Skip to main content
SpringerLink
Log in

Trace Buffer Attack on the AES Cipher

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Since the standardization of AES/Rijndael symmetric-key cipher by NIST in 2001, it gained widespread acceptance in various protocols and withstood intense scrutiny from the theoretical cryptanalysts. From the physical implementation point of view, however, AES remained vulnerable. Practical attacks on AES via fault injection, differential power analysis, scan-chain and cache-access timing have been demonstrated so far. In this paper, we propose a novel and effective attack, termed Trace Buffer Attack. Trace buffers are extensively used for post-silicon debug of integrated circuits. We identify the trace buffer as a source of information leakage. We first report the detailed process of trace buffer attack assuming that the register-transfer level (RTL) implementation is available. We further analyze the AES encryption algorithm and Rijndael’s key expansion algorithm, and illustrate that trace buffer attack is feasible without implementation (RTL) knowledge. Our experimental results show that trace buffer attack is capable of partially recovering the secret keys of different AES implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Notes

  1. For the rest of the paper, unless explicitly specified, we will use AES-128 and AES interchangeably.

  2. For iterative implementation, the restoration is clearly able to recover the key and we expect the same trend to follow for AES-192 and AES-256.

References

  1. Arm embedded trace buffer. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dai0168b/ar01s03s03.html. [Online]

  2. OpenCores AES ciphers. http://opencores.org/project,aes_coreand and http://opencores.org/project,tiny_aes. [Online]

  3. FIPS 197, Advanced Encryption Standard. csrc.nist.gov/publications/fips/fips197/fips-197.pdf, 2001. [Online]

  4. Ali S, Sinanoglu O, Karri R (2014) Aes design space exploration new line for scan attack resiliency Very Large Scale Integration (VLSI-SoC), 2014 22nd International Conference on, pp 1–6

    Google Scholar 

  5. Ali S, Sinanoglu O, Karri R (2014) Test-mode-only scan attack using the boundary scan chain Test Symposium (ETS), 2014 19th IEEE European, pp 1–6

    Google Scholar 

  6. Banik S, Bogdanov A (2015) Cryptanalysis of two fault countermeasure schemes Proceedings of the 16th International Conference on Progress in Cryptology – INDOCRYPT 2015, pages 241–252. Springer-Verlag

    Google Scholar 

  7. Banik S, Chattopadhyay A, Chowdhury A (2014) Cryptanalysis of the double-feedback xor-chain scheme proposed in indocrypt 2013. In: Meier W, Mukhopadhyay D (eds) Progress in Cryptology – INDOCRYPT 2014, pp 179–196

    Google Scholar 

  8. Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices Theory, practice, and countermeasures. Proc IEEE 100(11):3056–3076

    Article  Google Scholar 

  9. Basu K, Mishra P (2013) Rats: Restoration-aware trace signal selection for post-silicon validation. IEEE Trans Very Large Scale Integr VLSI Syst 21(4):605–613

    Article  Google Scholar 

  10. Bhargava M, Mai K (2014) An efficient reliable puf-based cryptographic key generator in 65nm cmos 2014 Design, Automation Test in Europe Conference Exhibition (DATE), pages 1–6

    Google Scholar 

  11. Bogdanov A, Khovratovich D, Rechberger C (2011) Biclique cryptanalysis of the full aes Proceedings of the 17th International Conference on The Theory and Application of Cryptology and Information Security, ASIACRYPT’11, pages 344–371. Springer-Verlag

    Google Scholar 

  12. Chatterjee D, McCarter C, Bertacco V (2011) Simulation-based signal selection for state restoration in silicon debug 2011 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pages 595–601

    Google Scholar 

  13. Chester Rebeiro SB, Mukhopadhyay D (2015) Timing Channels in Cryptography: A Micro-Architectural Perspective. Springer

  14. Devadas S, Suh E, Paral S, Sowell R, Ziola T, Khandelwal V (2008) Design and implementation of puf-based ”unclonable” rfid ics for anti-counterfeiting and security applications 2008 IEEE International Conference on RFID, pages 58– 64

    Google Scholar 

  15. Farahmandi F, Huang Y, Mishra P (2017) Trojan localization using symbolic algebra Asia and South Pacific Design Automation Conference (ASPDAC), pages –

    Google Scholar 

  16. Farahmandi F, Morad R, Ziv A, Nevo Z, Mishra P (2017) Cost-effective analysis of post-silicon functional coverage events Design Automation and Test in Europe (DATE), pages –

    Google Scholar 

  17. Genkin D, Pachmanov L, Pipman I, Tromer E (2015) Stealing keys from pcs using a radio: Cheap electromagnetic attacks on windowed exponentiation International Workshop on Cryptographic Hardware and Embedded Systems, pages 207–228. Springer

