Skip to main content
SpringerLink
Log in

Malicious Attacks on Electronic Systems and VLSIs for Security

  • Chapter
  • First Online:
VLSI Design and Test for Systems Dependability

  • 1182 Accesses

Abstract

In this chapter, we briefly review malicious attacks that have been attempted on security-critical systems employing a variety of methods, and discuss cryptographic functions embedded in VLSIs to be used in systems which require dependability in terms of protection against attackers. Recent cryptographic algorithms such as AES or RSA are computationally safe in the sense that it is practically impossible to reveal the key information from a pair of plain and cipher texts if a key with a sufficient length is used. An attacker would therefore try to reveal the cryptographic keys by exploiting possible implementation flaws in the security LSIs. For example, attempts have been made to modify the control flow of a program and read out the key data. Other types of attacks have used side-channel information such as power traces or electromagnetic emission from the LSIs. Therefore, of the utmost importance in security LSIs is “tamper resistance” or robust key-protection mechanisms. In Sect. 10.1, the role of LSIs in the integrity of security-critical systems is presented and a review is given over reported incidents of malicious attacks. Section 10.2 discusses typical tampering methods against cryptographic circuits in more detail. Tamper-resistant security hardware design and verification methods are introduced in Sects. 10.3 and 10.4. The vulnerability of scan-based test scheme is discussed in Sect. 10.5. A testing environment called SASEBO (http://www.toptdc.com/product/sasebo/) for evaluation of security LSIs is introduced in Sect. 10.6.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 249.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Joint Test Action Group

  2. 2.

    The boards SASEBO through SASEBO-GII were developed as a part of the main project, which was funded by the Ministry of Economy, Trade and Industry, Japan. SASEBO-W was developed as part of the Strategic International Research Cooperative Program (SCIP) project funded by the Japan Science and Technology Agency (JST). SASEBO-RII and SASEBO-GIII were developed under the Core Research for Evolutional Science and Technology (CREST) project funded by JST.

  3. 3.

    ZUIHO and MiMICC were developed as part of the CREST project funded by JST. ZUIHO is named after a Japanese word meaning a blissful phoenix.

  4. 4.

    This oscilloscope is now available from Keysight Technology Inc.

References

  1. W. Stallings, Cryptography and network security, 6th edn. (Pearson education, 2013), p. 10

    Google Scholar 

  2. K. Nohl, H. Plötz, Mifare Little Security, Despite Obscurity, 24th Chaos Communication Congress (2007), http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html

  3. F.D. Garcia, G. de Koning Gans, R. Muijrers, P. van Rossum, R. Verdult, R.W. Schreur, B. Jacobs, Dismantling MIFARE Classic, ESORITICS 2008, LNCS, vol. 5283 (2008), pp. 97–114

    Google Scholar 

  4. E. Biham, O. Dunkelman, S. Indesteege, N. Keller, B. Preneel, How to Steal Cars—A Practical Attack on KeeLoq, CRYPTO 2007 Rump Session (2007), http://www.cosic.esat.kuleuven.be/keeloq/keeloq-rump.pdf

  5. M. Bushing, S. Segher, Console Hacking 2010 PS3 Epic Fail, 24th Chaos Communication Congress (2010), http://events.ccc.de/congress/2010/Fahrplan/events/4087.en.html

  6. CRYPTREC, http://www.cryptrec.go.jp/english/list.html

  7. T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, M.T. Manzuri Shalmani, On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme, in CRYPTO 2008, LNCS, vol. 5157 (2008), pp. 203–220

    Google Scholar 

  8. C. Tarnovsky, Deconstructing a ‘Secure’ Processor, BlackHat 2010, https://www.blackhat.com/presentations/bh-dc-10/Tarnovsky_Chris/BlackHat-DC-2010-Tarnovsky-DASP-slides.pdf

  9. D. Oswald, C. Paar, Breaking Mifare DESFire MF3ICD40: power analysis and templates in the real world, in CHES 2011, LNCS, vol. 6917 (2011), pp. 207–222

