ABSTRACT
In recent years, Side-Channel Analysis (SCA) that leverages power measurements from peripherals or on-chip power sensors has gained increasing attention. Instead of direct physical access to the victim device, these so-called remote SCA attacks can be mounted if an attacker shares resources on the same Power Distribution Network (PDN), e.g., in a multi-tenant Field Programmable Gate Array (FPGA) cloud scenario. Previous work on remote SCA focused on cryptographic algorithms such as AES and RSA. In this work, we analyze the possibility of on-chip SCA of Physical Unclonable Function (PUF) primitives and compare their efficiency to classical SCA attacks. We target the Loop PUF, that derives entropy from a configurable oscillator, where an attacker can retrieve the secret by observing oscillation frequencies. We employ a Time-to-Digital Converter (TDC) sensor, and compare two Artix-7 FPGAs with different resources to compare differences in the Signal-to-Noise Ratio (SNR). Further, we vary the relative placement of the targeted PUF and the TDC sensor. Even though the number of traces required is increased compared to classical SCA, the experiments illustrate the feasibility of extracting the secret key from a PUF-based storage from on-chip SCA.
Supplemental Material
- Michel Adami? and Andrej Trost. 2019. A Fast High-Resolution Time-to-Digital Converter Implemented in a Zynq 7010 SoC. In 2019 Austrochip Workshop on Microelectronics (Austrochip). 29--34.Google Scholar
- Z. Cherif, J. Danger, S. Guilley, and L. Bossuet. 2012. An Easy-to-Design PUF Based on a Single Oscillator: The Loop PUF. In 2012 15th Euromicro Conference on Digital System Design. 156--162.Google Scholar
- Rana Elnaggar, Sayak Ray, Majid Sabbagh, Bilgiday Yuce, Terry Wang, and Jason Fung. 2021. OPAL: On-the-go Physical Attack Lab to Evaluate Power Side-channel Vulnerabilities on FPGAs. In 2021 IEEE Physical Assurance and Inspection of Electronics (PAINE). 1--8.Google Scholar
- M. E. S. Elrabaa, M. Al-Asli, and M. Abu-Amara. 2021. Secure Computing Enclaves Using FPGAs. IEEE Transactions on Dependable and Secure Computing, Vol. 18, 2 (2021), 593--604.Google ScholarDigital Library
- D. R. E. Gnad, F. Oboril, S. Kiamehr, and M. B. Tahoori. 2016. Analysis of transient voltage fluctuations in FPGAs. In 2016 International Conference on Field-Programmable Technology (FPT). 12--19.Google Scholar
- J. Gravellier, J. Dutertre, Y. Teglia, and P. Loubet-Moundi. 2019. High-Speed Ring Oscillator based Sensors for Remote Side-Channel Attacks on FPGAs. In 2019 International Conference on ReConFigurable Computing and FPGAs. 1--8.Google Scholar
- Macarena C. Mart'inez-Rodr'iguez, Ignacio M. Delgado-Lozano, and Billy Bob Brumley. 2021. SoK: Remote Power Analysis. In The 16th International Conference on Availability, Reliability and Security (Vienna, Austria, 2021) (ARES 2021). Association for Computing Machinery, New York, NY, USA, Article 7, 12 pages.Google Scholar
- Dominik Merli, Dieter Schuster, Frederic Stumpf, and Georg Sigl. 2011a. Semi-invasive EM Attack on FPGA RO PUFs and Countermeasures. In 6th Workshop on Embedded Systems Security (WESS'2011). ACM.Google Scholar
- Dominik Merli, Dieter Schuster, Frederic Stumpf, and Georg Sigl. 2011b. Side-Channel Analysis of PUFs and Fuzzy Extractors. In Trust and Trustworthy Computing, , Jonathan M. McCune, Boris Balacheff, Adrian Perrig, Ahmad-Reza Sadeghi, Angela Sasse, and Yolanta Beres (Eds.). Number 6740 in Lecture Notes in Computer Science. Springer Berlin Heidelberg, 33--47.Google Scholar
- Shayan Moini, Shanquan Tian, Daniel Holcomb, Jakub Szefer, and Russell Tessier. 2021. Remote Power Side-Channel Attacks on BNN Accelerators in FPGAs. In 2021 Design, Automation Test in Europe Conference Exhibition (DATE). 1639--1644.Google Scholar
- Olivier Rioul, Patrick Solé, Sylvain Guilley, and Jean-Luc Danger. 2016. On the entropy of Physically Unclonable Functions. In 2016 IEEE International Symposium on Information Theory (ISIT). 2928--2932.Google ScholarDigital Library
- F. Schellenberg, D. R. E. Gnad, A. Moradi, and M. B. Tahoori. 2018. An inside job: Remote power analysis attacks on FPGAs. In 2018 Design, Automation Test in Europe Conference Exhibition (DATE). 1111--1116.Google Scholar
- Lars Tebelmann, Jean-Luc Danger, and Michael Pehl. 2020. Self-secured PUF: Protecting the Loop PUF by Masking. In Constructive Side-Channel Analysis and Secure Design, Guido Marco Bertoni and Francesco Regazzoni (Eds.). Springer International Publishing, 293--314.Google Scholar
- Shanquan Tian, Andrew Krzywosz, Ilias Giechaskiel, and Jakub Szefer. 2020. Cloud FPGA Security with RO-Based Primitives. In 2020 International Conference on Field-Programmable Technology (ICFPT). 154--158.Google Scholar
- J. Wu. 2010. Several Key Issues on Implementing Delay Line Based TDCs Using FPGAs. IEEE Transactions on Nuclear Science , Vol. 57, 3 (2010), 1543--1548.Google ScholarCross Ref
- M. Zhao and G. E. Suh. 2018. FPGA-Based Remote Power Side-Channel Attacks. In 2018 IEEE Symposium on Security and Privacy (SP). 229--244.Google Scholar
Index Terms
- On-Chip Side-Channel Analysis of the Loop PUF
Recommendations
Self-secured PUF: Protecting the Loop PUF by Masking
Constructive Side-Channel Analysis and Secure DesignAbstractPhysical Unclonable Functions (PUFs) provide means to generate chip individual keys, especially for low-cost applications such as the Internet of Things (IoT). They are intrinsically robust against reverse engineering, and more cost-effective than ...
Leakage Sources of the ICLooPUF: Analysis of a Side-Channel Protected Oscillator-Based PUF
Constructive Side-Channel Analysis and Secure DesignAbstractIn the last years, Physical Unclonable Functions (PUFs) became a popular security primitive, which is nowadays also used in several products. As a lightweight solution for key storage, they are frequently suggested in an environment where ...
Side-Channel Analysis of the TERO PUF
Constructive Side-Channel Analysis and Secure DesignAbstractPhysical Unclonable Functions (PUFs) have the potential to provide a higher level of security for key storage than traditional Non-Volatile Memory (NVM). However, the susceptibility of the PUF primitives to non-invasive Side-Channel Analysis (SCA) ...
Comments