Journal of Cryptographic Engineering

, Volume 3, Issue 1, pp 3–15

Simple photonic emission analysis of AES

  • Alexander Schlösser
  • Dmitry Nedospasov
  • Juliane Krämer
  • Susanna Orlic
  • Jean-Pierre Seifert
CHES 2012

Abstract

This work presents a novel low-cost optoelectronic setup for time- and spatially resolved analysis of photonic emissions and a corresponding methodology, Simple Photonic Emission Analysis (SPEA). Observing the backside of ICs, the system captures extremly weak photo-emissions from switching transistors and relates them to code running in the chip. SPEA utilizes both spatial and temporal information about these emissions to perform side channel analysis of ICs. We successfully performed SPEA of a proof-of-concept AES implementation and were able to recover the full AES secret key by monitoring accesses to the S-Box. This attack directly exploits the side channel leakage of a single transistor and requires no additional data processing. The system costs and the necessary time for an attack are comparable to power analysis techniques. The presented approach significantly reduces the amount of effort required to perform attacks based on photonic emission analysis and allows AES key recovery in a relevant amount of time. We present practical results for the AVR ATMega328P and the AVR XMega128A1.

Keywords

Photonic side channel Side channel analysis Emission analysis Optical Temporal and spatial analysis AES Full key recovery 