    Google Scholar 

  10. A. Moradi, M. Kasper, C. Paar, On the portability of side-channel attacks—an analysis of the Xilinx Virtex 4, Virtex 5, and Spartan 6 bitstream encryption mechanism (2011), http://eprint.iacr.org/2011/391/20111107:173855

  11. S. Skorobogatov, C. Woods, Breakthrough silicon scanning discovers backdoor in military chip, in CHES 2012, LNCS, vol. 7428 (2012), pp 23–40

    Google Scholar 

  12. DES Standard: FIPS46-3 (1999), http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

  13. AES Standard: FIPS197 (2001), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

  14. R.L. Rivest, A. Shamir, L.M. Adelman, A Method for Obtaining Digital Signature and Public-key Cryptsystems, http://web.mit.edu/6.857/OldStuff/Fall03/ref/rivest78method.pdf

  15. RSA Standard: PKCS#1 v2.2 (2012), http://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf

  16. ISO/IEC 15408, http://www.iso.org/iso/catalogue_detail.htm?csnumber=50341

  17. FIPS140-2, http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

  18. FIPS140-3, http://csrc.nist.gov/groups/ST/FIPS140_3/

  19. R. Anderson, M. Bond, J. Clulow, S. Skorobogatov, Cryptographic processors—a survey. Proc. IEEE 94(2), 357–369 (2006)

    Article  Google Scholar 

  20. U.S. Department of Commerce/National Institute of Standards and Technology, Data encryption standard (DES), FIPS PUB 46-3 (1999)

    Google Scholar 

  21. E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems, in CRYPTO ’90 (1990), pp. 2–21

    Google Scholar 

  22. E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991)

    Article  MathSciNet  Google Scholar 

  23. M. Matsui, Linear cryptanalysis method for DES cipher, in EUROCRYPT ’93 (1994), pp. 386–397

    Google Scholar 

  24. S.P. Skorobogatov, R.J. Anderson, Optical fault induction attacks, in CHES ’02 (2002), pp. 2–12

    Google Scholar 

  25. Y. Li, K. Sakiyama, S. Gomisawa, T. Fukunaga, Fault sensitivity analysis. CHES 2010, 320–334 (2010)

    Google Scholar 

  26. A. Pellegrini, V. Bertacco, T. Austin, Fault-based attack of RSA authentication, in DATE (2010), pp. 855–860

    Google Scholar 

  27. S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks (Springer, 2007)

    Google Scholar 

  28. J.J. Quisquater, D. Samyde, Electromagnetic analysis (EMA): measures and countermeasures for smart card, in e-Smart ’01, LNCS, vol. 2140 (2001), pp. 200–210

    Google Scholar 

  29. K. Gandolfi, C. Mourtel, F. Olivier, Electromagnetic analysis: Concrete results, in Proceedings CHES ’01, LNCS, vol. 2162 (2001), pp. 251–261

    Google Scholar 

  30. P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Proceedings Crypto ’99, LNCS, vol. 1109 (1999), pp. 388–397

    Google Scholar 

  31. E. Brier, C. Clavier, F. Olivier, Correlation power analysis with a leakage model, in Proceedings CHES (2004), pp. 16–29

    Google Scholar 

  32. B. Gierlichs, L. Batina, P. Tuyls, B. Preneel, Mutual information analysis, in Proceedings of CHES 2008, LNCS, vol. 5154 (2008), pp. 426–442

    Google Scholar 

  33. P.C. Kocher, Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems, in CRYPTO ’96 (1996), pp. 104–113

    Google Scholar 

  34. R. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  Google Scholar 

  35. T. Katashita, A. Sasaki, Y. Hori, M. Shiozaki, and T. Fujino, Development of evaluation environment for physical attacks against embedded devices. In GCCE (2012), pp. 598–601

