Cryptographic Integrated Circuits Research Articles

A Data Augmentation Method for Side-Channel Attacks on Cryptographic Integrated Circuits

The leaked signals, including electromagnetic, power, timing, and temperature generated during the operation of cryptographic devices, contain highly correlated key value information, leading to security vulnerabilities. In practical operations, due to information collection conditions and time limitations, attackers can only obtain limited valid data. At the same time, the attacker’s data environment cannot be ideal, and noise can affect the acquisition of valid information. Therefore, to improve the effectiveness of obtaining key values from side-channel information analysis in cryptographic devices, we proposed a data augmentation method based on cycle-consistent generative adversarial networks named EME-CycleGAN. By using generators and discriminators, new data are generated to expand the original electromagnetic information dataset, aiming for better modeling effects. For evaluating the data augmentation effect on side-channel electromagnetic signals, we employed the Kolmogorov–Smirnov test to characterize the original and generated data, serving as the evaluation standard for our network model and work. We utilize the existing data to model and verify side-channel attacks, evaluating the impact of the generated information on the overall experimental results. The proposed structure consists of three main parts: side-channel information acquisition, data verification analysis, and determination of attack positions. Experimental results demonstrate that effective attacks on encryption algorithms can be achieved under small-sample dataset conditions.

SECURITY ANALYSIS AND EXPLOITATION OF IC CHIP LEVEL COUNTER QUANTITY AGAINST BODILY OCCURRENCES

This article addresses the growing concern of security vulnerabilities in hardware systems, particularly in the context of integrated circuit (IC) chips used in cryptographic applications, which are increasingly susceptible to adversarial physical attacks in real-world environments. These attacks, often targeting the physical integrity of ICs, exploit weaknesses in both the design and manufacturing processes of cryptographic circuits. The paper provides a comprehensive overview of these threats, focusing on various physical attack methods, such as sidechannel attacks, electromagnetic (EM) attacks, and laser fault injection attacks, which compromise the confidentiality and functionality of secure systems. It also highlights the vulnerabilities inherent in IC chips, particularly in relation to how attackers can manipulate or exploit system weaknesses during operation. The article delves into the protection mechanisms that are being integrated into modern cryptographic IC chips to prevent or mitigate these physical threats. One of the key strategies discussed is the use of on-chip monitoring circuits, which can actively sense and respond to adversarial attempts, providing an early warning or immediate countermeasures. These monitoring circuits are designed to detect unusual patterns that could indicate an ongoing attack, such as fluctuations in power or electromagnetic emissions, enabling dynamic protection of the system during operation. Additionally, the paper explores innovative physical structures, such as backside buried metal (BBM) wirings in silicon (Si) substrates, which are combined with frontside complementary metal–oxide semiconductor (CMOS) circuits to create robust defenses against a variety of physical attacks. This integration of backside metal wirings with frontside CMOS technology is a novel approach that enhances the IC's resilience by providing a physical barrier that reduces the ability of attackers to exploit weaknesses in the power delivery network and other sensitive components. By creating a unified approach to IC design and packaging, the paper emphasizes the importance of incorporating multiple layers of protection, such as detection, avoidance, and resilience, against electromagnetic and laser-based attacks. The combination of these advanced technologies establishes a more secure architecture that can defend against multimodal attacks, thus ensuring the integrity of cryptographic systems. The article also highlights the practical implementation of these protective strategies, including tests with silicon demonstrators to validate the effectiveness of the proposed solutions. The results show promising outcomes, demonstrating the feasibility of creating secure hardware systems that can withstand physical attacks and provide reliable protection for sensitive data and cryptographic operations. Through the integration of on-chip monitoring, advanced IC design principles, and packaging innovations, this paper offers a roadmap for developing secure, resilient hardware systems capable of withstanding the evolving threat landscape posed by physical attacks on IC chips. Ultimately, the proposed protection schemes not only strengthen the security of cryptographic circuits but also contribute to the broader field of hardware security, providing insights for future designs and applications.

Golden-Free Robust Age Estimation to Triage Recycled ICs

Non-destructive golden-free detection of recycled/counterfeit integrated circuits (ICs) is the focus of this paper. This is achieved by estimating the functional/operational age of the IC. The age estimation method is based on exploiting short-term aging effects in advanced transistor technologies to induce bit errors at the IC’s output. Gate-level simulations are used to capture the impact of workload on short-term aging. In advanced technology nodes including bulk CMOS at 45 nm or below and FinFET, combining transistor aging with ultra-fast voltage scaling magnifies effects of aging-induced degradation at high voltage when voltage scales to a lower level, causing short-term aging-based timing violations. These timing violations create bit errors at IC outputs. We employ the bit error patterns to build a machine learning (ML) based non-linear regression model to estimate the IC’s age. Our study confirms that short-term aging-induced output bit error patterns can be used to estimate long-term age of an IC. If the IC’s age is beyond a pre-defined threshold, it can be marked as recycled. Although this paper considers FinFET technology, the method applies to bulk CMOS advanced nodes at 45nm or below. We model IC-to-IC variations taking into account voltage scaling. We demonstrate the approach on two cryptographic ICs and the method accurately estimates the long-term age of an IC, facilitating recycled IC detection.

