Abstract
Since the standardization of AES/Rijndael symmetric-key cipher by NIST in 2001, it gained widespread acceptance in various protocols and withstood intense scrutiny from the theoretical cryptanalysts. From the physical implementation point of view, however, AES remained vulnerable. Practical attacks on AES via fault injection, differential power analysis, scan-chain and cache-access timing have been demonstrated so far. In this paper, we propose a novel and effective attack, termed Trace Buffer Attack. Trace buffers are extensively used for post-silicon debug of integrated circuits. We identify the trace buffer as a source of information leakage. We first report the detailed process of trace buffer attack assuming that the register-transfer level (RTL) implementation is available. We further analyze the AES encryption algorithm and Rijndael’s key expansion algorithm, and illustrate that trace buffer attack is feasible without implementation (RTL) knowledge. Our experimental results show that trace buffer attack is capable of partially recovering the secret keys of different AES implementations.
Similar content being viewed by others
Notes
For the rest of the paper, unless explicitly specified, we will use AES-128 and AES interchangeably.
For iterative implementation, the restoration is clearly able to recover the key and we expect the same trend to follow for AES-192 and AES-256.
References
Arm embedded trace buffer. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dai0168b/ar01s03s03.html. [Online]
OpenCores AES ciphers. http://opencores.org/project,aes_coreand and http://opencores.org/project,tiny_aes. [Online]
FIPS 197, Advanced Encryption Standard. csrc.nist.gov/publications/fips/fips197/fips-197.pdf, 2001. [Online]
Ali S, Sinanoglu O, Karri R (2014) Aes design space exploration new line for scan attack resiliency Very Large Scale Integration (VLSI-SoC), 2014 22nd International Conference on, pp 1–6
Ali S, Sinanoglu O, Karri R (2014) Test-mode-only scan attack using the boundary scan chain Test Symposium (ETS), 2014 19th IEEE European, pp 1–6
Banik S, Bogdanov A (2015) Cryptanalysis of two fault countermeasure schemes Proceedings of the 16th International Conference on Progress in Cryptology – INDOCRYPT 2015, pages 241–252. Springer-Verlag
Banik S, Chattopadhyay A, Chowdhury A (2014) Cryptanalysis of the double-feedback xor-chain scheme proposed in indocrypt 2013. In: Meier W, Mukhopadhyay D (eds) Progress in Cryptology – INDOCRYPT 2014, pp 179–196
Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices Theory, practice, and countermeasures. Proc IEEE 100(11):3056–3076
Basu K, Mishra P (2013) Rats: Restoration-aware trace signal selection for post-silicon validation. IEEE Trans Very Large Scale Integr VLSI Syst 21(4):605–613
Bhargava M, Mai K (2014) An efficient reliable puf-based cryptographic key generator in 65nm cmos 2014 Design, Automation Test in Europe Conference Exhibition (DATE), pages 1–6
Bogdanov A, Khovratovich D, Rechberger C (2011) Biclique cryptanalysis of the full aes Proceedings of the 17th International Conference on The Theory and Application of Cryptology and Information Security, ASIACRYPT’11, pages 344–371. Springer-Verlag
Chatterjee D, McCarter C, Bertacco V (2011) Simulation-based signal selection for state restoration in silicon debug 2011 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pages 595–601
Chester Rebeiro SB, Mukhopadhyay D (2015) Timing Channels in Cryptography: A Micro-Architectural Perspective. Springer
Devadas S, Suh E, Paral S, Sowell R, Ziola T, Khandelwal V (2008) Design and implementation of puf-based ”unclonable” rfid ics for anti-counterfeiting and security applications 2008 IEEE International Conference on RFID, pages 58– 64
Farahmandi F, Huang Y, Mishra P (2017) Trojan localization using symbolic algebra Asia and South Pacific Design Automation Conference (ASPDAC), pages –
Farahmandi F, Morad R, Ziv A, Nevo Z, Mishra P (2017) Cost-effective analysis of post-silicon functional coverage events Design Automation and Test in Europe (DATE), pages –