    Google Scholar 

  36. Evaluation environment for side-channel attacks. Research Institute for Secure Systems, National Institute of Advanced Industrial Science and Technology (AIST). http://www.toptdc.com/product/sasebo/

  37. B. Yang, K. Wu, R. Karri, Scan based side channel attack on dedicated hardware implementations of data encryption standard, in ITC (2004), pp. 339–344

    Google Scholar 

  38. M. Yoshimura, Malicious attacks on electronic systems and VLSI for security, in The Book Name of CREST DVLSI, ed. by S. Asai, chap. 12.6 (Springer)

    Google Scholar 

  39. J.D. Golic, C. Tymen, Multiplicative masking and power analysis of AES, in Proceedings CHES (2002), pp. 198–212

    Google Scholar 

  40. J. Waddle, D. Wagnet, Towards efficient second-order power analysis, in Proceedings CHES (2004), pp. 1–15

    Google Scholar 

  41. L. Batina, B. Gierlichs, E. Prouff, M. Rivain, F.-X. Standaert, N. Veyrat-Charvillon, Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)

    Article  MathSciNet  Google Scholar 

  42. S. Chari, J.R. Rao, P. Rohatgi, Template Attacks, in Proceedings CHES (2002), pp. 13–28

    Google Scholar 

  43. J. Quisquater, D. Samyde, Electromagnetic analysis (EMA): measures and countermeasures for smart card, E-smart (2001), pp. 200–210

    Google Scholar 

  44. S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards (Springer, 2007)

    Google Scholar 

  45. T. Katashita, Experimentation of decoupling capacitance effects of CPA, in SCIS (2009) (in Japanese)

    Google Scholar 

  46. NIST: Advanced Encryption Standard (AES), FIPS PUB-197, http://www.csrc.nist.gov/publications/fips/index.html

  47. T. Nakai, M. Shiozaki, T. Fujino, Evaluation of on-chip decoupling capacitor’s effect on AES cryptographic circuit, in SASIMI, R1-3 (2013)

    Google Scholar 

  48. K. Tiri, I. Vebauwhede, A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation, in Proceedings DATE (2004)

    Google Scholar 

  49. E. Trichina, Combinational logic design for AES SubByte transformation on masked data, in Cryptology e-Print Archive, 2003/236 (2003)

    Google Scholar 

  50. T. Pop, S. Mangard, Masked dual-rail precharge logic: DPA-resistance without routing constrain, in Proceedings CHES 2006, LNCS, vol. 4249 (2006), pp. 255–259

    Google Scholar 

  51. D. Suzuki, M. Saeki, K. Shimizu, A. Satoh, A design methodology for a DPA resistant cryptographic LSI with RSL techniques, in Proceedings CHES (2009), pp. 189–204

    Google Scholar 

  52. S. Nikova, C. Rechberger, V. Rijmen, Threshold implementations against side-channel attacks and glitches, in Proceedings ICICS 2006, LNCS, vol. 4307 (2006), pp. 529–545

    Google Scholar 

  53. D. Suzuki, M. Saeki: Security evaluation of DPA countermeasures using dual-rail precharge logic style, in Proceedings CHES 2006, LNCS, ed. by L. Goubin, M. Matsui, vol. 4249 (Springer, 2006), pp. 255–269

    Google Scholar 

  54. M. Shibatani, M. Shiozaki, Y. Hashimoto, T. Kubota, T. Fujino, Power analysis resistant IP core using IO-masked dual-rail ROM for easy implementation into low-power area-efficient cryptographic LSIs, in Proceeding of SASIMI (2013)

    Google Scholar 

  55. T. Asai, M. Shiozaki, T. Kubota, T. Fujino, M. Yoshikawa, A countermeasure against side channel attack on cryptographic LSI using clock variation mechanism (in Japanese). IEEJ Trans. Electron. Inf. Syst. 133(12), 2134–2142 (2013)

