Cryptology ePrint Archive: Report 2020/369

The Risk of Outsourcing: Hidden SCA Trojans in Third-Party IP-Cores Threaten Cryptographic ICs

David Knichel and Thorben Moos and Amir Moradi

Abstract: Side-channel analysis (SCA) attacks – especially power analysis – are powerful ways to extract the secrets stored in and processed by cryptographic devices. In recent years, researchers have shown interest in utilizing on-chip measurement facilities to perform such SCA attacks remotely. It was shown that simple voltage-monitoring sensors can be constructed from digital elements and put on multi-tenant FPGAs to perform remote attacks on neighbouring cryptographic co-processors. A similar threat is the unsuspecting integration of third-party IPCores into an IC design. Even if the function of an acquired IP-Core is not security critical by itself, it may contain an onchip sensor as a Trojan that can eavesdrop on cryptographic operations across the whole device. In contrast to all FPGAbased investigations reported in the literature so far, we examine the efficiency of such on-chip sensors as a source of information leakage in an ASIC-based case study for the first time. To this end, in addition to a cryptographic core (lightweight block cipher PRESENT) we designed and implemented a voltage-monitoring sensor on an ASIC fabricated by a 40nm commercial standard cell library. Despite the physical distance between the sensor and the PRESENT core, we show the possibility of fully recovering the secret key of the PRESENT core by processing the sensor’s output. Our results imply that the hidden insertion of such a sensor – for example by a malicious third party IP-Core vendor – can endanger the security of embedded systems which deal with sensitive information, even if the device cannot be physically accessed by the adversary.

Category / Keywords: implementation / hardware Trojan, ASIC, side-channel analysis, time-to-digital converter

Original Publication (in the same form): IEEE European Test Symposium (ETS 2020)

Date: received 30 Mar 2020, last revised 6 Apr 2020

Contact author: david knichel at rub de, thorben moos@rub de, amir moradi@rub de

Available format(s): PDF | BibTeX Citation

Version: 20200406:085905 (All versions of this report)

Short URL: ia.cr/2020/369


[ Cryptology ePrint archive ]