Genkin D, Pachmanov L, Pipman I, Tromer E (2015) Stealing keys from pcs using a radio: Cheap electromagnetic attacks on windowed exponentiation International Workshop on Cryptographic Hardware and Embedded Systems, pages 207–228. Springer
Genkin D, Shamir A, Tromer E (2014) RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, pages 444–461 Springer
Hely D, Flottes ML, Bancel F, Rouzeyre B, Berard N, Renovell M (2004) Scan design and secure chip [secure ic testing] Proceedings. 10th IEEE International On-Line Testing Symposium, pages 219–224
Huang Y, Bhunia S, Mishra P (2016) Mers: Statistical test generation for side-channel analysis based trojan detection Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 130–141. ACM
Huang Y, Chattopadhyay A, Mishra P (2015) Trace buffer attack: Security versus observability study in post-silicon debug 2015 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC), pages 355–360
Kocher PC, Jaffe J, Jun B (1999) Differential power analysis Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’99, pages 388–397. Springer-Verlag
Li M, Davoodi A (2014) A hybrid approach for fast and accurate trace signal selection for post-silicon debug. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 33(7):1081–1094
Moradi A, Poschmann A, Ling S, Paar C, Wang H (2011) Pushing the Limits A Very Compact and a Threshold Implementation of AES, pages 69–88 Springer
Mukhopadhyay D (2009) An improved fault based attack of the advanced encryption standard. In: Preneel B (ed) Progress in Cryptology: AFRICACRYPT 2009, volume 5580 of Lecture Notes in Computer Science. Springer, pp 421–434
Mukhopadhyay D, Banerjee S, RoyChowdhury D, Bhattacharya BB (2005) Cryptoscan: A secured scan chain architecture 14th Asian Test Symposium (ATS’05), pages 348–353
Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: The case of aes Proceedings of the 2006 The Cryptographers’ Track at the RSA Conference on Topics in Cryptology, CT-RSA’06, pages 1–20. Springer-Verlag
Paul S, Chakraborty RS, Bhunia S (2007) Vim-scan: A low overhead scan design approach for protection of secret key in scan-based secure chips 25th IEEE VLSI Test Symposium (VTS’07), pages 455–460
Rahmani K, Mishra P, Ray S (2014) Efficient trace signal selection using augmentation and ilp techniques Fifteenth International Symposium on Quality Electronic Design, pages 148–155
Rahmani K, Proch S, Mishra P (2016) Efficient selection of trace and scan signals for post-silicon debug. IEEE Trans Very Large Scale Integr VLSI Syst 24(1):313–323
Rahmani K, Ray S, Mishra P (2017) Postsilicon trace signal selection using machine learning techniques. IEEE Trans Very Large Scale Integr VLSI Syst 25(2):570–580
Regazzoni F, Breveglieri L, Ienne P, Koren I (2012) Interaction between fault attack countermeasures and the resistance against power analysis attacks. In: Joye M, Tunstall M (eds) Fault Analysis in Cryptography, Information Security and Cryptography. Springer, pp 257–272
Sengar G, Mukhopadhyay D, Chowdhury DR (2007) Secured flipped scan-chain model for crypto-architecture. IEEE Trans Comput Aided Des Integr Circuits Syst 26(11):2080–2084
Skorobogatov SP, Anderson RJ (2003) Optical Fault Induction Attacks, pages 2–12. Springer
Yang B, Wu K, Karri R (2004) Scan based side channel attack on dedicated hardware implementations of data encryption standard 2004 International Conferce on Test, pages 339–344
Yang B, Wu K, Karri R (2005) Secure scan: a design-for-test architecture for crypto chips Proceedings. 42nd Design Automation Conference, 2005., pages 135–140
Zenner E (2004) Cryptanalysis of lfsr-based pseudorandom generators – a survey Technical report
Acknowledgments
This work was partially supported by the NSF grants (CCF-1218629 and CNS-1441667) and SRC grant (2014-TS-2554). We would like to thank Prof. Anupam Chattopadhyay (Nanyang Technological University, Singapore) for his helpful comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Huang, Y., Mishra, P. Trace Buffer Attack on the AES Cipher. J Hardw Syst Secur 1, 68–84 (2017). https://doi.org/10.1007/s41635-017-0004-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-017-0004-3