261 research outputs found
Defeating microprobing attacks using a resource efficient detection circuit
Microprobing is an attack technique against integrated circuits implementing security functions, such as OTP tokens or smartcards. It allows intercepting secrets from onchip wires as well as injecting faults for other attacks. While the necessity to etch open chip packages and to remove the passivation layer makes microprobing appear expensive, it was shown that a successful attack can be run with equipment worth a few thousand euros. On the protector’s side, however, appropriate countermeasures such as active shields, redundancy of core components, or analog detection circuits containing large capacitors, are still expensive. We present a resource efficient microbing detection circuit that we call Low Area Probing Detector (LAPD). It measures minimal timing differences between on-chip wires caused by the capacitive load of microprobes. Simulations show that it can detect up-todate probes with capacitances as low as 10 fF. As a novelty, the LAPD is merely based on digital components and does not require analog circuitry, which reduces the required area and process steps compared to previous approaches.Postprint (author’s final draft
Recommended from our members
How microprobing can attack encrypted memory
This paper exposes some weaknesses of encrypted
embedded memory in secure chips. Smartcards and secure
microcontrollers are designed to protect confidential internal
information. For that they widely employ on-chip memory
encryption. Usually both data and address buses are encrypted
to prevent microprobing attacks. This paper shows how
practical such attacks can be on real chips and whether
memory encryption is as good as it is supposed to be. It was
possible to extract the whole memory from a secure 8-bit
microcontroller with as little as 8 probing needles. This paper
questions the usual belief in that ion-doping-encoded and
encrypted Mask ROM is ultimately secure. Implications for
16-bit and 32-bit microcontrollers are discussed as well. Some
common weaknesses are exposed and possible
countermeasures are discussed
Recommended from our members
ENABLING IOT AUTHENTICATION, PRIVACY AND SECURITY VIA BLOCKCHAIN
Although low-power and Internet-connected gadgets and sensors are increasingly integrated into our lives, the optimal design of these systems remains an issue. In particular, authentication, privacy, security, and performance are critical success factors. Furthermore, with emerging research areas such as autonomous cars, advanced manufacturing, smart cities, and building, usage of the Internet of Things (IoT) devices is expected to skyrocket. A single compromised node can be turned into a malicious one that brings down whole systems or causes disasters in safety-critical applications. This dissertation addresses the critical problems of (i) device management, (ii) data management, and (iii) service management in IoT systems. In particular, we propose an integrated platform solution for IoT device authentication, data privacy, and service security via blockchain-based smart contracts. We ensure IoT device authentication by blockchain-based IC traceability system, from its fabrication to its end-of-life, allowing both the supplier and a potential customer to verify an IC’s provenance. Results show that our proposed consortium blockchain framework implementation in Hyperledger Fabric for IC traceability achieves a throughput of 35 transactions per second (tps). To corroborate the blockchain information, we authenticate the IC securely and uniquely with an embedded Physically Unclonable Function (PUF). For reliable Weak PUF-based authentication, our proposed accelerated aging technique reduces the cumulative burn-in cost by ∼ 56%. We also propose a blockchain-based solution to integrate the privacy of data generated from the IoT devices by giving users control of their privacy. The smart contract controlled trust-base ensures that the users have private access to their IoT devices and data. We then propose a remote configuration of IC features via smart contracts, where an IC can be programmed repeatedly and securely. This programmability will enable users to upgrade IC features or rent upgraded IC features for a fixed period after users have purchased the IC. We tailor the hardware to meet the blockchain performance. Our on-die hardware module design enforces the hardware configuration’s secure execution and uses only 2,844 slices in the Xilinx Zedboard Zynq Evaluation board. The blockchain framework facilitates decentralized IoT, where interacting devices are empowered to execute digital contracts autonomously
Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis
Today's mobile devices contain densely packaged system-on-chips (SoCs) with
multi-core, high-frequency CPUs and complex pipelines. In parallel,
sophisticated SoC-assisted security mechanisms have become commonplace for
protecting device data, such as trusted execution environments, full-disk and
file-based encryption. Both advancements have dramatically complicated the use
of conventional physical attacks, requiring the development of specialised
attacks. In this survey, we consolidate recent developments in physical fault
injections and side-channel attacks on modern mobile devices. In total, we
comprehensively survey over 50 fault injection and side-channel attack papers
published between 2009-2021. We evaluate the prevailing methods, compare
existing attacks using a common set of criteria, identify several challenges
and shortcomings, and suggest future directions of research
On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs
Modern Integrated Circuits (ICs) employ several classes of countermeasures to mitigate physical attacks. Recently, a powerful semi-invasive attack relying on optical contactless probing has been introduced, which can assist the attacker in circumventing the integrated countermeasures and probe the secret data on a chip. This attack can be mounted using IC debug tools from the backside of the chip. The first published attack based on this technique was conducted against a proof-of-concept hardware implementation on a Field Programmable Gate Array (FPGA). Therefore, the success of optical probing techniques against a real commercial device without any knowledge of the hardware implementation is still questionable. The aim of this work is to assess the threat of optical contactless probing in a real attack scenario. To this end, we conduct an optical probing attack against the bitstream encryption feature of a common FPGA. We demonstrate that the adversary is able to extract the plaintext data containing sensitive design information and intellectual property (IP). In contrast to previous optical attacks from the IC backside, our attack does not require any device preparation or silicon polishing, which makes it a non-invasive attack. Additionally, we debunk the myth that small technology sizes are unsusceptible to optical attacks, as we use an optical resolution of about 1 um to successfully attack a 28 nm device. Based on our time measurements, an attacker needs less than 10 working days to conduct the optical analysis and reverse-engineer the security-related parts of the hardware. Finally, we propose and discuss potential countermeasures, which could make the attack more challenging
- …