References

  1. 1.
    Photon-DA AES Implementation (2012). URL https://github.com/nedos/pda_aes
  2. 2.
    Bascoul, G., Perdu, P., Benigni, A., Dudit, S., Celi, G., Lewis, D.: Time Resolved Imaging: From logical states to events, a new and efficient pattern matching method for VLSI analysis. Microelect. Reliab 51(9–11), 1640–1645 (2011). doi:10.1016/j.microrel.2011.06.043
  3. 3.
    Bernstein, D.: Cache-timing attacks on AES (2004). URL http://cr.yp.to/papers.html#cachetiming
  4. 4.
    Chynoweth, A.G., McKay, K.G.: Photon emission from avalanche breakdown in silicon. Phys. Rev. 102, 369–376 (1956). doi:10.1103/PhysRev.102.369 CrossRefGoogle Scholar
  5. 5.
    Clavier, C., Coron, J.S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Koç, C. Paar, C. (eds.) Cryptographic hardware and embedded systems – CHES 2000, Lecture notes in computer science, vol. 1965, pp. 13–48. Springer Berlin / Heidelberg (2000). URL http://dx.doi.org/10.1007/3-540-44499-8-20
  6. 6.
    Daemen, J., Rijmen, V.: The design of Rijndael: AES - the Advanced Encryption Standard. Springer Berlin/Heidelberg (2002)Google Scholar
  7. 7.
    Di-Battista, J., Courrege, J.C., Rouzeyre, B., Torres, L., Perdu, P.: When Failure Analysis Meets Side-Channel Attacks. In: Mangard, S. Standaert F.X. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2010, Lecture Notes in Computer Science, vol. 6225, pp. 188–202. Springer Berlin/Heidelberg (2011). URL http://dx.doi.org/10.1007/978-3-642-15031-9-13
  8. 8.
    Egger, P., Grutzner, M., Burmer, C., Dudkiewicz, F.: Application of time resolved emission techniques within the failure analysis flow. Microelect. Reliab. 47(9—-11), 1545–1549 (2007). doi:10.1016/j.microrel.2007.07.067 Google Scholar
  9. 9.
    Ferrigno, J., Hlaváč, M.: When AES blinks: introducing optical side channel. Infor. Secur. IET 2(3), 94–98 (2008). doi:10.1049/iet-ifs:20080038 CrossRefGoogle Scholar
  10. 10.
    Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: Security and Privacy, 2011 IEEE Symposium on, pp. 490–505 (2011). URL http://dx.doi.org/10.1109/SP.2011.22
  11. 11.
    Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: O. Dunkelman, (ed.) Topics in cryptology – CT-RSA 2012, Lecture notes in computer science, vol. 7178, pp. 231–244. Springer Berlin / Heidelberg (2012). URL http://dx.doi.org/10.1007/978-3-642-27954-6-15
  12. 12.
    Kash, J., Tsang, J.: Dynamic internal testing of CMOS circuits using hot luminescence. Elect. Dev. Lett. IEEE 18(7), 330–332 (1997). doi:10.1109/55.596927 CrossRefGoogle Scholar
  13. 13.
    Lanzoni, M., Manfredi, M., Selmi, L., Sangiorgi, E., Capelletti, R., Ricco, B.: Hot-electron-induced photon energies in n-channel MOSFETs operating at 77 and 300 K. Elect. Dev. Lett. IEEE 10(5), 173–176 (1989). doi:10.1109/55.31711 CrossRefGoogle Scholar
  14. 14.
    Nedospasov, D., Schlösser, A., Seifert, J., Orlic, S.: Functional integrated circuit analysis. In: Hardware-Oriented Security and Trust (HOST), 2012 IEEE International Symposium on (2012)Google Scholar
  15. 15.
    Newman, R.: Visible light from a silicon $p-n$ junction. Phys. Rev. 100, 700–703 (1955). doi:10.1103/PhysRev.100.70 CrossRefGoogle Scholar
  16. 16.
    Nohl, K., Evans, D., Starbug, S.: Reverse-engineering a cryptographic RFID tag. 17th USENIX security symposium, pp. 185–193 (2008). URL http://www.usenix.org/event/sec08/tech/fullpapers/nohlhtml/
  17. 17.
    Pavesi, M., Rigolli, P., Manfredi, M., Palestri, P., Selmi, L.: Spontaneous hot-carrier photon emission rates in silicon: Improved modeling and applications to metal oxide semiconductor devices. Phy. Rev. B 65(19), 1–8 (2002). doi:10.1103/PhysRevB.65.195209 CrossRefGoogle Scholar
  18. 18.
    Rabaey, J.M., Chandrakasan, A.: Digital Integrated Circuits, 2nd edn. A Design Prespective, Pearson Education (2003)Google Scholar
  19. 19.
    Rankl, W., Effing, W.: Smart Card Handbook, 4th edn. Wiley (2010)Google Scholar
  20. 20.
    Skorobogatov, S.: Using Optical Emission Analysis for Estimating Contribution to Power Analysis. In: Fault Diagnosis and Tolerance in Cryptography (FDTC), 2009 Workshop on, pp. 111–119 (2009). doi:10.1109/FDTC.2009.39
  21. 21.
    Song, P., Stellari, F., Huott, B., Wagner, O., Srinivasan, U., Chan, Y., Rizzolo, R., Nam, H., Eckhardt, J., McNamara, T., Tong, C.L., Weger, A., McManus, M.: An advanced optical diagnostic technique of IBM z990 eServer microprocessor, vol. 9, p. 1235 (2005). doi:10.1109/TEST.2005.1584091
  22. 22.
    Tam, S., Hsu, F., Ko, P., Hu, C., Muller, R.: Spatially resolved observation of visible-light emission from Si MOSFET’s. IEEE Elect. Dev. Lett. 4(10), 386–388 (1983). doi:10.1109/EDL.1983.25773 CrossRefGoogle Scholar
  23. 23.
    Toriumi, A., Yoshimi, M., Iwase, M., Akiyama, Y., Taniguchi, K.: A study of photon emission from n-channel MOSFET’s. IEEE Trans. Elect. Dev. 34(7), 1501–1508 (1987). doi:0.1109/T-ED.1987.23112 CrossRefGoogle Scholar
  24. 24.
    Tosi, A., Stellari, F., Pigozzi, A., Marchesi, G., Zappa, F., Heights, Y.: A Challenge for emission based testing and diagnostics. Reliab. phy. pp. 595–601 (2006). doi:10.1109/RELPHY.2006.251284
  25. 25.
    Tsang, J.C., Fischetti, M.V.: Why hot carrier emission based timing probes will work for 50 nm, 1V CMOS technologies. Microelect. Reliab. pp. 1465–1470 (2001). doi:10.1016/S0026-2714(01)00194-9
  26. 26.
    Tsang, J.C., Kash, J.A., Vallett, D.P.: Picosecond imaging circuit analysis. IBM J. Res. Develop. 44(4), 583–603 (2000). doi:10.1147/rd.444.0583 Google Scholar
  27. 27.
    Villa, S., Lacaita, A., Pacelli, A.: Photon emission from hot electrons in silicon. Phy. Rev. B 52(15), 10,993–10,999 (1995). doi:10.1103/PhysRevB.52.10993 CrossRefGoogle Scholar
  28. 28.
    Weste, N.H.E., Harris, D.: CMOS VLSI Design: A Circuits and Systems Perspective, 4th edn. Addison Wesley (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Alexander Schlösser
    • 1
  • Dmitry Nedospasov
    • 2
  • Juliane Krämer
    • 2
  • Susanna Orlic
    • 1
  • Jean-Pierre Seifert
    • 2
  1. 1.Optical Technologies, Institute of Optics and Atomic PhysicsTechnische Universität BerlinBerlinGermany
  2. 2.Department of Software Engineering and Theoretical Computer Science, Security in TelecommunicationsTechnische Universität BerlinBerlinGermany

Personalised recommendations