Advertisement

When Failure Analysis Meets Side-Channel Attacks

  • Jerome Di-Battista
  • Jean-Christophe Courrege
  • Bruno Rouzeyre
  • Lionel Torres
  • Philippe Perdu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6225)

Abstract

The purpose of failure analysis is to locate the source of a defect in order to characterize it, using different techniques (laser stimulation, light emission, electromagnetic emission...). Moreover, the aim of vulnerability analysis, and particularly side-channel analysis, is to observe and collect various leakages information of an integrated circuit (power consumption, electromagnetic emission ...) in order to extract sensitive data. Although these two activities appear to be distincted, they have in common the observation and extraction of information about a circuit behavior. The purpose of this paper is to explain how and why these activities should be combined. Firstly it is shown that the leakage due to the light emitted during normal operation of a CMOS circuit can be used to set up an attack based on the DPA/DEMA technique. Then a second method based on laser stimulation is presented, improving the “traditional” attacks by injecting a photocurrent, which results in a punctual increase of the power consumption of a circuit. These techniques are demonstrated on an FPGA device.

Keywords

Side-channel Failure analysis Light emission Laser stimulation FPGA 

References

  1. 1.
    Perdu, P.: Contribution a l’Etude et au Developpement de Techniques de Localisation de Defauts dans les Circuits Intgrs VLSI, Ph.D. diss., Bordeaux University (2001)Google Scholar
  2. 2.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Barton, D.L., Tangyunyong, P., Soden, J.M., Liang, A.Y., Low, F.J., Zaplatin, A.N., Shivanandan, K., Donohoe, G.: Infrared Light Emission from Semiconductor Devices. In: 22th International Symposium for Testing and Failure Analysis, pp. 9–17 (1996)Google Scholar
  5. 5.
    Ferrigno, J., Hlavac, M.: When AES Blinks: Introducing Optical side-channel. IET Information Security 2(3), 94–98 (2008)CrossRefGoogle Scholar
  6. 6.
    Skorobogatov, S.: Using Optical Emission Analysis for Estimating Contribution to Power Analysis. In: 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 111–119. IEEE-CS Press, Los Alamitos (2009)CrossRefGoogle Scholar
  7. 7.
    Di-Battista, J., Perdu, P., Courrege, J.C., Rouzeyre, B., Torres, L., Lionel: Light emission analysis on FPGA: a new side channel possibility. In: 7th Workshop on Cryptographic Architectures Embedded in Reconfigurable Devices, CryptArchi 2009 (2009)Google Scholar
  8. 8.
    Stevens, K.C., Wilson, T.J.: Locating IC Defects in Process Monitors and Test Structures Using Optical Beam Induced Current. Microelectronic Engineering 12, 397–404 (1990)CrossRefGoogle Scholar
  9. 9.
    Soelkner, G.: Optical beam testing and its potential for electronic device characterization. Microelectronic Engineering 24, 341–353 (1994)CrossRefGoogle Scholar
  10. 10.
    Fritz, J., Lackman, R.: Optical Beam Induced Currents in MOS Transistors. Microelectronic Engineering 12, 381–388 (1990)CrossRefGoogle Scholar
  11. 11.
    Skorobogatov, S.: Optically Enhanced Position-Locked Power Analysis. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 61–75. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Desplats, R., Beaudoin, F., Perdu, P.: Chip Unzip for Backside Sample Preparation. In: 27th International Symposium for Testing and Failure Analysis, pp. 179–187 (2001)Google Scholar
  13. 13.
    Wallinger, T.: Characterization of Device Structure by Spectral Analysis of Photoemission. In: 17th International Symposium for Testing and Failure Analysis, pp. 325–334 (1991)Google Scholar
  14. 14.
    Barton, D.L., Bernhard-Hofer, K., Cole Jr., E.I.: Flip-Chip and Backside techniques. Microelectronics Reliability 39, 721–730 (1999)CrossRefGoogle Scholar
  15. 15.
    Baudouin, F.: Localisation de defaut par la face arriere des circuits integres. Ph.D. diss., Bordeaux University, 38–40 (2002)Google Scholar
  16. 16.
    Tsang, J.C., Kash, J.A., Vallett, D.P.: Picosecond imaging circuit analysis. IBM Journal of Research and Development 44, 583–603 (2000)CrossRefGoogle Scholar
  17. 17.
    McManus, M.K., Kash, J.A., Steen, S.E., Polansky, S., Tsang, J.C., Knebel, D.R., Huott, W.: Huott: PICA: Backside Failure Analysis of CMOS Circuits Using Picosecond Imaging Circuit Analysis. Microelectronic Reliability 40, 1353–1358 (2000)CrossRefGoogle Scholar
  18. 18.
    Kolzer, J., Boit, C., Dallmann, A., Deboy, G., Otto, J., Weinmann, D.: Quantitative Emission Microscopy. Journal of Applied Physics 71(11), R23–R41 (1992)CrossRefGoogle Scholar
  19. 19.
    Hamamatsu Photonics, http://www.hamamatsu.com/
  20. 20.
    Actel Proasic3 Handbook: 144, http://www.actel.com/products/pa3/docs.aspx
  21. 21.
    Bevan, R., Knudsen, E.: Ways to Enhance Differential Power Analysis. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 327–342. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Sanchez, K.: Développement et applications de techniques d’analyse par stimulation dynamique laser pour la localisation de défauts et le diagnostic de circuits intégrés. Ph.D. diss., Bordeaux University (2007)Google Scholar
  23. 23.
  24. 24.
    Brier, E., Clavier, C., Oliver, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)Google Scholar
  25. 25.
    Bystrov, A., Yakovlev, A., Sokolov, D., Murphy, J.: Design and Analysis of Dual-Rail Circuits for Security Applications. IEEE Transactions on Computers 54(4), 449–460 (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jerome Di-Battista
    • 1
    • 2
  • Jean-Christophe Courrege
    • 1
  • Bruno Rouzeyre
    • 2
  • Lionel Torres
    • 2
  • Philippe Perdu
    • 3
  1. 1.Thales ITSEFToulouseFrance
  2. 2.Laboratoire du LIRMMUniversité de MontpellierMontpellier Cedex 5France
  3. 3.Centre National d’Etudes Spatiales CNESToulouseFrance

Personalised recommendations