Abstract
This paper introduces a refinement of the power-analysis attack on integrated circuits. By using a laser to illuminate a specific area on the chip surface, the current through an individual transistor can be made visible in the circuit’s power trace. The photovoltaic effect converts light into a current that flows through a closed transistor. This way, the contribution of a single transistor to the overall supply current can be modulated by light. Compared to normal power-analysis attacks, the semi-invasive position-locking technique presented here gives attackers not only access to Hamming weights, but to individual bits of processed data. This technique is demonstrated on the SRAM array of a PIC16F84 microcontroller and reveals both which memory locations are being accessed, as well as their contents.
Keywords
- side-channel attacks
- power analysis
- semi-invasive attacks
- optical probing
Chapter PDF
References
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T., Dabbish, E., Sloan, R.: Investigations of Power Analysis Attacks on Smartcards. In: USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10–11 (1999)
Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Moore, S., Anderson, R., Mullins, R., Taylor, G., Fournier, J.: Balanced Self-Checking Asynchronous Logic for Smart Card Applications. Microprocessors and Microsystems Journal 27(9), 421–430 (2003)
Popp, T., Mangard, S.: Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)
Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smard Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)
Skorobogatov, S., Anderson, R.: Optical Fault Induction Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)
Habing, D.H.: Use of Laser to Simulate Radiation-induced Transients in Semiconductors and Circuits. IEEE Transactions on Nuclear Science 12(6), 91–100 (1965)
Ajluni, C.: Two New Imaging Techniques Promise to Improve IC Defect Identification. Electronic Design 43(14), 37–38 (1995)
Heinrich, H.K., Pakdaman, N., Prince, J.L., Jordy, G., Belaidi, M., Franch, R., Edelstein, D.C.: Optical Detection of Multibit Logic Signals at Internal Nodes in a Flip-chip Mounted Silicon Static Random-Access Memory Integrated Circuit. Journal of Vacuum Science and Technology, Microelectronics and Nanometer Structures 10(6), 3109–3111 (1992)
Wagner, L.C.: Failure Analysis of Integrated Circuits: Tools and Techniques. Kluwer Academic Publishers, Dordrecht (1999)
Aigner, M., Oswald, E.: Power Analysis Tutorial, http://www.iaik.tugraz.at/aboutus/people/oswald/papers/dpa_tutorial.pdf
Kömmerling, O., Kuhn, M.G.: Design Principles for Tamper-Resistant Smartcard Processors. In: USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10–11 (1999)
Samyde, D., Skorobogatov, S., Anderson, R., Quisquater, J.-J.: On a New Way to Read Data from Memory. In: SISW 2002 First International IEEE Security in Storage Workshop, Greenbelt Marriott, Maryland, USA (December 11, 2002)
Belyakov, V.V., Chumakov, A.I., Nikiforov, A.Y., Pershenkov, V.S., Skorobogatov, P.K., Sogoyan, A.V.: Prediction of Local and Global Ionization Effects on ICs: The Synergy between Numerical and Physical Simulation. Russian Microelectronics 32(2), 105–118 (2003)
Microchip PIC16F8X 18-pin Flash/EEPROM 8-Bit Microcontrollers, http://ww1.microchip.com/downloads/en/DeviceDoc/30430c.pdf
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: Workshop on Fault Detection and Tolerance in Cryptography, Florence, Italy (June 30, 2004)
Semiconductors Research Ltd: Special equipment for semi-invasive hardware security analysis of semiconductors, http://www.semiresearch.com/inc/equipment_for_sale.html
Mayer-Sommer, R.: Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smart Cards. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 78–92. Springer, Heidelberg (2000)
Skorobogatov, S.: Semi-invasive attacks – A new approach to hardware security analysis. Technical Report UCAM-CL-TR-630, University of Cambridge, Computer Laboratory (April 2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Skorobogatov, S. (2006). Optically Enhanced Position-Locked Power Analysis. In: Goubin, L., Matsui, M. (eds) Cryptographic Hardware and Embedded Systems - CHES 2006. CHES 2006. Lecture Notes in Computer Science, vol 4249. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11894063_6
Download citation
DOI: https://doi.org/10.1007/11894063_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46559-1
Online ISBN: 978-3-540-46561-4
eBook Packages: Computer ScienceComputer Science (R0)