Cryptology ePrint Archive: Report 2016/593
No Place to Hide: Contactless Probing of Secret Data on FPGAs
Heiko Lohrke; Shahin Tajik; Christian Boit; Jean-Pierre Seifert
Abstract: Field Programmable Gate Arrays (FPGAs) have been the target of different physical attacks in recent years.
Many different countermeasures have already been integrated into these devices to mitigate the existing vulnerabilities. However, there has not been enough attention paid to semi-invasive attacks from the IC backside due to the following reasons. First, the conventional semi-invasive attacks from the IC backside --- such as laser fault injection and photonic emission analysis --- cannot be scaled down without further effort to the very latest nanoscale technologies of modern FPGAs and programmable SoCs. Second, the more advanced solutions for secure storage, such as controlled Physically Unclonable Functions (PUFs), make the conventional memory-readout techniques almost impossible. In this paper, however, novel approaches have been explored: Attacks based on Laser Voltage Probing (LVP) and its derivatives, as commonly used in Integrated Circuit (IC) debug for nanoscale low voltage technologies, are successfully launched against a $60$ nanometer technology FPGA. We discuss how these attacks can be used to break modern bitstream encryption implementations. Our attacks were carried out on a Proof-of-Concept PUF-based key generation implementation. To the best of our knowledge this is the first time that LVP is used to perform an attack on secure ICs.
Category / Keywords: FPGA Security, Semi-Invasive Attack, Laser Voltage Probing, Physically Unclonable Function
Original Publication (in the same form): IACR-CHES-2016
Date: received 6 Jun 2016
Contact author: heiko lohrke at campus tu-berlin de, stajik@sec t-labs tu-berlin de
Available format(s): PDF | BibTeX Citation
Version: 20160607:202224 (All versions of this report)
Short URL: ia.cr/2016/593
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]