1 / 11

Optical side-channel attack on PIC16F84A

Optical side-channel attack on PIC16F84A. Martin Hlav áč Charles University in Prague. CNES internship summary (part of USE IT project) ECRYPT Ph. D. Summer School, Samos, Greece, May 4, 2007. Gold Card = PIC16F84 + 24LC16B. PIC16F84 1024 x 14 bit program 68B Static RAM

shelby
Download Presentation

Optical side-channel attack on PIC16F84A

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Optical side-channel attack on PIC16F84A Martin Hlaváč Charles University in Prague CNES internship summary (part of USE IT project) ECRYPT Ph. D. Summer School, Samos, Greece, May 4, 2007

  2. Gold Card = PIC16F84 + 24LC16B • PIC16F84 1024 x 14 bit program 68B Static RAM 5V @ 4MHz (ISO7816) • 24LC16B 2048Byte EEPROM 18 10 8 5 PIC16F84 24LC16B 1 4 1 9 C5 C1 C6 C2 C7 C3 C8 C4

  3. Gold Card uncovered (Front Side) SRAM Problem: Too much metal on SRAM. Solution: Back Side 

  4. PIC16F84A back side SRAM back side (20x) PIC16F84A uncovered (Back Side) Problem: Silicon layer too thick (~300 µm). Solution: Slim it down to ~70 µm.

  5. 16 bytes AES state 16 bytes Measurement goal We can do bit flips!!! Monitor changes of bytes in State block during AES How? Dynamic light emission detection (PICA) Theory: byte flips => light is emitted byte stays => just noise bit bit

  6. Static vs. dynamic observation vs. All photons observed at one image Frames 166 ns = 1 clock cycle

  7. movlw 0xff (frames 0..3) xorwf block+0x0,f (frames 4..7) movlw 0xaa (frames 8..11) xorwf block+0x0,f (frames 12..15) movlw 0x55 (frames 16..19) xorwf block+0x0,f (frames 20..23) movlw 0x00 (frames 20..23) xorwf block+0x0,f (frames 24..27) Individual frames 3rd clock

  8. “xor 0xFF” “xor 0xAA” “xor 0x55” “xor 0x00” 3rd clocks reveal the key

  9. No cryptanalysis needed • AES key is fully revealed during AddRoundKey operation • Even if only byte flips can be detected, the key can be recovered with 28 measurements

  10. Conclusions Dynamic light emission • is a very strong side channel (once synchronized) • applicable on other ciphers/schemes and devices

  11. The end Thank you for your attention! hlavm1am@artax.karlin.mff.cuni.cz USE IT: http://useit.cuni.cz/

More Related