Physical attacks constitute a significant threat for any cryptosystem. Among them, Side-Channel Analysis (SCA) is a common practice to stress the security of embedded devices like smartcards or secure controllers. Nowadays, it has become more than relevant on mobile and connected devices requiring a high security level. Yet, their applicability to smartphones is not obvious, as the architecture of modern System-on-Chips (SoC) is becoming ever more complex.This paper describes how a secret AES key was retrieved from the hardware cryptoprocessor of a smartphone. It is part of an attack scenario targeting the bootloader decryption. The focus is on practical realization and the challenges it brings. In particular, catching meaningful signals emitted by the cryptoprocessor embedded in the main System-on-Chip can be troublesome. Indeed, the Package-on-Package technology makes access to the die problematic and prevents straightforward near-field electromagnetic measurements. The described scenario can apply to any device whose chain-of-trust relies on firmware encryption, such as many smartphones or Internet-of-Things nodes.
It is well known that companies have been outsourcing their IC production to countries where it is simply not possible to guarantee the integrity of final products. This relocation trend creates a need for methodologies and embedded design solutions to identify counterfeits but also to detect potential Hardware Trojans (HT). Hardware Trojans are tiny pieces of hardware that can be maliciously inserted in designs for several purposes ranging from denial of service, programmed obsolescence etc. They are usually stealthy and characterized by small area and power overheads. Their detection is thus a challenging task. Various solutions have been investigated to detect Hardware Trojans. We focus in this paper on the use of thermal near field scans to that aim. Therefore we first introduce and characterize a low cost, large bandwidth (20 kHz) thermal scanning system with the high detectivity required to detect small Hardware Trojans. Then, we experimentally demonstrate its efficiency on different test cases.
Infrared thermography has been recognized for its ability to investigate integrated circuits in a non destructive way. Coupled to lock-in correlation it has proven efficient in detecting thermal hot spots. Most of the state of the Art measurement systems are based on amplitude analysis. In this paper we propose to investigate weak thermal hot spots using the phase of infrared signals. We demonstrate that phase analysis is a formidable alternative to amplitude to detect small heat signatures. Finally, we apply our measurement platform and its detection method to the identification of stealthy hardware Trojans.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.