    Google Scholar 

  56. M. Yoshikawa, T. Asai, Tamper resistance verification method for consumer security products, in Proceedings of Computational Science and Computational Intelligence (2014), pp. 30–33

    Google Scholar 

  57. K. Sugioka, T. Asai, M. Yoshikawa, Event modeling method for verification of power analysis attacks, in Proceedings of the 18th Workshop on Synthesis and System Integration of Mixed Information Technologies (2013), pp. 280–281

    Google Scholar 

  58. T. Asai, M. Shiozaki, T. Fujino, M. Yoshikawa, A vulnerability evaluation method against power analysis attack on gate-level design phase. IEEJ Trans. Electron. Inf. Syst. 133(5), 947–956 (2013)

    Google Scholar 

  59. M. Yoshikawa, T. Asai, Tamper-resistance evaluation for cryptographic side channel leakage at design stage

    Google Scholar 

  60. M. Ono, M. Katsube, M. Shiozaki, T. Fujino, M. Yoshikawa, Architecture aware fault analysis based on differential presumption for multiple errors and its evaluation. IEEJ Trans. Electron. Inf. Syst. 132(12), 1888–1896 (2012)

    Google Scholar 

  61. T. Asai, M. Yoshikawa, Efficient acquisition of the side-channel information using event model simulation methods, in Proceedings of 30th Symposium on Cryptography and Information Security, vol. 1E1-1 (2013), pp. 1–6

    Google Scholar 

  62. T. Asai, M. Yoshikawa, Evaluation for cryptographic side channel leak using FDTD simulation, in IEICE Technical Report, vol. 113, no. 217, ISEC2013-51 (2013), pp. 1–7

    Google Scholar 

  63. H. Fujiwara, Logic Testing and Design for Testability (The MIT Press, 1985)

    Google Scholar 

  64. B. Yang, K. Wu, R. Karri, Scan based side channel attack on dedicated hardware implementations of data encryption standard, in Proceedings of International Test Conference 2004 (ITC 2004) (2004), pp. 339–344

    Google Scholar 

  65. B. Yang, K. Wu, R. Karri, Secure scan: a design-for-test architecture for crypto chips. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 25(10), 2287–2293 (2006)

    Article  Google Scholar 

  66. R. Nara, K. Satoh, M. Yanagisawa, T. Ohtsuki, N. Togawa, Scan-based side-channel attack against RSA cryptosystems using scan signatures. IEICE Trans. Fund. Electron. Commun. Comput. Sci. E93-A(12), 2481–2489 (2010)

    Article  Google Scholar 

  67. R. Nara, N. Togawa, M. Yanagisawa, T. Ohtsuki, Scan-based attack against elliptic curve cryptosystems, in Proceedings of the 2010 Asia and South Pacific Design Automation Conference (ASP-DAC 2010) (2010), pp. 407–412

    Google Scholar 

  68. M. Yoshimura, Y. Ito, H. Yasuura, An estimation of encryption LSI testability against scan based attack, in 2010 International Symposium on Communications and Information Technologies (ISCIT) (2010), pp. 727–731

    Google Scholar 

  69. R. Nara, H. Atobe, Y. Shi, N. Togawa, M. Yanagisawa, T. Ohtsuki, State-dependent changeable scan architecture against scan-based side channel attacks, in Proceedings of 2010 IEEE International Symposium on Circuits and Systems (ISCAS) (2010), pp. 1867–1870

    Google Scholar 

  70. M. Inoue, T. Yoneda, M. Hasegawa, H. Fujiwara, Balanced secure scan: partial scan approach for secret information protection. J. Electron. Test. 27(2), 99–108 (2011)

    Article  Google Scholar 

  71. K. Fujiwara, H. Fujiwara, H. Tamamoto, Differential behavior equivalent classes of shift register equivalents for secure and testable scan design. IEICE Trans. Inf. Syst. E94-D(7), 1430–1439 (2011)

