Parametric Trojans for Fault-Injection Attacks on Cryptographic Hardware

We propose two extremely stealthy hardware Trojans that facilitate fault-injection attacks in cryptographic blocks. The Trojans are carefully inserted to modify the electrical characteristics of predetermined transistors in a circuit by altering parameters such as doping concentration and do pant area. These Trojans are activated with very low probability under the presence of a slightly reduced supply voltage (0.001 for 20% Vdd reduction). We demonstrate the effectiveness of the Trojans by utilizing them to inject faults into an ASIC implementation of the recently introduced lightweight cipher PRINCE. Full circuit-level simulation followed by differential cryptanalysis demonstrate that the secret key can be reconstructed after around 5 fault-injections.

[1]  Ilia Polian,et al.  Multi-Stage Fault Attacks on Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[2]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[3]  Lei Hu,et al.  Differential Fault Attack on the PRINCE Block Cipher , 2013, IACR Cryptol. ePrint Arch..

[4]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[5]  Ilia Polian,et al.  A Fault Attack on the LED Block Cipher , 2012, COSADE.

[6]  Anne Canteaut,et al.  PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications (Full version) , 2012, IACR Cryptol. ePrint Arch..

[7]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[8]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[9]  Ilia Polian Power Supply Noise: Causes, Effects, and Testing , 2010, J. Low Power Electron..

[10]  Gu-Yeon Wei,et al.  Enabling On-Chip Switching Regulators for Multi-Core Processors using Current Staggering , 2007 .

[11]  Christof Paar,et al.  Stealthy dopant-level hardware Trojans: extended version , 2013, Journal of Cryptographic Engineering.

[12]  Edward J. McCluskey,et al.  Very-low-voltage testing for weak CMOS logic ICs , 1993, Proceedings of IEEE International Test Conference - (ITC).

[13]  Nasour Bagheri,et al.  New differential fault analysis on PRESENT , 2013, EURASIP Journal on Advances in Signal Processing.

[14]  Sandeep K. Gupta,et al.  Trojan detection via delay measurements: A new approach to select paths and vectors to maximize effectiveness and minimize cost , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[15]  Christos A. Papachristou,et al.  Process reliability based trojans through NBTI and HCI effects , 2010, 2010 NASA/ESA Conference on Adaptive Hardware and Systems.