When Failure Analysis Meets Side-Channel Attacks

The purpose of failure analysis is to locate the source of a defect in order to characterize it, using different techniques (laser stimulation, light emission, electromagnetic emission...). Moreover, the aim of vulnerability analysis, and particularly side-channel analysis, is to observe and collect various leakages information of an integrated circuit (power consumption, electromagnetic emission ...) in order to extract sensitive data. Although these two activities appear to be distincted, they have in common the observation and extraction of information about a circuit behavior. The purpose of this paper is to explain how and why these activities should be combined. Firstly it is shown that the leakage due to the light emitted during normal operation of a CMOS circuit can be used to set up an attack based on the DPA/DEMA technique. Then a second method based on laser stimulation is presented, improving the "traditional" attacks by injecting a photocurrent, which results in a punctual increase of the power consumption of a circuit. These techniques are demonstrated on an FPGA device.

[1]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[2]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[3]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[4]  William V. Huott,et al.  PICA: Backside failure analysis of CMOS circuits using Picosecond Imaging Circuit Analysis , 2000 .

[5]  R. Lackmann,et al.  Optical beam induced currents in MOS transistors , 1990 .

[6]  G. Soelkner,et al.  Optical beam testing and its potential for electronic device characterization , 1993 .

[7]  F. J. Low,et al.  Infrared light emission from semiconductor devices , 1996 .

[8]  Thomas Jensen,et al.  Smart Card Programming and Security , 2001, Lecture Notes in Computer Science.

[9]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[10]  Alexandre Yakovlev,et al.  Design and analysis of dual-rail circuits for security applications , 2005, IEEE Transactions on Computers.

[11]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[12]  Kevin Sanchez Développement et application de techniques d'analyse par stimulation dynamique laser pour la localisation de défauts et de diagnostic de circuits intégrés , 2007 .

[13]  K. Stevens,et al.  Locating IC defects in process monitors and test structures using optical beam induced current , 1990 .

[14]  Erik Knudsen,et al.  Ways to Enhance Differential Power Analysis , 2002, ICISC.

[15]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[16]  Julie Ferrigno,et al.  When AES blinks: introducing optical side channel , 2008, IET Inf. Secur..

[17]  Chae Hoon Lim,et al.  Information Security and Cryptology — ICISC 2002 , 2003, Lecture Notes in Computer Science.

[18]  Christian Boit,et al.  Quantitative emission microscopy , 1992 .

[19]  Sergei P. Skorobogatov Optically Enhanced Position-Locked Power Analysis , 2006, CHES.

[20]  Sergei P. Skorobogatov,et al.  Using Optical Emission Analysis for Estimating Contribution to Power Analysis , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[21]  Edward I. Cole,et al.  Flip-Chip and Backside Techniques , 1999, ISTFA 2021: Tutorial Presentations from the 47th International Symposium for Testing and Failure Analysis.

[22]  David P. Vallett,et al.  Picosecond imaging circuit analysis , 1998, IBM J. Res. Dev..