Abstract
This paper introduces a refinement of the power-analysis attack on integrated circuits. By using a laser to illuminate a specific area on the chip surface, the current through an individual transistor can be made visible in the circuit’s power trace. The photovoltaic effect converts light into a current that flows through a closed transistor. This way, the contribution of a single transistor to the overall supply current can be modulated by light. Compared to normal power-analysis attacks, the semi-invasive position-locking technique presented here gives attackers not only access to Hamming weights, but to individual bits of processed data. This technique is demonstrated on the SRAM array of a PIC16F84 microcontroller and reveals both which memory locations are being accessed, as well as their contents.
Chapter PDF
Similar content being viewed by others
References
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T., Dabbish, E., Sloan, R.: Investigations of Power Analysis Attacks on Smartcards. In: USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10–11 (1999)
Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Moore, S., Anderson, R., Mullins, R., Taylor, G., Fournier, J.: Balanced Self-Checking Asynchronous Logic for Smart Card Applications. Microprocessors and Microsystems Journal 27(9), 421–430 (2003)
Popp, T., Mangard, S.: Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)
Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smard Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)
Skorobogatov, S., Anderson, R.: Optical Fault Induction Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)
Habing, D.H.: Use of Laser to Simulate Radiation-induced Transients in Semiconductors and Circuits. IEEE Transactions on Nuclear Science 12(6), 91–100 (1965)
Ajluni, C.: Two New Imaging Techniques Promise to Improve IC Defect Identification. Electronic Design 43(14), 37–38 (1995)
Heinrich, H.K., Pakdaman, N., Prince, J.L., Jordy, G., Belaidi, M., Franch, R., Edelstein, D.C.: Optical Detection of Multibit Logic Signals at Internal Nodes in a Flip-chip Mounted Silicon Static Random-Access Memory Integrated Circuit. Journal of Vacuum Science and Technology, Microelectronics and Nanometer Structures 10(6), 3109–3111 (1992)
Wagner, L.C.: Failure Analysis of Integrated Circuits: Tools and Techniques. Kluwer Academic Publishers, Dordrecht (1999)
Aigner, M., Oswald, E.: Power Analysis Tutorial, http://www.iaik.tugraz.at/aboutus/people/oswald/papers/dpa_tutorial.pdf
Kömmerling, O., Kuhn, M.G.: Design Principles for Tamper-Resistant Smartcard Processors. In: USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10–11 (1999)
Samyde, D., Skorobogatov, S., Anderson, R., Quisquater, J.-J.: On a New Way to Read Data from Memory. In: SISW 2002 First International IEEE Security in Storage Workshop, Greenbelt Marriott, Maryland, USA (December 11, 2002)
Belyakov, V.V., Chumakov, A.I., Nikiforov, A.Y., Pershenkov, V.S., Skorobogatov, P.K., Sogoyan, A.V.: Prediction of Local and Global Ionization Effects on ICs: The Synergy between Numerical and Physical Simulation. Russian Microelectronics 32(2), 105–118 (2003)
Microchip PIC16F8X 18-pin Flash/EEPROM 8-Bit Microcontrollers, http://ww1.microchip.com/downloads/en/DeviceDoc/30430c.pdf
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: Workshop on Fault Detection and Tolerance in Cryptography, Florence, Italy (June 30, 2004)
Semiconductors Research Ltd: Special equipment for semi-invasive hardware security analysis of semiconductors, http://www.semiresearch.com/inc/equipment_for_sale.html
Mayer-Sommer, R.: Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smart Cards. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 78–92. Springer, Heidelberg (2000)
Skorobogatov, S.: Semi-invasive attacks – A new approach to hardware security analysis. Technical Report UCAM-CL-TR-630, University of Cambridge, Computer Laboratory (April 2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Skorobogatov, S. (2006). Optically Enhanced Position-Locked Power Analysis. In: Goubin, L., Matsui, M. (eds) Cryptographic Hardware and Embedded Systems - CHES 2006. CHES 2006. Lecture Notes in Computer Science, vol 4249. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11894063_6
Download citation
DOI: https://doi.org/10.1007/11894063_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46559-1
Online ISBN: 978-3-540-46561-4
eBook Packages: Computer ScienceComputer Science (R0)