Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trusted Systems

INTRUST 2010: Trusted Systems pp 253–270Cite as

Hardware Trojans for Inducing or Amplifying Side-Channel Leakage of Cryptographic Software

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6802))

Abstract

Malicious alterations of integrated circuits (ICs), introduced during either the design or fabrication process, are increasingly perceived as a serious concern by the global semiconductor industry. Such rogue alterations often take the form of a “hardware Trojan,” which may be activated from remote after the compromised chip or system has been deployed in the field. The devious actions of hardware Trojans can range from the disabling of all or part of the chip (i.e. “kill switch”), over the activation of a backdoor that allows an adversary to gain access to the system, to the covert transmission of sensitive information (e.g. cryptographic keys) off-chip. In the recent past, hardware Trojans which induce side-channel leakage to convey secret keys have received considerable attention. With the present paper we aim to broaden the scope of Trojan side-channels from dedicated cryptographic hardware to general-purpose processors on which cryptographic software is executed. In particular, we describe a number of simple micro-architectural modifications to induce or amplify information leakage via faulty computations or variations in the latency and power consumption of certain instructions. We also propose software-based mechanisms for Trojan activation and present two case studies to exemplify the induced side-channel leakage for software implementations of RSA and AES. Finally, we discuss a constructive use of micro-architectural Trojans for digital watermarking so as to facilitate the detection of illegally manufactured copies of processors.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, D., Baktır, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan detection using IC fingerprinting. In: Proceedings of the 28th IEEE Symposium on Security and Privacy (S&P 2007), pp. 296–310. IEEE Computer Society Press, Los Alamitos (2007)

    Chapter  Google Scholar 

  2. Becker, G.T., Kasper, M., Moradi, A., Paar, C.: Side-channel based watermarks for integrated circuits. In: Proceedings of the 3rd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2010), pp. 30–35. IEEE Computer Society Press, Los Alamitos (2010)

    Chapter  Google Scholar 

  3. Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  4. Bernstein, D.J.: Cache-timing attacks on AES (2005) (preprint), http://cr.yp.to/papers.html#cachetiming

  5. Biham, E., Carmeli, Y., Shamir, A.: Bug attacks. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 221–240. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  6. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  7. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  8. Chakraborty, R.S., Narasimhan, S., Bhunia, S.K.: Hardware Trojan: Threats and emerging solutions. In: Proceedings of the 14th IEEE International High Level Design Validation and Test Workshop (HLDVT 2009), pp. 166–171. IEEE Computer Society Press, Los Alamitos (2009)

    Chapter  Google Scholar 

  9. Choukri, H., Tunstall, M.: Round reduction using faults. In: Proceedings of the 2nd Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2005), pp. 13–24 (2005)

    Google Scholar 

  10. Defense Science Board Task Force. High performance microchip supply. Technical report, Defense Science Board (DSB), Washington, DC, USA (February 2005), http://www.acq.osd.mil/dsb/reports/ADA435563.pdf

  11. Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Gladman, B.R.: A specification for Rijndael, the AES algorithm. Algorithm specification (2007), http://gladman.plushost.co.uk/oldsite/cryptography_technology/rijndael/aes.spec.v316.pdf

  13. Großschädl, J., Oswald, E., Page, D., Tunstall, M.: Side-channel analysis of cryptographic software via early-terminating multiplications. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 176–192. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Jin, Y., Kupp, N., Makris, Y.: Experiences in hardware Trojan design and implementation. In: Proceedings of the 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2009), pp. 50–57. IEEE Computer Society Press, Los Alamitos (2009)

    Chapter  Google Scholar 

  15. Jin, Y., Makris, Y.: Hardware Trojans in wireless cryptographic ICs. IEEE Design and Test of Computers 27(1), 26–35 (2010)

    Article  Google Scholar 

  16. King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. In: Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2008), pp. 1–8. USENIX Association (2008)

    Google Scholar 

  17. Lin, L., Burleson, W.P., Paar, C.: MOLES: Malicious off-chip leakage enabled by side-channels. In: Proceedings of the 27th IEEE/ACM International Conference on Computer-Aided Design (ICCAD 2009), pp. 117–122. ACM Press, New York (2009)

    Google Scholar 

  18. Lin, L., Kasper, M., Güneysu, T., Paar, C., Burleson, W.P.: Trojan side-channels: Lightweight hardware trojans through side-channel engineering. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 382–395. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  19. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  20. Pohlig, S.C., Hellman, M.E.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory 24(1), 106–110 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  21. Quisquater, J.-J., Piret, G.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  22. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  23. Schmidt, J.-M., Hutter, M., Plos, T.: Optical fault attacks on AES: A threat in violet. In: Proceedings of the 6th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDT 2009), pp. 13–22. IEEE Computer Society Press, Los Alamitos (2009)

    Chapter  Google Scholar 

  24. Schmidt, J.-M., Medwed, M.: A fault attack on ECDSA. In: Proceedings of the 6th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009), pp. 93–99. IEEE Computer Society Press, Los Alamitos (2009)

    Chapter  Google Scholar 

  25. Tehranipoor, M., Koushanfar, F.: A survey of hardware Trojan taxonomy and detection. IEEE Design and Test of Computers 27(1), 10–25 (2010)

    Article  Google Scholar 

  26. Trusted Computing Group. TCG Specification Architecture Overview (Revision 1.2) (2004), https://www.trustedcomputinggroup.org/groups/TCG_1_0_Architecture_Overview.pdf

  27. Tunstall, M., Mukhopadhyay, D.: Differential fault analysis of the Advanced Encryption Standard using a single fault. Cryptology ePrint Archive, Report 2009/575 (2009), http://www.eprint.iacr.org

  28. Waksman, A., Sethumadhavan, S.: Tamper evident microprocessors. In: Proceedings of the 31st IEEE Symposium on Security and Privacy (S&P 2010), pp. 173–188. IEEE Computer Society Press, Los Alamitos (2010)

    Chapter  Google Scholar 

  29. Wolff, F.G., Papachristou, C.A., Bhunia, S.K., Chakraborty, R.S.: Towards Trojan-free trusted ICs: Problem analysis and detection scheme. In: Proceedings of the 11th Conference on Design, Automation and Test in Europe (DATE 2008), pp. 1362–1365. IEEE Computer Society Press, Los Alamitos (2008)

    Google Scholar 

  30. Young, A., Yung, M.: The dark side of “Black-box” cryptography, or: Should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Luxembourg, Luxembourg

    Jean-François Gallais & Johann Großschädl

  2. University College Cork, Ireland

    Neil Hanley

  3. Ruhr University Bochum, Germany

    Markus Kasper

  4. Graz University of Technology, Austria

    Jörn-Marc Schmidt

  5. Université catholique de Louvain, Belgium

    Marcel Medwed & Francesco Regazzoni

  6. University of Bristol, United Kingdom

    Stefan Tillich & Marcin Wójcik

Authors
  1. Jean-François Gallais
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johann Großschädl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Neil Hanley
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Markus Kasper
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marcel Medwed
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Francesco Regazzoni
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Jörn-Marc Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Stefan Tillich
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Marcin Wójcik
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett-Packard Labs, Long Down Avenue, Stoke Gifford, BS34 8QZ, Bristol, UK

    Liqun Chen

  2. Google Inc. and Department of Computer Science, Columbia University, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gallais, JF. et al. (2011). Hardware Trojans for Inducing or Amplifying Side-Channel Leakage of Cryptographic Software. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2010. Lecture Notes in Computer Science, vol 6802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25283-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25283-9_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25282-2

  • Online ISBN: 978-3-642-25283-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation