Abstract
This work presents a novel low-cost optoelectronic setup for time- and spatially resolved analysis of photonic emissions and a corresponding methodology, Simple Photonic Emission Analysis (SPEA). Observing the backside of ICs, the system captures extremly weak photo-emissions from switching transistors and relates them to code running in the chip. SPEA utilizes both spatial and temporal information about these emissions to perform side channel analysis of ICs. We successfully performed SPEA of a proof-of-concept AES implementation and were able to recover the full AES secret key by monitoring accesses to the S-Box. This attack directly exploits the side channel leakage of a single transistor and requires no additional data processing. The system costs and the necessary time for an attack are comparable to power analysis techniques. The presented approach significantly reduces the amount of effort required to perform attacks based on photonic emission analysis and allows AES key recovery in a relevant amount of time. We present practical results for the AVR ATMega328P and the AVR XMega128A1.
Similar content being viewed by others
References
Photon-DA AES Implementation (2012). URL https://github.com/nedos/pda_aes
Bascoul, G., Perdu, P., Benigni, A., Dudit, S., Celi, G., Lewis, D.: Time Resolved Imaging: From logical states to events, a new and efficient pattern matching method for VLSI analysis. Microelect. Reliab 51(9–11), 1640–1645 (2011). doi:10.1016/j.microrel.2011.06.043
Bernstein, D.: Cache-timing attacks on AES (2004). URL http://cr.yp.to/papers.html#cachetiming
Chynoweth, A.G., McKay, K.G.: Photon emission from avalanche breakdown in silicon. Phys. Rev. 102, 369–376 (1956). doi:10.1103/PhysRev.102.369
Clavier, C., Coron, J.S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Koç, C. Paar, C. (eds.) Cryptographic hardware and embedded systems – CHES 2000, Lecture notes in computer science, vol. 1965, pp. 13–48. Springer Berlin / Heidelberg (2000). URL http://dx.doi.org/10.1007/3-540-44499-8-20
Daemen, J., Rijmen, V.: The design of Rijndael: AES - the Advanced Encryption Standard. Springer Berlin/Heidelberg (2002)
Di-Battista, J., Courrege, J.C., Rouzeyre, B., Torres, L., Perdu, P.: When Failure Analysis Meets Side-Channel Attacks. In: Mangard, S. Standaert F.X. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2010, Lecture Notes in Computer Science, vol. 6225, pp. 188–202. Springer Berlin/Heidelberg (2011). URL http://dx.doi.org/10.1007/978-3-642-15031-9-13
Egger, P., Grutzner, M., Burmer, C., Dudkiewicz, F.: Application of time resolved emission techniques within the failure analysis flow. Microelect. Reliab. 47(9—-11), 1545–1549 (2007). doi:10.1016/j.microrel.2007.07.067
Ferrigno, J., Hlaváč, M.: When AES blinks: introducing optical side channel. Infor. Secur. IET 2(3), 94–98 (2008). doi:10.1049/iet-ifs:20080038
Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: Security and Privacy, 2011 IEEE Symposium on, pp. 490–505 (2011). URL http://dx.doi.org/10.1109/SP.2011.22
Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: O. Dunkelman, (ed.) Topics in cryptology – CT-RSA 2012, Lecture notes in computer science, vol. 7178, pp. 231–244. Springer Berlin / Heidelberg (2012). URL http://dx.doi.org/10.1007/978-3-642-27954-6-15
Kash, J., Tsang, J.: Dynamic internal testing of CMOS circuits using hot luminescence. Elect. Dev. Lett. IEEE 18(7), 330–332 (1997). doi:10.1109/55.596927
Lanzoni, M., Manfredi, M., Selmi, L., Sangiorgi, E., Capelletti, R., Ricco, B.: Hot-electron-induced photon energies in n-channel MOSFETs operating at 77 and 300 K. Elect. Dev. Lett. IEEE 10(5), 173–176 (1989). doi:10.1109/55.31711