On Securing Cryptographic ICs against Scan-based Attacks: A Hamming Weight Distribution Perspective

Scan chain-based Design for Testability is the industry standard in use for testing manufacturing defects in the semiconductor industry to ensure the structural and functional correctness of chips. Fault coverage is significantly enhanced due to the higher observability and controllability of the internal latches. These ensuing benefits to testing, if misused, expose vulnerabilities that can be detrimental to the security aspects, especially in the context of crypto-chips that contain a secret key. Hence, it remains of paramount importance for a chip designer to secure crypto-chips against various scan attacks. A countermeasure is proposed in this article that preserves the secrecy of an embedded key in a cryptographic integrated circuit running an Advanced Encryption Standard (AES) implementation. A novel design involving a hardware unit is illustrated that circumvents differential scan attacks by essentially performing bit flips deterministically, using a pre-computed mask value. This helps secure the chip while retaining full testability. The controller logic directly depends on a mask determination algorithm that can defend against any scan attack with 𝒪 theoretical complexity. Security analysis of our proposed defense procedure is performed in the framework of Discrete Event Systems (DES). The sequential scan circuit of an AES cryptosystem is modeled as a DES using Finite State Automata. A security notion, Opacity , is used to quantify and formally verify the security aspects of our controlled system, which shows that the entropy of the secret key is preserved. A case study is performed that shows to mitigate state-of-the-art differential scan attacks successfully at a nominal extra overhead of 1.78%.

Silicon-correlated Simulation Methodology of EM Side-channel Leakage Analysis

Cryptography hardware is vulnerable to side-channel (SC) attacks on power supply current flow and electromagnetic (EM) emission. This article proposes simulation-based power and EM side-channel leakage analysis (SCLA) techniques on a cryptographic integrated circuit (IC) chip in system level assembly. SCLA measures SC leakage metrics including T-score, SC leakage score, and the number of measurement traces to disclosure, leveraged by a secure system-on-chip design flow toward SC attack resiliency and SC leakage sign off. Power SCLA features the tracking of security sensitive registers within cryptographic logic paths and the automatic assignments of probe points on associated physical power nets. Power supply current traces are efficiently simulated for the large set of input payloads, with direct vector-based and vector-less random switching controls. EM SCLA evaluates magnetic fields created by every piece of metal wiring in metal stacks where power supply current of cryptographic processing flows. The EM emission and EM SCLA from the backside Si surface of an IC chip in flip-chip packaging are experimentally examined with a 0.13 μm test chip. The proposed simulation-based SCLA exhibits the SC leakage metrics of on-chip location and direction dependency as accurately as in the measurements.

Simultaneous Security and EMC Evaluations Based on Measuring Electromagnetic Field Distribution on PCBs

This article introduces a method to simultaneously evaluate the security and electromagnetic compatibility (EMC) of information devices equipped with cryptographic modules by measuring the electromagnetic (EM) field distribution on a printed circuit board (PCB). The proposed method requires a single correlation analysis above the cryptographic integrated circuit (IC) to define the frequency band of the EM field containing the secret information. Then, focusing on the radiation intensity in the frequency domain, an efficient method capable of obtaining the EM field distribution that contributes to the leakage of confidential information is proposed. Simultaneous EMC and security evaluations can be conducted by analyzing the obtained EM field distribution. Using the proposed method, EM field radiation and information leakage of an actual cryptographic device are analyzed. Compared to conventional methods requiring a large computational resource and analysis time, the proposed method can efficiently obtain the distribution of electric and magnetic fields that cause leakage of confidential information. Lastly, discussion, design guide, and future research directions are briefly provided.

Analog hardware trojan design and detection in OFDM based wireless cryptographic ICs.

Due to Hardware Trojan (HT), trustworthiness of Integrated Circuit (IC) supply chain is a burning issue in Semiconductor Industry nowadays. Over the last decade, extensive research has been carried on HT detection methods for digital circuits. However, the HT issue remains largely unexplored in the domain of Analog Mixed Signal (AMS)/ RF circuit where it is now an appealing target for the attackers. The increasing popularity of Orthogonal Frequency Division Multiplexing (OFDM) based wireless cryptographic ICs in modern communication systems makes it a lucrative target for HT-based attacks which could have a devastating impact on data security. This paper presents a trigger-based Hardware Trojan Threat model that exploits the extended cyclic prefix (ECP) property of the OFDM communication scheme to leak the secret encryption key over low noise Additive White Gaussian Channel (AWGN) and developed a Cyclic Prefix (CP) checker based detection mechanism named “SENTRY” to detect such trojans once it is triggered.

