Abstract
This work proposes substantial algorithmic enhancements to the SPEA of Schlösser et al. [15] by adding cryptographic post-processing, and improved signal processing to the photonic measurement phase. Our improved approach provides three crucial benefits: (1) For some SBox/SRAM configurations the original SPEA method is unable to identify a unique key, and terminates with up to \(2^{48}\) key candidates; using our new solver we are able to find the correct key regardless of the respective SBox/SRAM configuration. (2) Our methods reduce the number of required (complex photonic) measurements by an order of magnitude, thereby shortening the duration of the attack significantly. (3) Due to the unavailability of the attack equipment of Schlösser et al. [15] we additionally developed a novel Photonic Emission Simulator which we matched against the real equipment of the original SPEA work. With this simulator we were able to verify our enhanced SPEA by a full AES recovery which uses only a small number of photonic measurements.
A. Wool—Supported in part by a grant from the Interdisciplinary Cyber-Research Center at Tel Aviv University.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bascoul, G., Perdu, P., Benigni, A., Dudit, S., Celi, G., Lewis, D.: Time resolved imaging: from logical states to events, a new and efficient pattern matching method for VLSI analysis. Microelectron. Reliab. 51(9), 1640–1645 (2011)
Bernstein, D.J.: Cache-timing attacks on AES (2004). Preprint, http://cr.yp.to/papers
Bertoni, Y.M., Grassi, L., Melzani, F.: Simulations of optical emissions for attacking AES and masked AES. In: Chakraborty, R.S., Schwabe, P., Solworth, J. (eds.) Security, Privacy, and Applied Cryptography Engineering (SPACE). LNCS, vol. 9354, pp. 172–189. Springer, Verlag (2015)
Carmon, E., Seifert, J.-P., Wool, A.: Simple photonic emission attack with reduced data complexity. Cryptology ePrint Archive, Report 2015/1206 (2015). http://eprint.iacr.org/2015/1206
Chynoweth, A., McKay, K.: Photon emission from avalanche breakdown in silicon. Phys. Rev. 102(2), 369 (1956)
Di-Battista, J., Courrege, J.C., Rouzeyre, B., Torres, L., Perdu, P.: When failure analysis meets side-channel attacks. In: Mangard, S., Standaert, F.X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 188–202. Springer, Heidelberg (2010)
Egger, P., Grützner, M., Burmer, C., Dudkiewicz, F.: Application of time resolved emission techniques within the failure analysis flow. Microelectron. Reliab. 47(9), 1545–1549 (2007)
Ferrigno, J., Hlavác, M.: When AES blinks: introducing optical side channel. Inf. Secur. 2(3), 94–98 (2008)
Krämer, J., Kasper, M., Seifert, J.-P.: The role of photons in cryptanalysis. In: 19th Asia and South Pacific, Design Automation Conference (ASP-DAC), pp. 780–787. IEEE (2014)
Krämer, J., Nedospasov, D., Schlösser, A., Seifert, J.P.: Differential photonic emission analysis. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 1–16. Springer, Heidelberg (2013)
Nedospasov, D., Seifert, J.-P., Schlosser, A., Orlic, S.: Functional integrated circuit analysis. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 102–107. IEEE (2012)
Newman, R.: Visible light from a silicon pn junction. Phys. Rev. 100(2), 700–703 (1955)
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Schlösser, A.: Hot electron Luminescence in silicon structures as photonic side channel (in German). Ph.D. thesis, Faculty of Mathematics and Natural sciences, Berlin Institute of Technology (2014)
Schlösser, A., Nedospasov, D., Krämer, J., Orlic, S., Seifert, J.-P.: Photonic emission analysis of AES. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES) (2012)
Schlösser, A., Nedospasov, D., Krämer, J., Orlic, S., Seifert, J.-P.: Simple photonic emission analysis of AES. J. Cryptographic Eng. 3(1), 3–15 (2013)
Selmi, L., Mastrapasqua, M., Boulin, D.M., Bude, J.D., Pavesi, M., Sangiorgi, E., Pinto, M.R.: Verification of electron distributions in silicon by means of hot carrier luminescence measurements. IEEE Trans. Electron Devices 45(4), 802–808 (1998)
Song, P., Stellari, F., Huott, B., Wagner, O., Srinivasan, U., Chan, Y., Rizzolo, R., Nam, H., Eckhardt, J., McNamara, T., et al.: An advanced optical diagnostic technique of IBM z990 eserver microprocessor. In: Proceedings IEEE International Test Conference (ITC), p. 9. IEEE (2005)
Weste, N., Harris, D., Design, C.: A Circuits And Systems Perspective, 4/E. Pearson Education, (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix
The AES Process Until the Second SubBytes Operation
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Carmon, E., Seifert, JP., Wool, A. (2016). Simple Photonic Emission Attack with Reduced Data Complexity. In: Standaert, FX., Oswald, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2016. Lecture Notes in Computer Science(), vol 9689. Springer, Cham. https://doi.org/10.1007/978-3-319-43283-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-43283-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-43282-3
Online ISBN: 978-3-319-43283-0
eBook Packages: Computer ScienceComputer Science (R0)