Hardware Trojans for Inducing or Amplifying Side-Channel Leakage of Cryptographic Software
Malicious alterations of integrated circuits (ICs), introduced during either the design or fabrication process, are increasingly perceived as a serious concern by the global semiconductor industry. Such rogue alterations often take the form of a “hardware Trojan,” which may be activated from remote after the compromised chip or system has been deployed in the field. The devious actions of hardware Trojans can range from the disabling of all or part of the chip (i.e. “kill switch”), over the activation of a backdoor that allows an adversary to gain access to the system, to the covert transmission of sensitive information (e.g. cryptographic keys) off-chip. In the recent past, hardware Trojans which induce side-channel leakage to convey secret keys have received considerable attention. With the present paper we aim to broaden the scope of Trojan side-channels from dedicated cryptographic hardware to general-purpose processors on which cryptographic software is executed. In particular, we describe a number of simple micro-architectural modifications to induce or amplify information leakage via faulty computations or variations in the latency and power consumption of certain instructions. We also propose software-based mechanisms for Trojan activation and present two case studies to exemplify the induced side-channel leakage for software implementations of RSA and AES. Finally, we discuss a constructive use of micro-architectural Trojans for digital watermarking so as to facilitate the detection of illegally manufactured copies of processors.
Unable to display preview. Download preview PDF.
- 4.Bernstein, D.J.: Cache-timing attacks on AES (2005) (preprint), http://cr.yp.to/papers.html#cachetiming
- 9.Choukri, H., Tunstall, M.: Round reduction using faults. In: Proceedings of the 2nd Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2005), pp. 13–24 (2005)Google Scholar
- 10.Defense Science Board Task Force. High performance microchip supply. Technical report, Defense Science Board (DSB), Washington, DC, USA (February 2005), http://www.acq.osd.mil/dsb/reports/ADA435563.pdf
- 12.Gladman, B.R.: A specification for Rijndael, the AES algorithm. Algorithm specification (2007), http://gladman.plushost.co.uk/oldsite/cryptography_technology/rijndael/aes.spec.v316.pdf
- 16.King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. In: Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2008), pp. 1–8. USENIX Association (2008)Google Scholar
- 17.Lin, L., Burleson, W.P., Paar, C.: MOLES: Malicious off-chip leakage enabled by side-channels. In: Proceedings of the 27th IEEE/ACM International Conference on Computer-Aided Design (ICCAD 2009), pp. 117–122. ACM Press, New York (2009)Google Scholar
- 26.Trusted Computing Group. TCG Specification Architecture Overview (Revision 1.2) (2004), https://www.trustedcomputinggroup.org/groups/TCG_1_0_Architecture_Overview.pdf
- 27.Tunstall, M., Mukhopadhyay, D.: Differential fault analysis of the Advanced Encryption Standard using a single fault. Cryptology ePrint Archive, Report 2009/575 (2009), http://www.eprint.iacr.org
- 29.Wolff, F.G., Papachristou, C.A., Bhunia, S.K., Chakraborty, R.S.: Towards Trojan-free trusted ICs: Problem analysis and detection scheme. In: Proceedings of the 11th Conference on Design, Automation and Test in Europe (DATE 2008), pp. 1362–1365. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
- 30.Young, A., Yung, M.: The dark side of “Black-box” cryptography, or: Should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)Google Scholar