Paper 2018/717

Key Extraction using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs

Heiko Lohrke, Shahin Tajik, Thilo Krachenfels, Christian Boit, and Jean-Pierre Seifert

Abstract

Thermal laser stimulation (TLS) is a failure analysis technique, which can be deployed by an adversary to localize and read out stored secrets in the SRAM of a chip. To this date, a few proof-of-concept experiments based on TLS or similar approaches have been reported in the literature, which do not reflect a real attack scenario. Therefore, it is still questionable whether this attack technique is applicable to modern ICs equipped with side-channel countermeasures. The primary aim of this work is to assess the feasibility of launching a TLS attack against a device with robust security features. To this end, we select a modern FPGA, and more specifically, its key memory, the so-called battery-backed SRAM (BBRAM), as a target. We demonstrate that an attacker is able to extract the stored 256-bit AES key used for the decryption of the FPGA’s bitstream, by conducting just a single non-invasive measurement. Moreover, it becomes evident that conventional countermeasures are incapable of preventing our attack since the FPGA is turned off during key recovery. Based on our time measurements, the required effort to develop the attack is shown to be less than 7 hours. To avert this powerful attack, we propose a low-cost and CMOS compatible countermeasure circuit, which is capable of protecting the BBRAM from TLS attempts even when the FPGA is powered off. Using a proof-of-concept prototype of our countermeasure, we demonstrate its effectiveness against TLS key extraction attempts.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in TCHES 2018
Contact author(s)
stajik @ ufl edu
History
2018-08-01: received
Short URL
https://ia.cr/2018/717
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/717,
      author = {Heiko Lohrke and Shahin Tajik and Thilo Krachenfels and Christian Boit and Jean-Pierre Seifert},
      title = {Key Extraction using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs},
      howpublished = {Cryptology ePrint Archive, Paper 2018/717},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/717}},
      url = {https://eprint.iacr.org/2018/717}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.