Scan-based side channel attack on stream ciphers and its prevention

Scan chains, a design for testability feature, are included in most modern-day ICs. But, it opens a side channel for attacking cryptographic chips. We propose a methodology by which we can recover internal states of any stream cipher using scan chains. We consider conventional scan chain design which is normally not scrambled or protected in any other way. In this scenario, the challenge of the adversary is to obtain the correspondence of output of the scan chain and the internal state registers of the stream cipher. We present a mathematical model of the attack and the correspondence between the scan chain-outputs and the internal state bits have been proved under this model. We propose an algorithm that through offline and online simulation forms bijection between the above-mentioned sets and thus finds the required correspondence. We also give an estimate of the number of offline simulations necessary for finding the correspondence. The proposed strategy is successfully applied to eStream hardware based winners MICKEY-128 2.0, Trivium and Grain-128.

[1]  Vincent Rijmen,et al.  The eSTREAM Portfolio , 2008 .

[2]  Michel Renovell,et al.  Scan Design and Secure Chip , 2004, IOLTS.

[3]  Debdeep Mukhopadhyay,et al.  CAvium - Strengthening Trivium Stream Cipher Using Cellular Automata , 2012, J. Cell. Autom..

[4]  Debdeep Mukhopadhyay,et al.  Secured Flipped Scan-Chain Model for Crypto-Architecture , 2007, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[5]  Yu Liu,et al.  Scan-based attacks on linear feedback shift register based stream ciphers , 2011, TODE.

[6]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[7]  Pieter C. van den Toorn,et al.  A brief survey , 2012 .

[8]  S. Wolfram Random sequence generation by cellular automata , 1986 .

[9]  Kenneth G. Paterson,et al.  Comments on "Theory and Applications of Cellular Automata in Cryptography" , 1997, IEEE Trans. Computers.

[10]  Naehyuck Chang,et al.  Guest Editorial: Current Trends in Low-Power Design , 2010, TODE.

[11]  Debdeep Mukhopadhyay,et al.  d-Monomial Tests of Nonlinear Cellular Automata for Cryptographic Design , 2010, ACRI.

[12]  Giorgio Di Natale,et al.  A novel differential scan attack on advanced DFT structures , 2013, ACM Trans. Design Autom. Electr. Syst..

[13]  Roberto Frias,et al.  A brief survey , 2011 .

[14]  B. Preneel,et al.  Trivium Specifications ? , 2022 .

[15]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004 .

[16]  Qinru Qiu,et al.  Introduction to the special section on adaptive power management for energy and temperature-aware computing systems , 2013, TODE.

[17]  Bruno Rouzeyre,et al.  Secure scan techniques: a comparison , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[18]  Aline Gouget,et al.  Fault analysis of GRAIN-128 , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[19]  Bruno Rouzeyre,et al.  A secure Scan Design Methodology , 2006, Proceedings of the Design Automation & Test in Europe Conference.

[20]  Debdeep Mukhopadhyay,et al.  Scan Based Side Channel Attacks on Stream Ciphers and Their Counter-Measures , 2008, INDOCRYPT.

[21]  Mark Mohammad Tehranipoor,et al.  Securing Scan Design Using Lock and Key Technique , 2005, 20th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT'05).

[22]  Debdeep Mukhopadhyay,et al.  CryptoScan: A Secured Scan Chain Architecture , 2005, 14th Asian Test Symposium (ATS'05).

[23]  Ramesh Karri,et al.  Secure scan: a design-for-test architecture for crypto chips , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[24]  Bruno Rouzeyre,et al.  Test control for secure scan designs , 2005, European Test Symposium (ETS'05).

[25]  Alex Orailoglu,et al.  Circularscan: a scan architecture for test cost reduction , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.