Paper 2018/881

Remote Inter-Chip Power Analysis Side-Channel Attacks at Board-Level

Falk Schellenberg, Dennis R. E. Gnad, Amir Moradi, and Mehdi B. Tahoori

Abstract

The current practice in board-level integration is to incorporate chips and components from numerous vendors. A fully trusted supply chain for all used components and chipsets is an important, yet extremely difficult to achieve, prerequisite to validate a complete board-level system for safe and secure operation. An increasing risk is that most chips nowadays run software or firmware, typically updated throughout the system lifetime, making it practically impossible to validate the full system at every given point in the manufacturing, integration and operational life cycle. This risk is elevated in devices that run 3rd party firmware. In this paper we show that an FPGA used as a common accelerator in various boards can be reprogrammed by software to introduce a sensor, suitable as a remote power analysis side-channel attack vector at the board-level. We show successful power analysis attacks from one FPGA on the board to another chip implementing RSA and AES cryptographic modules. Since the sensor is only mapped through firmware, this threat is very hard to detect, because data can be exfiltrated without requiring inter-chip communication between victim and attacker. Our results also prove the potential vulnerability in which any untrusted chip on the board can launch such attacks on the remaining system.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. ICCAD 2018
Keywords
side-channel analysisFPGA
Contact author(s)
amir moradi @ rub de
History
2018-09-23: received
Short URL
https://ia.cr/2018/881
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/881,
      author = {Falk Schellenberg and Dennis R. E.  Gnad and Amir Moradi and Mehdi B.  Tahoori},
      title = {Remote Inter-Chip Power Analysis Side-Channel Attacks at Board-Level},
      howpublished = {Cryptology ePrint Archive, Paper 2018/881},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/881}},
      url = {https://eprint.iacr.org/2018/881}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.