CryptoDB
Jean-Pierre Seifert
Publications
Year
Venue
Title
2020
TCHES
Splitting the Interpose PUF: A Novel Modeling Attack Strategy
📺
Abstract
We demonstrate that the Interpose PUF proposed at CHES 2019, an Arbiter PUF-based design for so-called Strong Physical Unclonable Functions (PUFs), can be modeled by novel machine learning strategies up to very substantial sizes and complexities. Our attacks require in the most difficult cases considerable, but realistic, numbers of CRPs, while consuming only moderate computation times, ranging from few seconds to few days. The attacks build on a new divide-and-conquer approach that allows us to model the two building blocks of the Interpose PUF separately. For non-reliability based Machine Learning (ML) attacks, this eventually leads to attack times on (kup, kdown)-Interpose PUFs that are comparable to the ones against max{kup, kdown}-XOR Arbiter PUFs, refuting the original claim that Interpose PUFs could provide security similar to (kdown + kup/2)-XOR Arbiter PUFs (CHES 2019). On the technical side, our novel divide-and-conquer technique might also be useful in analyzing other designs, where XOR Arbiter PUF challenge bits are unknown to the attacker.
2018
TCHES
Key Extraction Using Thermal Laser Stimulation A Case Study on Xilinx Ultrascale FPGAs
Abstract
Thermal laser stimulation (TLS) is a failure analysis technique, which can be deployed by an adversary to localize and read out stored secrets in the SRAM of a chip. To this date, a few proof-of-concept experiments based on TLS or similar approaches have been reported in the literature, which do not reflect a real attack scenario. Therefore, it is still questionable whether this attack technique is applicable to modern ICs equipped with side-channel countermeasures. The primary aim of this work is to assess the feasibility of launching a TLS attack against a device with robust security features. To this end, we select a modern FPGA, and more specifically, its key memory, the so-called battery-backed SRAM (BBRAM), as a target. We demonstrate that an attacker is able to extract the stored 256-bit AES key used for the decryption of the FPGA’s bitstream, by conducting just a single non-invasive measurement. Moreover, it becomes evident that conventional countermeasures are incapable of preventing our attack since the FPGA is turned off during key recovery. Based on our time measurements, the required effort to develop the attack is shown to be less than 7 hours. To avert this powerful attack, we propose a low-cost and CMOS compatible countermeasure circuit, which is capable of protecting the BBRAM from TLS attempts even when the FPGA is powered off. Using a proof-of-concept prototype of our countermeasure, we demonstrate its effectiveness against TLS key extraction attempts.
2012
CHES
Program Committees
- CHES 2019
- CHES 2008
- CHES 2007
- CHES 2005
- CHES 2004
- CHES 2003
Coauthors
- Christian Aumüller (1)
- Peter Bier (1)
- Christian Boit (4)
- Enrico Dietz (2)
- Helmar Dittrich (2)
- Fabian Fäßler (1)
- Wieland Fischer (2)
- Sven Frohmann (2)
- Fatemeh Ganji (1)
- Clemens Helfmeier (2)
- Peter Hofreiter (1)
- Heinz-Wilhelm Hübers (1)
- Thilo Krachenfels (1)
- Juliane Krämer (1)
- Heiko Lohrke (2)
- Marian Margraf (1)
- Christopher Mühl (1)
- Dmitry Nedospasov (3)
- Phuong Ha Nguyen (1)
- Susanna Orlic (1)
- Niklas Pirnay (1)
- Ulrich Rührmair (1)
- Alexander Schlösser (1)
- Shahin Tajik (5)
- Marten van Dijk (1)
- Nils Wisiol (1)