,et al. Optical Fault Induction Attacks , 2002, CHES.

[9] Markus G. Kuhn,et al. Tamper resistance: a cautionary note , 1996 .

[10] Sergei Skorobogatov. Low temperature data remanence in static RAM , 2002 .

[11] Michael Wiener,et al. Advances in Cryptology — CRYPTO’ 99 , 1999 .