Hardware Trojans for Inducing or Amplifying Side-Channel Leakage of Cryptographic Software

  • Jean-François Gallais
  • Johann Großschädl
  • Neil Hanley
  • Markus Kasper
  • Marcel Medwed
  • Francesco Regazzoni
  • Jörn-Marc Schmidt
  • Stefan Tillich
  • Marcin Wójcik
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6802)


Malicious alterations of integrated circuits (ICs), introduced during either the design or fabrication process, are increasingly perceived as a serious concern by the global semiconductor industry. Such rogue alterations often take the form of a “hardware Trojan,” which may be activated from remote after the compromised chip or system has been deployed in the field. The devious actions of hardware Trojans can range from the disabling of all or part of the chip (i.e. “kill switch”), over the activation of a backdoor that allows an adversary to gain access to the system, to the covert transmission of sensitive information (e.g. cryptographic keys) off-chip. In the recent past, hardware Trojans which induce side-channel leakage to convey secret keys have received considerable attention. With the present paper we aim to broaden the scope of Trojan side-channels from dedicated cryptographic hardware to general-purpose processors on which cryptographic software is executed. In particular, we describe a number of simple micro-architectural modifications to induce or amplify information leakage via faulty computations or variations in the latency and power consumption of certain instructions. We also propose software-based mechanisms for Trojan activation and present two case studies to exemplify the induced side-channel leakage for software implementations of RSA and AES. Finally, we discuss a constructive use of micro-architectural Trojans for digital watermarking so as to facilitate the detection of illegally manufactured copies of processors.


Clock Cycle Digital Watermark Leak Information Fault Injection Fault Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, D., Baktır, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan detection using IC fingerprinting. In: Proceedings of the 28th IEEE Symposium on Security and Privacy (S&P 2007), pp. 296–310. IEEE Computer Society Press, Los Alamitos (2007)CrossRefGoogle Scholar
  2. 2.
    Becker, G.T., Kasper, M., Moradi, A., Paar, C.: Side-channel based watermarks for integrated circuits. In: Proceedings of the 3rd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2010), pp. 30–35. IEEE Computer Society Press, Los Alamitos (2010)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  4. 4.
    Bernstein, D.J.: Cache-timing attacks on AES (2005) (preprint),
  5. 5.
    Biham, E., Carmeli, Y., Shamir, A.: Bug attacks. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 221–240. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Chakraborty, R.S., Narasimhan, S., Bhunia, S.K.: Hardware Trojan: Threats and emerging solutions. In: Proceedings of the 14th IEEE International High Level Design Validation and Test Workshop (HLDVT 2009), pp. 166–171. IEEE Computer Society Press, Los Alamitos (2009)CrossRefGoogle Scholar
  9. 9.
    Choukri, H., Tunstall, M.: Round reduction using faults. In: Proceedings of the 2nd Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2005), pp. 13–24 (2005)Google Scholar
  10. 10.
    Defense Science Board Task Force. High performance microchip supply. Technical report, Defense Science Board (DSB), Washington, DC, USA (February 2005),
  11. 11.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Gladman, B.R.: A specification for Rijndael, the AES algorithm. Algorithm specification (2007),
  13. 13.
    Großschädl, J., Oswald, E., Page, D., Tunstall, M.: Side-channel analysis of cryptographic software via early-terminating multiplications. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 176–192. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Jin, Y., Kupp, N., Makris, Y.: Experiences in hardware Trojan design and implementation. In: Proceedings of the 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2009), pp. 50–57. IEEE Computer Society Press, Los Alamitos (2009)CrossRefGoogle Scholar
  15. 15.
    Jin, Y., Makris, Y.: Hardware Trojans in wireless cryptographic ICs. IEEE Design and Test of Computers 27(1), 26–35 (2010)CrossRefGoogle Scholar
  16. 16.
    King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. In: Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2008), pp. 1–8. USENIX Association (2008)Google Scholar
  17. 17.
    Lin, L., Burleson, W.P., Paar, C.: MOLES: Malicious off-chip leakage enabled by side-channels. In: Proceedings of the 27th IEEE/ACM International Conference on Computer-Aided Design (ICCAD 2009), pp. 117–122. ACM Press, New York (2009)Google Scholar
  18. 18.
    Lin, L., Kasper, M., Güneysu, T., Paar, C., Burleson, W.P.: Trojan side-channels: Lightweight hardware trojans through side-channel engineering. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 382–395. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  20. 20.
    Pohlig, S.C., Hellman, M.E.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory 24(1), 106–110 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Quisquater, J.-J., Piret, G.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Schmidt, J.-M., Hutter, M., Plos, T.: Optical fault attacks on AES: A threat in violet. In: Proceedings of the 6th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDT 2009), pp. 13–22. IEEE Computer Society Press, Los Alamitos (2009)CrossRefGoogle Scholar
  24. 24.
    Schmidt, J.-M., Medwed, M.: A fault attack on ECDSA. In: Proceedings of the 6th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009), pp. 93–99. IEEE Computer Society Press, Los Alamitos (2009)CrossRefGoogle Scholar
  25. 25.
    Tehranipoor, M., Koushanfar, F.: A survey of hardware Trojan taxonomy and detection. IEEE Design and Test of Computers 27(1), 10–25 (2010)CrossRefGoogle Scholar
  26. 26.
    Trusted Computing Group. TCG Specification Architecture Overview (Revision 1.2) (2004),
  27. 27.
    Tunstall, M., Mukhopadhyay, D.: Differential fault analysis of the Advanced Encryption Standard using a single fault. Cryptology ePrint Archive, Report 2009/575 (2009),
  28. 28.
    Waksman, A., Sethumadhavan, S.: Tamper evident microprocessors. In: Proceedings of the 31st IEEE Symposium on Security and Privacy (S&P 2010), pp. 173–188. IEEE Computer Society Press, Los Alamitos (2010)CrossRefGoogle Scholar
  29. 29.
    Wolff, F.G., Papachristou, C.A., Bhunia, S.K., Chakraborty, R.S.: Towards Trojan-free trusted ICs: Problem analysis and detection scheme. In: Proceedings of the 11th Conference on Design, Automation and Test in Europe (DATE 2008), pp. 1362–1365. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
  30. 30.
    Young, A., Yung, M.: The dark side of “Black-box” cryptography, or: Should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jean-François Gallais
    • 1
  • Johann Großschädl
    • 1
  • Neil Hanley
    • 2
  • Markus Kasper
    • 3
  • Marcel Medwed
    • 5
  • Francesco Regazzoni
    • 5
  • Jörn-Marc Schmidt
    • 4
  • Stefan Tillich
    • 6
  • Marcin Wójcik
    • 6
  1. 1.University of LuxembourgLuxembourg
  2. 2.University College CorkIreland
  3. 3.Ruhr University BochumGermany
  4. 4.Graz University of TechnologyAustria
  5. 5.Université catholique de LouvainBelgium
  6. 6.University of BristolUnited Kingdom

Personalised recommendations