    Google Scholar 

  18. Genkin D, Shamir A, Tromer E (2014) RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, pages 444–461 Springer

  19. Hely D, Flottes ML, Bancel F, Rouzeyre B, Berard N, Renovell M (2004) Scan design and secure chip [secure ic testing] Proceedings. 10th IEEE International On-Line Testing Symposium, pages 219–224

    Google Scholar 

  20. Huang Y, Bhunia S, Mishra P (2016) Mers: Statistical test generation for side-channel analysis based trojan detection Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 130–141. ACM

    Google Scholar 

  21. Huang Y, Chattopadhyay A, Mishra P (2015) Trace buffer attack: Security versus observability study in post-silicon debug 2015 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC), pages 355–360

    Google Scholar 

  22. Kocher PC, Jaffe J, Jun B (1999) Differential power analysis Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’99, pages 388–397. Springer-Verlag

    Google Scholar 

  23. Li M, Davoodi A (2014) A hybrid approach for fast and accurate trace signal selection for post-silicon debug. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 33(7):1081–1094

    Article  Google Scholar 

  24. Moradi A, Poschmann A, Ling S, Paar C, Wang H (2011) Pushing the Limits A Very Compact and a Threshold Implementation of AES, pages 69–88 Springer

  25. Mukhopadhyay D (2009) An improved fault based attack of the advanced encryption standard. In: Preneel B (ed) Progress in Cryptology: AFRICACRYPT 2009, volume 5580 of Lecture Notes in Computer Science. Springer, pp 421–434

  26. Mukhopadhyay D, Banerjee S, RoyChowdhury D, Bhattacharya BB (2005) Cryptoscan: A secured scan chain architecture 14th Asian Test Symposium (ATS’05), pages 348–353

    Google Scholar 

  27. Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: The case of aes Proceedings of the 2006 The Cryptographers’ Track at the RSA Conference on Topics in Cryptology, CT-RSA’06, pages 1–20. Springer-Verlag

    Google Scholar 

  28. Paul S, Chakraborty RS, Bhunia S (2007) Vim-scan: A low overhead scan design approach for protection of secret key in scan-based secure chips 25th IEEE VLSI Test Symposium (VTS’07), pages 455–460

    Google Scholar 

  29. Rahmani K, Mishra P, Ray S (2014) Efficient trace signal selection using augmentation and ilp techniques Fifteenth International Symposium on Quality Electronic Design, pages 148–155

    Google Scholar 

  30. Rahmani K, Proch S, Mishra P (2016) Efficient selection of trace and scan signals for post-silicon debug. IEEE Trans Very Large Scale Integr VLSI Syst 24(1):313–323

    Article  Google Scholar 

  31. Rahmani K, Ray S, Mishra P (2017) Postsilicon trace signal selection using machine learning techniques. IEEE Trans Very Large Scale Integr VLSI Syst 25(2):570–580

    Article  Google Scholar 

  32. Regazzoni F, Breveglieri L, Ienne P, Koren I (2012) Interaction between fault attack countermeasures and the resistance against power analysis attacks. In: Joye M, Tunstall M (eds) Fault Analysis in Cryptography, Information Security and Cryptography. Springer, pp 257–272

  33. Sengar G, Mukhopadhyay D, Chowdhury DR (2007) Secured flipped scan-chain model for crypto-architecture. IEEE Trans Comput Aided Des Integr Circuits Syst 26(11):2080–2084

    Article  Google Scholar 

  34. Skorobogatov SP, Anderson RJ (2003) Optical Fault Induction Attacks, pages 2–12. Springer

  35. Yang B, Wu K, Karri R (2004) Scan based side channel attack on dedicated hardware implementations of data encryption standard 2004 International Conferce on Test, pages 339–344

    Google Scholar 

  36. Yang B, Wu K, Karri R (2005) Secure scan: a design-for-test architecture for crypto chips Proceedings. 42nd Design Automation Conference, 2005., pages 135–140

    Google Scholar 

  37. Zenner E (2004) Cryptanalysis of lfsr-based pseudorandom generators – a survey Technical report

Download references

Acknowledgments

This work was partially supported by the NSF grants (CCF-1218629 and CNS-1441667) and SRC grant (2014-TS-2554). We would like to thank Prof. Anupam Chattopadhyay (Nanyang Technological University, Singapore) for his helpful comments and suggestions.

Author information

Authors and Affiliations

  1. Department of Computer and Information Science and Engineering, University of Florida, Gainesville, FL, 32611, USA

    Yuanwen Huang & Prabhat Mishra

Authors
  1. Yuanwen Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Prabhat Mishra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuanwen Huang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Huang, Y., Mishra, P. Trace Buffer Attack on the AES Cipher. J Hardw Syst Secur 1, 68–84 (2017). https://doi.org/10.1007/s41635-017-0004-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-017-0004-3

Keywords

Search

Navigation