Scan attacks on side-channel and fault attack resistant public-key implementations

Cryptographic devices are the targets of side-channel attacks, which exploit physical characteristics (e.g. power consumption) to compromise the system’s security. Several side-channel attacks and countermeasures have been proposed in the literature in the past decade. However, countermeasures are usually designed to resist attacks for a single side-channel. Few papers study the effects of a particular countermeasure on a specific side-channel attack on another attack which was not the target of the countermeasure. In this paper, we present scan-based side-channel attacks on public-key cryptographic hardware implementations in the presence countermeasures for power analysis and fault attacks. These aspects were not considered in any of the previous work on scan attacks. We have also considered the effect of Design for Test structures such as test compression and X-masking in our work to illustrate the effectiveness of our proposed scan-attack on practical implementations. Experimental results showing the requirement of the number of messages/points and retrieval time are presented to evaluate the complexity of the attacks. Results show that algorithmic countermeasures for Simple Power Analysis and Fault attack are not immune against our differential scan-attacks, whereas the algorithmic countermeasures against Differential Power Analysis are secure against such scan-attacks.

[1]  Giorgio Di Natale,et al.  New security threats against chips containing scan chain structures , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[2]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004 .

[3]  Frederik Vercauteren,et al.  To Infinity and Beyond: Combined Attack on ECC Using Points of Low Order , 2011, CHES.

[4]  Nozomu Togawa,et al.  Scan-Based Side-Channel Attack against RSA Cryptosystems Using Scan Signatures , 2010, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[5]  Giorgio Di Natale,et al.  A scan-based attack on Elliptic Curve Cryptosystems in presence of industrial Design-for-Testability structures , 2012, 2012 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT).

[6]  Mark Mohammad Tehranipoor,et al.  A low-cost solution for protecting IPs against scan-based side-channel attacks , 2006, 24th IEEE VLSI Test Symposium.

[7]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[8]  Marc Joye,et al.  Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.

[9]  Franc Novak,et al.  Security Extension for IEEE Std 1149.1 , 2006, J. Electron. Test..

[10]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[11]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[12]  Giorgio Di Natale,et al.  A New Scan Attack on RSA in Presence of Industrial Countermeasures , 2012, COSADE.

[13]  Ramesh Karri,et al.  Attacks and Defenses for JTAG , 2010, IEEE Design & Test of Computers.

[14]  Ramesh Karri,et al.  Secure scan: a design-for-test architecture for crypto chips , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[15]  Roy Paily,et al.  RFID Circuit Design with Optimized CMOS Inductor for Monitoring Biomedical Signals , 2007, 15th International Conference on Advanced Computing and Communications (ADCOM 2007).

[16]  Peter Wohl,et al.  Scalable selector architecture for X-tolerant deterministic BIST , 2004, Proceedings. 41st Design Automation Conference, 2004..

[17]  G. Sengar,et al.  An Efficient Approach to Develop Secure Scan Tree for Crypto-Hardware , 2007, 15th International Conference on Advanced Computing and Communications (ADCOM 2007).

[18]  Marc Joye,et al.  Binary Huff Curves , 2011, CT-RSA.

[19]  A New Scan Attack on Elliptic Curve Cryptosystems in presence of Industrial Design for Testability Structures , 2012 .

[20]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[21]  Ahmad-Reza Sadeghi,et al.  PUF-based secure test wrapper design for cryptographic SoC testing , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[22]  Ingrid Biehl,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems ( Extended Abstract ) , 2000 .

[23]  Yu Liu,et al.  Scan-based attacks on linear feedback shift register based stream ciphers , 2011, TODE.

[24]  Yu Huang,et al.  Effects of Embedded Decompression and Compaction Architectures on Side-Channel Attack Resistance , 2007, 25th IEEE VLSI Test Symposium (VTS'07).

[25]  Bruno Rouzeyre,et al.  Secure scan techniques: a comparison , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[26]  Giorgio Di Natale,et al.  Are advanced DfT structures sufficient for preventing scan-attacks? , 2012, 2012 IEEE 30th VLSI Test Symposium (VTS).

[27]  Giorgio Di Natale,et al.  Self-Test Techniques for Crypto-Devices , 2010, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[28]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[29]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[30]  Nozomu Togawa,et al.  Scan-based attack against elliptic curve cryptosystems , 2010, 2010 15th Asia and South Pacific Design Automation Conference (ASP-DAC).

[31]  Marc Joye,et al.  (Virtually) Free Randomization Techniques for Elliptic Curve Cryptography , 2003, ICICS.

[32]  Ingrid Verbauwhede,et al.  An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost , 2012, Cryptography and Security.

[33]  Hideo Fujiwara,et al.  Secure and testable scan design using extended de Bruijn graphs , 2010, 2010 15th Asia and South Pacific Design Automation Conference (ASP-DAC).

[34]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.