EM Attack Is Non-invasive? - Design Methodology and Validity Verification of EM Attack Sensor

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8731)


This paper presents a standard-cell-based semi-automatic design methodology of a new conceptual countermeasure against electromagnetic (EM) analysis and fault-injection attacks. The countermeasure namely EM attack sensor utilizes LC oscillators which detect variations in the EM field around a cryptographic LSI caused by a micro probe brought near the LSI. A dual-coil sensor architecture with an LUT-programming-based digital calibration can prevent a variety of microprobe-based EM attacks that cannot be thwarted by conventional countermeasures. All components of the sensor core are semiautomatically designed by standard EDA tools with a fully-digital standard cell library and hence minimum design cost. This sensor can be therefore scaled together with the cryptographic LSI to be protected. The sensor prototype is designed based on the proposed methodology together with a 128bit-key composite AES processor in 0.18μm CMOS with overheads of only 2respectively. The validity against a variety of EM attack scenarios has been verified successfully.


EM analysis attack EM fault injection attack countermeasure attack detection micro EM probe 


  1. 1.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer (2007)Google Scholar
  4. 4.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Quisquater, J., Samyde, D.: Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Agrawal, D., Archambeault, B., Rao, R., Rohatgi, P.: The EM side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Réal, D., Valette, F., Drissi, M.: Enhancing Correlation Electromagnetic Attack Using Planar Near-Field Cartography. In: DATE 2009, pp. 628–633 (2009)Google Scholar
  8. 8.
    Peeters, E., Standaert, X., Quisquater, J.: Power and electromagnetic analysis: Improved model, consequences and comparisons. Integration, the VLSI Journal 40(1), 52–60 (2007)CrossRefGoogle Scholar
  9. 9.
    Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., Encrenaz, E.: Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: FDTC 2013, pp. 77–88 (August 2013)Google Scholar
  10. 10.
    Sugawara, T., Suzuki, D., Saeki, M., Shiozaki, M., Fujino, T.: On Measurable Side-Channel Leaks Inside ASIC Design Primitives. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 159–178. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Tiri, K., Hwang, D., Hodjat, A., Lai, B.-C., Yang, S., Schaumont, P., Verbauwhede, I.: Prototype IC with WDDL and differential routing – DPA resistance assessment. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 354–365. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Suzuki, D., Saeki, M., Ichikawa, T.: Random Switching Logic: A Countermeasure against DPA based on Transition Probability, IACR Cryptology ePrint Archive 2004: 346 (2004)Google Scholar
  13. 13.
    Van Geloven, J.A.J., Wolters, R.A.M., Verhaegh, N.: Sensing circuit for devices with protective coating, United States Patent no. US 2010/0090714 Al (2010)Google Scholar
  14. 14.
    Beit-Grogger, A., Riegebauer, J.: Integrated circuit having an active shield. United States Patent no. 6,962,294 (2005)Google Scholar
  15. 15.
    Briais, S., Cioranesco, J.-M., Danger, J.-L., Guilley, S., Jourdan, J.-H., Milchior, A., Naccache, D., Porteboeuf, T.: Random Active Shield. In: FDTC 2012, pp. 103–113 (September 2012)Google Scholar
  16. 16.
    Briais, S., et al.: 3D Hardware Canaries. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 1–22. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Miura, N., Fujimoto, D., Tanaka, D., Hayashi, Y., Homma, N., Aoki, T., Nagata, M.: A Local EM-Analysis Attack Resistant Cryptographic Engine with Fully-Digital Oscillator-Based Tamper-Access Sensor. In: 2014 Symposium on VLSI Circuits, Dig. Tech. Papers, pp. 172–173 (June 2014)Google Scholar
  18. 18.
    Saito, M., Kusaga, K., Takeya, T., Miura, N., Kuroda, T.: An Extended XY Coil for Noise Reduction in Inductive-coupling Link. A-SSCC Dig. Tech. Papers, pp. 305–308 (November 2009)Google Scholar
  19. 19.
    Cryptographic Hardware Project (August 2007),
  20. 20.
    Side-channel Attack Standard Evaluation Board, SASEBO-RII (2012),

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Graduate School of Information SciencesTohoku UniversityJapan
  2. 2.Graduate School of System InformaticsKobe UniversityJapan

Personalised recommendations