    Article  Google Scholar 

  72. Y. Ito, M. Yoshimura, H. Yasuura, A quantitative evaluation of security for scan-based side channel attack and countermeasures. IEICE Tech. Rep. 109(316), 73–78 (2009). DC2009-39, 2009 (In Japanese)

    Google Scholar 

  73. P.C. Kocher, CRYPTO ‘96 (1996), pp. 104–113

    Google Scholar 

  74. P. Kocher, J. Jaffe, B. Jun, CRYPTO ‘99 (1999), pp. 388–397

    Google Scholar 

  75. A. Satoh, T. Katashita, H. Sakane, Synthesiology 3(1), 56 (2010)

    Article  Google Scholar 

  76. T. Katashita, Y. Hori, H. Sakane, A. Satoh, NIAT (2011)

    Google Scholar 

  77. T. Katashita, A. Sasaki, Y. Hori, M. Shiozaki, T. Fujino, GCCE (2012), pp. 598–601

    Google Scholar 

  78. Y. Hori, T. Katashita, A. Sasaki, A. Satoh, GCCE (2012), pp. 657–660

    Google Scholar 

  79. T. Katashita, A. Sasaki, Y. Hori, GCCE (2013), pp. 37–39

    Google Scholar 

  80. U.S. Department of Commerce/National Institute of Standards and Technology. Announcing the advanced encryption standard (AES). FIPS PUB 197 (2001)

    Google Scholar 

  81. T. Fujino, D. Suzuki, The Book Name of CREST DVLSI, ed. by S. Asai (Springer), chap. 12.1

    Google Scholar 

  82. U.S. Department of Commerce/National Institute of Standards and Technology. Security requirements for cryptographic modules. FIPS PUB 140-2 (2001)

    Google Scholar 

  83. C.C. for Information technology security evaluation. Part 1: introduction and general model, version 3.1, revision 4 (2012)

    Google Scholar 

  84. C.C. for Information technology security evaluation. Part 2: security functional components, version 3.1, revision 4 (2012)

    Google Scholar 

  85. C.C. for Information technology security evaluation. Part 3: security assurance components, version 3.1, revision 4 (2012)

    Google Scholar 

  86. S.C.S.U. Group. Smart card protection profile (SCSUG-SCPP), version 3.0 (2001)

    Google Scholar 

  87. Joint Interpretation Library. Application of attack potential to smartcards, version 2.9 (2013), http://www.sogisportal.eu/documents/cc/domains/sc/JIL-Application-of-Attack-Potential-to-Smartcards-v2-9.pdf

Download references

Author information

Authors and Affiliations

  1. Ritsumeikan University, Kusatsu, Japan

    Takeshi Fujino & Mitsuru Shiozaki

  2. Mitsubishi Electric Corporation, Kamakura, Japan

    Daisuke Suzuki

  3. National Institute of Advanced Industrial Science and Technology (AIST), Tsukuba, Japan

    Yohei Hori

  4. Meijo University, Nagoya, Japan

    Masaya Yoshikawa & Toshiya Asai

  5. Kyoto Sangyo University, Kyoto, Japan

    Masayoshi Yoshimura

Authors
  1. Takeshi Fujino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daisuke Suzuki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yohei Hori
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mitsuru Shiozaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Masaya Yoshikawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Toshiya Asai
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Masayoshi Yoshimura
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takeshi Fujino .

Editor information

Editors and Affiliations

  1. Rigaku Corporation, Tokyo, Japan

    Shojiro Asai

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Japan KK, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Fujino, T. et al. (2019). Malicious Attacks on Electronic Systems and VLSIs for Security. In: Asai, S. (eds) VLSI Design and Test for Systems Dependability. Springer, Tokyo. https://doi.org/10.1007/978-4-431-56594-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-4-431-56594-9_10

  • Published:

  • Publisher Name: Springer, Tokyo

  • Print ISBN: 978-4-431-56592-5

  • Online ISBN: 978-4-431-56594-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation