The Temperature Side Channel and Heating Fault Attacks

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8419)

Abstract

In this paper, we present practical results of data leakages of CMOS devices via the temperature side channel—a side channel that has been widely cited in literature but not well characterized yet. We investigate the leakage of processed data by passively measuring the dissipated heat of the devices. The temperature leakage is thereby linearly correlated with the power leakage model but is limited by the physical properties of thermal conductivity and capacitance. We further present heating faults by operating the devices beyond their specified temperature ratings. The efficiency of this kind of attack is shown by a practical attack on an RSA implementation. Finally, we introduce data remanence attacks on AVR microcontrollers that exploit the Negative Bias Temperature Instability (NBTI) property of internal SRAM cells. We show how to recover parts of the internal memory and present first results on an ATmega162. The work encourages the awareness of temperature-based attacks that are known for years now but not well described in literature. It also serves as a starting point for further research investigations.

Keywords

Temperature Side channels Fault injection Negative Bias Temperature Instability AVR Smart cards 

Notes

Acknowledgements

The work has been supported by the European Commission through the ICT program under contract ICT-SEC-2009-5-258754 (Tamper Resistant Sensor Node - TAMPRES), by the Austrian Science Fund (FWF) under the grant number TRP251-N23 (Realizing a Secure Internet of Things - ReSIT), and the European Cooperation in Science and Technology (COST) Action IC1204 (Trustworthy Manufacturing and Utilization of Secure Devices - TRUDEVICE).

References

  1. 1.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Kaliski Jr, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  2. 2.
    Altet, J., Rubio, A., Schaub, E., Dilhaire, S., Claeys, W.: Thermal coupling in integrated circuits: application to thermal testing. IEEE J. Solid-State Circ. 36(1), 81–91 (2001)CrossRefGoogle Scholar
  3. 3.
    Anderson, R.J., Kuhn, M.G.: Low cost attacks on tamper resistant devices. In: Christianson, B., Lomas, M., Crispo, B., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998) CrossRefGoogle Scholar
  4. 4.
    Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, pp. 3–11 (2004)Google Scholar
  5. 5.
    Atmel Corporation.: ATmega 162/v Datasheet (2003)Google Scholar
  6. 6.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s apprentice guide to fault attacks. Cryptology ePrint Archive. Report 2004/100 (2004). http://eprint.iacr.org/
  7. 7.
    Barenghi, A., Bertoni, G., Parrinello, E., Pelosi, G.: Low voltage fault attacks on the RSA cryptosystem. In: Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC 2009, pp. 23–31, Lausanne, Switzerland, 2009. Proceedings (2009)Google Scholar
  8. 8.
    Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  10. 10.
    Brouchier, J., Dabbous, N., Kean, T., Marsh, C., Naccache, D.: Thermocommunication. ePrint (2009)Google Scholar
  11. 11.
    Brouchier, J., Kean, T., Marsh, C., Naccache, D.: Temperature attacks. IEEE Secur. Priv. 7(2), 79–82 (2009)CrossRefGoogle Scholar
  12. 12.
    Cakir, C., Bhargava, M., Mai, K.: 6 T SRAM and 3 T DRAM data retention and remanence characterization in 65 nm bulk CMOS. In: Custom Integrated Circuits Conference - CICC 2012, pp. 1–4, San Jose, USA, 9–12 Sept 2012Google Scholar
  13. 13.
    Carluccio, D., Lemke, K., Paar, C.: Electromagnetic side channel analysis of a contactless smart card: first results. In: Oswald, E. (ed.) Workshop on RFID and Lightweight Crypto (RFIDSec05), pp. 44–51, Graz, Austria, 13–15 July 2005Google Scholar
  14. 14.
    Ershov, M., Saxena, S., Karbasi, H., Winters, S., Minehane, S., Babcock, J., Lindley, R., Clifton, P., Redford, M., Shibkov, A.: Dynamic recovery of negative bias temperature instability in p-type metal-oxide-semiconductor field-effect transistors. Appl. Phys. Lett. 83(8), 1647–1649 (2003)CrossRefGoogle Scholar
  15. 15.
    Ferrigno, J., Hlavá\({\hat{\text{ c }}}\), M.: When AES blinks: introducing optical side channel. IET Inf. Secur. 2(3), 94–98 (2008)Google Scholar
  16. 16.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  17. 17.
    Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. ePrint, Dec 2013Google Scholar
  18. 18.
    Giogetti, J., Scotti, G., Simonetti, A., Trifiletti, A.: Analysis of data dependence of leakage current in CMOS cryptographic hardware. In: Proceedings of the 17th ACM Great Lakes Symposium on VLSI, pp. 78–83, Stresa-Lago Maggiore, Italy. ACM, 11–13 Mar 2007Google Scholar
  19. 19.
    Govindavajhala, S., Appel, A.W.: Using memory errors to attack a virtual machine. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, pp. 154–165 (2003)Google Scholar
  20. 20.
    Gutmann, P.: Data remanence in semiconductor devices. In : USENIX 2001 - Proceedings of the 10th Conference on USENIX Security Symposium, Washington, DC, USA, Berkeley, CA, USA, 2001. USENIX Association, 13–17 Aug 2001Google Scholar
  21. 21.
    Halderman, J., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryption keys. In: 17th USENIX Security Symposium, pp. 45–60, San Jose, CA, July 2008Google Scholar
  22. 22.
    Hutter, M., Schmidt, J.-M., Plos, T.: RFID and its vulnerability to faults. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 363–379. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  23. 23.
    Karaklajíc, D., Schmidt, J.-M., Verbauwhede, I.: Hardware designers guide to fault attacks. In: IEEE Transactions on Very Large Scale Integration (VLSI) Systems, pp. 1–12 (2012)Google Scholar
  24. 24.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996) Google Scholar
  25. 25.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  26. 26.
    Lin, L., Burleson, W.: Leakage-based differential power analysis (LDPA) on sub-90 nm CMOS cryptosystems. In: ISCAS 2008 - IEEE International Symposium on Circuits and Systems, pp. 252–255, Seattle, USA, 18–21 May 2008Google Scholar
  27. 27.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. Series on Discrete Mathematics and Its Applications. CRC Press, Boca Raton (1997). ISBN 0-8493-8523-7. http://www.cacr.math.uwaterloo.ca/hac/
  28. 28.
    Moradi, A.: Side-channel leakage through static power - should we care about in practice? ePrint, Jan 2014Google Scholar
  29. 29.
    Müller, T., Spreitzenbarth, M.: FROST. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 373–388. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  30. 30.
    Otto, M.: Fault attacks and countermeasures. Ph.D. thesis, Universität Paderborn (2005)Google Scholar
  31. 31.
    Quisquater, J.-J., Samyde, D.: A new tool for non-intrusive analysis of smart cards based on electro-magnetic emissions, the SEMA and DEMA methods. Presented at the rump session of EUROCRYPT 2000 (2000)Google Scholar
  32. 32.
    Quisquater, J.-J., Samyde, D.: Eddy current for magnetic analysis with active sensor. In: Proceedings of the 3rd International Conference on Research in SmartCards (E-Smart’02), pp. 185–194, Nice, France. UCL, Sept 2002Google Scholar
  33. 33.
    SageMath.: Sage: open source mathematics software system (2013). http://sagemath.org
  34. 34.
    Samyde, D., Skorobogatov, S.P., Anderson, R.J., Quisquater, J.-J.: On a new way to read data from memory. In: IEEE Security in Storage Workshop (SISW02), pp. 65–69. IEEE Computer Society (2002)Google Scholar
  35. 35.
    Schlösser, A., Nedospasov, D., Krämer, J., Orlic, S., Seifert, J.-P.: Simple photonic emission analysis of AES. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 41–57. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  36. 36.
    Schmidt, J.-M., Hutter, M.: Optical and EM fault-attacks on CRT-based RSA: concrete results. In: Posch, K.C., Wolkerstorfer, J. (eds.) Proceedings of Austrochip 2007, pp. 61–67, Graz, Austria. Verlag der Technischen Universität Graz, 11 Oct 2007. ISBN 978-3-902465-87-0Google Scholar
  37. 37.
    Schroder, D.K.: Negative bias temperature instability: what do we understand? J. Microelectr. Reliab. 47(6), 841–852 (2006)CrossRefGoogle Scholar
  38. 38.
    Skorobogatov, S.: Using optical emission analysis for estimating contribution to power consumption. In: Fault Diagnosis and Tolerance in Cryptography (FDTC) (2009)Google Scholar
  39. 39.
    Shamir, A., Tromer, E.: Acoustic cryptanalysis - on nosy people and noisy machines. http://www.wisdom.weizmann.ac.il/~tromer/acoustic/. Preliminary proof-of-concept presentation
  40. 40.
    Skorobogatov, S.: Low temperature data remanence in static RAM. Technical report, University of Cambridge Computer Laboratory, June 2002Google Scholar
  41. 41.
    Skorobogatov, S.P.: Semi-invasive attacks - a new approach to hardware security analysis. Ph.D. thesis, University of Cambridge - Computer Laboratory (2005). http://www.cl.cam.ac.uk/TechReports/
  42. 42.
    Vijaykumar, A.: DPA resistance of cryptographic circuits considering temperature and process variations. Master’s thesis, University of Cincinnati, Engineering and Applied Science: Computer Engineering, July 2012Google Scholar
  43. 43.
    Zhuang, L., Zhou, F., Tyga, J.D.: Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. 13(1), 373–382 (2009)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria
  2. 2.Secunet Security Networks AGEschbornGermany

Personalised recommendations