research-article

Electromagnetic Radiations of FPGAs: High Spatial Resolution Cartography and Attack on a Cryptographic Module

Authors:

Laurent Sauvage,

Sylvain Guilley,

Yves MathieuAuthors Info & Claims

ACM Transactions on Reconfigurable Technology and Systems (TRETS), Volume 2, Issue 1

Article No.: 4, Pages 1 - 24

https://doi.org/10.1145/1502781.1502785

Published: 01 March 2009 Publication History

Get Access

Abstract

Since the first announcement of a Side Channel Analysis (SCA) about ten years ago, considerable research has been devoted to studying these attacks on Application Specific Integrated Circuits (ASICs), such as smart cards or TPMs. In this article, we compare power-line attacks with ElectroMagnetic (EM) attacks, specifically targeting Field Programmable Gate Array devices (FPGAs), as they are becoming widely used for sensitive applications involving cryptography.

We show experimentally that ElectroMagnetic Analysis (EMA) is always faster than the historical Differential Power Analysis (DPA) in retrieving keys of symmetric ciphers. In addition, these analyses prove to be very convenient to conduct, as they are totally non-invasive.

Research reports indicate that EMA can be conducted globally, typically with macroscopic home-made coils circling the device under attack, with fair results. However, as accurate professional EM antennas are now becoming more accessible, it has become commonplace to carry out EM analyses locally.

Cartography has been carried out by optical means on circuits realized with technology greater than 250 nanometers. Nonetheless, for deep submicron technologies, the feature size of devices that are spied upon is too small to be visible with photographic techniques. In addition, the presence of the 6+ metallization layers obviously prevents a direct observation of the layout. Therefore, EM imaging is emerging as a relevant means to discover the underlying device structure.

In this article, we present the first images of deep-submicron FPGAs. The resolution is not as accurate as photographic pictures: we notably compare the layout of toy design examples placed at the four corners of the FPGAs with the EM images we collected. We observe that EM imaging has the advantage of revealing active regions, which can be useful in locating a particular processor (visible while active---invisible when inactive).

In the context of EM attacks, we stress that the exact localization of the cryptographic target is not necessary: the coarse resolution we obtain is sufficient. We note that the EM imaging does not reveal the exact layout of the FPGA, but instead directly guides the attacker towards the areas which are leaking the most. We achieve attacks with an accurate sensor, both far from (namely on a SMC capacitor on the board) and close to (namely directly over the FPGA) the encryption co-processor. As compared to the previously published attacks, we report a successful attack on a DES module in fewer than 6,300 measurements, which is currently the best cracking performance against this encryption algorithm implemented in FPGAs.

References

[1]

Agrawal, D., Archambeault, B., Rao, J. R., and Rohatgi, P. 2002. The EM side-channel(s). In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Lecture Notes in Computer Science, vol. 2523. Springer, 29--45.

Abstract

References

Cited By

Index Terms

Recommendations

Security on FPGAs: State-of-the-art implementations and attacks

Isolated WDDL: A Hiding Countermeasure for Differential Power Analysis on FPGAs

Mitigating Electrical-level Attacks towards Secure Multi-Tenant FPGAs in the Cloud

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations