Cryptology ePrint Archive: Report 2018/717

Key Extraction using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs

Heiko Lohrke and Shahin Tajik and Thilo Krachenfels and Christian Boit and Jean-Pierre Seifert

Abstract: Thermal laser stimulation (TLS) is a failure analysis technique, which can be deployed by an adversary to localize and read out stored secrets in the SRAM of a chip. To this date, a few proof-of-concept experiments based on TLS or similar approaches have been reported in the literature, which do not reflect a real attack scenario. Therefore, it is still questionable whether this attack technique is applicable to modern ICs equipped with side-channel countermeasures. The primary aim of this work is to assess the feasibility of launching a TLS attack against a device with robust security features. To this end, we select a modern FPGA, and more specifically, its key memory, the so-called battery-backed SRAM (BBRAM), as a target. We demonstrate that an attacker is able to extract the stored 256-bit AES key used for the decryption of the FPGAs bitstream, by conducting just a single non-invasive measurement. Moreover, it becomes evident that conventional countermeasures are incapable of preventing our attack since the FPGA is turned off during key recovery. Based on our time measurements, the required effort to develop the attack is shown to be less than 7 hours. To avert this powerful attack, we propose a low-cost and CMOS compatible countermeasure circuit, which is capable of protecting the BBRAM from TLS attempts even when the FPGA is powered off. Using a proof-of-concept prototype of our countermeasure, we demonstrate its effectiveness against TLS key extraction attempts.

Category / Keywords: implementation /

Original Publication (in the same form): IACR-CHES-2018

Date: received 1 Aug 2018

Contact author: stajik at ufl edu

Available format(s): PDF | BibTeX Citation

Version: 20180801:195203 (All versions of this report)

Short URL: ia.cr/2018/717


[ Cryptology ePrint archive ]