1 / 20

Scan Based Attack on Dedicated Hardware Implementation of Data Encryption Standard

Why is Scan a Bad Design For Test Methodology?. Scan Based Attack on Dedicated Hardware Implementation of Data Encryption Standard. Scan DFT is extremely popular. Scan DFT is extensively deployed 82% of all ICs use Scan DFT for testing Scan DFT is widely supported

kieran-bowman
Download Presentation

Scan Based Attack on Dedicated Hardware Implementation of Data Encryption Standard

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Why is Scan a Bad Design For Test Methodology? Scan Based Attack on Dedicated Hardware Implementationof Data Encryption Standard

  2. Scan DFT is extremely popular • Scan DFT is extensively deployed • 82% of all ICs use Scan DFT for testing • Scan DFT is widely supported • Fast Scan and TestKcompress: Mentor Graphics • DFT compiler and TetraMAX ATPG: Synopsys • Encounter Test: Cadence

  3. Objective • Show how secrets on a crypto chip can be compromised • Demonstrate that scan is a terrible design-for-test methodology

  4. Data Encryption Standard • DES is a symmetric encryption algorithm • encryption key = decryption key • Decryption = Encryption-1 • ENCRYPT (plaintext, bit key) = ciphertext • DECRYPT (ciphertext, bit key) = plaintext • 64-bit plaintext, 64-bit ciphertext, 56-bit secret key

  5. DES Encryption Plaintext 64 Initial Permutation R 32 L 32 Round Function 48-bit Round Key Inverse Permutation 64 • 16 identical rounds • one 48-bit round key per round • 16 48-bit round keys are generated from 56-bit secret Ciphertext

  6. One DES Round Ri Li Round Key Ki r 32 Expansion 32 48 48 a + 48 b 6 6 S-box 1 S-box 8 4 4 c 32 Permutation d 32 + Ri+1 Li+1

  7. DES Hardware Architecture • Cipher Block Chaining mode  Iterative arch • Input, L, R, Output Regs (32+32+64+64 FFs)

  8. Mounting a scan attack • Calculate X from W • Calculate Y from Z • Solve Key mixing

  9. Two-step scan attack • Step 1: Determine L and R registers in the scan chain • Step 2: Discover round key 1 from L0, R0, L1 and R1

  10. Scan Attack step 1 Flip-flops of input register • Apply Plaintext 1:000000…000000 run in normal mode for 1 clock cycle scan out bitstream 1: 01101…10011010 • Apply Plaintext 2:100000…000000  run in normal mode for 1 clock cycle scan out bitstream 2: 01101…10001010 • Input, L, R and output registers can be determined • 199+199 cycles to locate 1 FF 192×199+199 cycles to locate all FFs clock TDO … reset IC

  11. Ri 32 r Expansion a 48 48 + Round Key, Ki 48 b 6 6 S-box 1 S-box 8 4 4 c 32 Permutation 32 d How can we get Ki? • Round Key Ki = a xor b • Expansion is a bijection  ra is easy • Permutation is a bijection  dc is easy • s-box is not a bijection  cb is not easy

  12. Scan attack step 2 • s-box is not a bijection  cb is not easy • Every value appears 4 times in an s-box • Every value appears only once in each row • No s-box column has two or more identical values

  13. Scan attack step 2 a 48 48 + Round Key, Ki 48 b • 3 chosen plaintexts are enough to get a round key • apply a1=(000000000000)16 and observe c1 • apply a2=(208208208208)16 and observe c2 • apply a3=(4A1C05451151)16 and observe c3 • Derive round key K1 • Several such 3-tuples exist !!! 6 6 S-box 1 S-box 8 4 4 c 32

  14. Ri Li Round Key Ki r 32 Expansion 32 48 48 a + 48 b 6 6 S-box 1 S-box 8 4 4 c 32 Permutation d 32 + Ri+1 Li+1 Scan attack step 2 • Apply three plaintexts • Apply PT1 = (0000000000000000)16 • Scan-out CT1 from round register • Apply PT2 = (0000550000005500)16 • Scan-out CT2 from round register • Apply PT3 = (5500400110000401)16 • Scan-out CT3 from round register • Derive round key K1

  15. Discover round key • Discover round key K1399×3=1197 clock cycles • 2 clock cycles in normal mode for plaintext to reach R0, L0 • 198 clock cycles in scan mode to scan out R0, L0 • 1 clock cycle in normal mode for plaintext to reach R1, L1 • 198 clock cycles in scan mode to scan out R1, L1

  16. Discover user secret • Discover user secret as follows: • 48-out-of-56 secret bits from round key K1 • 7-out-of-remaining 8 secret bits from round key K2 • Secret bits 17, 20, 23, 40, 41, 49, 50 • Secret bit 46 from round key K3 • 1197×2 clock cycles to discover round keys K2 and K3

  17. Summary of the attack • Determine the positions of flip flops in the round register in the scan chain • Scan round 1 and round 2 results • Discover round keys K1, K2 and K3 • Discover user secret from round keys

  18. Concluding remarks • Do not use Scan DFT in crypto chips! • FIPS 140-1 “A cryptographic module shall employ physical security mechanisms in order to restrict unauthorized physical access to the contents of the module and to deter unauthorized use or modification of the module ... (In 1994 at the peak of Scan DFT research) • Translation: “Do not use scan DFT” • Why should you ?

  19. Beware of Scan DFT • Crypto chips are an excellent case study to show how bad scan DFT is. • Your IC may be used in secure applications in the future. Beware of the security issues when you design ICs.

  20. Scan Attack: Assumptions • The attacker can access scan chains • Round key registers are not in the scan chain • The attacker knows the algorithm • The attacker need not have access to high level timing diagrams • Avalanche effect (when does encryption begin and how long does it take?) • Modes of operation (CBC)

More Related