Side-Channel Analysis of the Xilinx Zynq UltraScale+ Encryption Engine

Hettwer, Benjamin; Leger, Sebastien; Fennes, Daniel; Gehrer, Stefan; Güneysu, Tim

doi:10.46586/tches.v2021.i1.279-304

Cited by 8 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In recent years, some hardware vendors have considered designing countermeasures for commercial crypto products to resist various physical attacks. For instance, Xilinx Zynq Ultracale+ (ZU+) Encryption Engine adopts proprietary countermeasures to resist SCA (Hettwer et al 2021). In this case, adversaries need to extract the secret key within limited data.…”

Section: Discussion and Future Directionsmentioning

confidence: 99%

“…Besides, some newest crypto products also adopt some specific protections to render adversaries' attack capability. For example, Zynq Ultracale+ (ZU+) Encryption Engine employs a key rolling scheme and Rivest Shamir Adleman (RSA) authentication to resist side-channel attacks (Hettwer et al 2021). Similar to NIST CTR_DRBG specification, ZU+ utilizes key rolling scheme in AES-CTR encryption.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Enhancing non-profiled side-channel attacks by time-frequency analysis

Jin,

Zhou

2023

Cybersecurity

View full text Add to dashboard Cite

Side-channel analysis (SCA) has become an increasing important method to assess the physical security of cryptographic systems. In the process of SCA, the number of attack data directly determines the performance of SCA. With sufficient attack data, the adversary can achieve a successful SCA. However, in reality, the cryptographic device may be protected with some countermeasures to limit the number of encryptions using the same key. In this case, the adversary cannot use casual numbers of data to perform SCA. The performance of SCA will be severely dropped if the attack traces are insufficient. In this paper, we introduce wavelet scatter transform (WST) and short-time fourier transform (STFT) to non-profiled side-channel analysis domains, to improve the performance of side-channel attacks in the context of insufficient data. We design a practical framework to provide suitable parameters for WST/STFT-based SCA. Using the proposed method, the WST/STFT-based SCA method can significantly enhance the performance and robustness of non-profiled SCA. The practical attacks against four public datasets show that the proposed method is able to achieve more robust performance. Compared with the original correlation power analysis (CPA), the number of attack data can be reduced by 50–95%.

show abstract

Section: Discussion and Future Directionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Enhancing non-profiled side-channel attacks by time-frequency analysis

Jin,

Zhou

2023

Cybersecurity

View full text Add to dashboard Cite

show abstract

“…However, the use of key-rolling comes with a performance-security trade-off. In [17], after thorough experimentation, it was found that to be protected against current side-channel attacks, the key-rolling factor has to be set between 20 and 30. This imposes a considerable performance overhead.…”

Section: Bitstream Encryptionmentioning

confidence: 99%

FPGA Design Deobfuscation by Iterative LUT Modification at Bitstream Level

Moraitis

Dubrova

2023

J Hardw Syst Secur

View full text Add to dashboard Cite

Hardware obfuscation is a well-known countermeasure against reverse engineering. For FPGA designs, obfuscation can be implemented with a small overhead by using underutilised logic cells; however, its effectiveness depends on the stealthiness of the added redundancy. In this paper, we show that it is possible to deobfuscate an SRAM FPGA design by ensuring the full controllability of each instantiated look-up table input via iterative bitstream modification. The presented algorithm works directly on bitstream and does not require the possession of a flattened netlist. The feasibility of our approach is verified on the example of an obfuscated SNOW 3G design implemented on a Xilinx 7-series FPGA.

show abstract

“…Most securitycritical FPGAs rely on bitstream encryption and authentication to avoid such Trojan insertions. However, these protection schemes have shown to be vulnerable to various physical [3]- [6] and mathematical attacks [7], leaving them susceptible to tampering. Consequently, in critical applications, where the chip is deployed in an untrusted field or could be accessed by untrusted parties, it should be possible to check the integrity of the hardware.…”

Section: Introductionmentioning

confidence: 99%

“…On the other hand, due to their reconfigurability, they provide the possibility for malicious modifications even after the product has been shipped to the user. It has been shown that the key used for encrypting the bitstream on recent SRAM-based FPGAs can be extracted using SCA techniques [3]- [6]. With the extracted key at hand, the bitstream can be decrypted, modified, and stored as a replacement for the original bitstream [17].…”

Section: Introductionmentioning

confidence: 99%

Trojan Awakener: Detecting Dormant Malicious Hardware Using Laser Logic State Imaging

Krachenfels¹,

Seifert²,

Tajik³

2021

Preprint

View full text Add to dashboard Cite

The threat of hardware Trojans (HTs) and their detection is a widely studied field. While the effort for inserting a Trojan into an application-specific integrated circuit (ASIC) can be considered relatively high, especially when trusting the chip manufacturer, programmable hardware is vulnerable to Trojan insertion even after the product has been shipped or during usage. At the same time, detecting dormant HTs with small or zero-overhead triggers and payloads on these platforms is still a challenging task, as the Trojan might not get activated during the chip verification using logical testing or physical measurements. In this work, we present a novel Trojan detection approach based on a technique known from integrated circuit (IC) failure analysis, capable of detecting virtually all classes of dormant Trojans. Using laser logic state imaging (LLSI), we show how supply voltage modulations can awaken inactive Trojans, making them detectable using laser voltage imaging techniques. Therefore, our technique does not require triggering the Trojan. To support our claims, we present two case studies on 28 nm SRAM-and flash-based field-programmable gate arrays (FPGAs). We demonstrate how to detect with high confidence small changes in sequential and combinatorial logic as well as in the routing configuration of FPGAs in a non-invasive manner. Finally, we discuss the practical applicability of our approach on dormant analog Trojans in ASICs.

show abstract

Side-Channel Analysis of the Xilinx Zynq UltraScale+ Encryption Engine

Cited by 8 publications

References 10 publications

Enhancing non-profiled side-channel attacks by time-frequency analysis

Enhancing non-profiled side-channel attacks by time-frequency analysis

FPGA Design Deobfuscation by Iterative LUT Modification at Bitstream Level

Trojan Awakener: Detecting Dormant Malicious Hardware Using Laser Logic State Imaging

Contact Info

Product

Resources

About