Nedospasov, D., Schlösser, A., Seifert, J., Orlic, S.: Functional integrated circuit analysis. In: Hardware-Oriented Security and Trust (HOST), 2012 IEEE International Symposium on (2012)
Newman, R.: Visible light from a silicon $p-n$ junction. Phys. Rev. 100, 700–703 (1955). doi:10.1103/PhysRev.100.70
Nohl, K., Evans, D., Starbug, S.: Reverse-engineering a cryptographic RFID tag. 17th USENIX security symposium, pp. 185–193 (2008). URL http://www.usenix.org/event/sec08/tech/fullpapers/nohlhtml/
Pavesi, M., Rigolli, P., Manfredi, M., Palestri, P., Selmi, L.: Spontaneous hot-carrier photon emission rates in silicon: Improved modeling and applications to metal oxide semiconductor devices. Phy. Rev. B 65(19), 1–8 (2002). doi:10.1103/PhysRevB.65.195209
Rabaey, J.M., Chandrakasan, A.: Digital Integrated Circuits, 2nd edn. A Design Prespective, Pearson Education (2003)
Rankl, W., Effing, W.: Smart Card Handbook, 4th edn. Wiley (2010)
Skorobogatov, S.: Using Optical Emission Analysis for Estimating Contribution to Power Analysis. In: Fault Diagnosis and Tolerance in Cryptography (FDTC), 2009 Workshop on, pp. 111–119 (2009). doi:10.1109/FDTC.2009.39
Song, P., Stellari, F., Huott, B., Wagner, O., Srinivasan, U., Chan, Y., Rizzolo, R., Nam, H., Eckhardt, J., McNamara, T., Tong, C.L., Weger, A., McManus, M.: An advanced optical diagnostic technique of IBM z990 eServer microprocessor, vol. 9, p. 1235 (2005). doi:10.1109/TEST.2005.1584091
Tam, S., Hsu, F., Ko, P., Hu, C., Muller, R.: Spatially resolved observation of visible-light emission from Si MOSFET’s. IEEE Elect. Dev. Lett. 4(10), 386–388 (1983). doi:10.1109/EDL.1983.25773
Toriumi, A., Yoshimi, M., Iwase, M., Akiyama, Y., Taniguchi, K.: A study of photon emission from n-channel MOSFET’s. IEEE Trans. Elect. Dev. 34(7), 1501–1508 (1987). doi:0.1109/T-ED.1987.23112
Tosi, A., Stellari, F., Pigozzi, A., Marchesi, G., Zappa, F., Heights, Y.: A Challenge for emission based testing and diagnostics. Reliab. phy. pp. 595–601 (2006). doi:10.1109/RELPHY.2006.251284
Tsang, J.C., Fischetti, M.V.: Why hot carrier emission based timing probes will work for 50 nm, 1V CMOS technologies. Microelect. Reliab. pp. 1465–1470 (2001). doi:10.1016/S0026-2714(01)00194-9
Tsang, J.C., Kash, J.A., Vallett, D.P.: Picosecond imaging circuit analysis. IBM J. Res. Develop. 44(4), 583–603 (2000). doi:10.1147/rd.444.0583
Villa, S., Lacaita, A., Pacelli, A.: Photon emission from hot electrons in silicon. Phy. Rev. B 52(15), 10,993–10,999 (1995). doi:10.1103/PhysRevB.52.10993
Weste, N.H.E., Harris, D.: CMOS VLSI Design: A Circuits and Systems Perspective, 4th edn. Addison Wesley (2010)
Acknowledgments
The authors acknowledge support by the German Federal Ministry of Education and Research in the project PhotonDA through Grant number 01IS10029A and the Helmholtz Research School on Security Technologies. Also, the authors would like to thank our project partners at NXP Semiconductors Germany for their insight and cooperation, the Semiconductor Devices research group at TU Berlin for sample preparation and our colleagues Enrico Dietz, Sven Frohmann, Collin Mulliner and Christoph Bayer for helpful discussions and feedback.
Author information
Authors and Affiliations
Corresponding author
Additional information
A. Schlösser and D. Nedospasov equally contributed.
Rights and permissions
About this article
Cite this article
Schlösser, A., Nedospasov, D., Krämer, J. et al. Simple photonic emission analysis of AES. J Cryptogr Eng 3, 3–15 (2013). https://doi.org/10.1007/s13389-013-0053-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-013-0053-7