Measurement and Analysis of Electromagnetic Information Leakage From Printed Circuit Board Power Delivery Network of Cryptographic Devices

This article presents a novel measurement and analysis of electromagnetic (EM) information leakage from printed circuit board (PCB) power delivery network (PDN) of cryptographic devices. We propose an accurate EM information leakage analysis method based on a correlation electromagnetic analysis (CEMA) considering advanced encryption standard (AES) operation cycles and clock frequency. We measure field distribution on the PCB level AES core PDN and conduct the proposed analysis method to derive the information leakage maps. For the first time, we verified that the EM information leakage depends on the intensity of dominant field distribution on the PCB PDN using the proposed method. We validated that the whole secret key information can be extracted from locations in the PCB PDN distant from the cryptographic integrated circuit where a specific field is dominant due to the physical structure of the PCB PDN. Based on the measurement and analysis results, we discuss an efficient EM information leakage evaluation method based on the dominant field radiation. We evaluate the EM information leakage from the decoupling capacitor in the backside of the PCB. Finally, we propose a design methodology to suppress the EM information leakage from the PCB PDN.

A Fast Side-Channel Leakage Simulation Technique Based on IC Chip Power Modeling

Hardware-based secure integrated circuit (IC) chips with implemented cryptographic algorithms are vulnerable to practical attacks analyzing side-channel (SC) leakage such as electromagnetic radiation. Correlation power analysis (CPA) is a real threat to secret key crypto ICs. Therefore, the information leakage risks need to be evaluated at the design stage of secure devices. This letter proposes a fast power leakage simulation method for hardware-implemented cryptographic ICs. The power delivery network (PDN) of cryptographic hardware including a silicon substrate is modeled by a chip power model (CPM) and a chip package system (CPS) board model. The proposed method was applied to the advanced encryption standard (AES) test chip implemented by the flip-chip ball grid array (FC-BGA) assembly technology. The simulation results are evaluated by CPA for the SC leakage during plaintext encryption propagating through PDN and silicon substrate. The measurement and simulation successfully find 128-bit secret key on CPA attack. The proposed simulation technique reduces the time required in the exploration of SC leakage risks for secure device designs.

Identifying Single-Event Transient Location Based on Compressed Sensing

Single-event transients (SETs) have seriously deteriorated the reliability of integrated circuits (ICs), especially for those in mission- or security-critical applications. Detecting and locating SETs can be useful for fault analysis and design enhancement. Traditional methods of location identification of SETs usually require special sensors embedded into the circuits, or radiation scanning with fine resolutions over the surface for inspection. In this paper, we propose a method of location identification of SETs without sensors or image processing. We formulate location identification of SETs as a compressed sensing problem due to the sparsity and noncoherence observation. The simulation result on a cryptographic IC is demonstrated. The results illustrate that the proposed method has three advantages, compared to traditional SETs test methods: 1) the SETs sensitive area can be accurately identified; 2) the sampling rate is reduced by 64%; therefore, the test efficiency is largely enhanced with negligible hardware overhead; and 3) the method of location identification of SETs is robust to noise interference.

Fast and automatic security test on cryptographic ICs against fault injection attacks based on design for security test

Fault injection attacks have constituted a serious threat against cryptographic integrated circuits (ICs). However, the security test nowadays is just sample test with workload statistics and experiences as the qualitative criterion, and results in costly, time-consuming and error-prone test procedures. This study presents a design for security test (DFST) method for cryptographic ICs against fault injection attacks. The DFST involves identifying the sensitive registers for various crypto modules, inserting the scan chains and generating the specific test patterns for security test. Then the security test is conducted on the manufactured cryptographic ICs with the industrial automatic test equipment. With this DFST method, a fast and automatic security test can be applied onto volume production of cryptographic ICs. Experimental results on an RSA implementation demonstrate the validity of this method.

Silicon Demonstration of Hardware Trojan Design and Detection in Wireless Cryptographic ICs

Using silicon measurements from 40 chips fabricated in Taiwan Semiconductor Manufacturing Company’s (TSMC’s) 0.35- $\mu \text{m}$ technology, we demonstrate the operation of two hardware Trojans, which leak the secret key of a wireless cryptographic integrated circuit (IC) consisting of an Advanced Encryption Standard (AES) core and an ultrawideband (UWB) transmitter (TX). With their impact carefully hidden in the transmission specification margins allowed for process variations, these hardware Trojans cannot be detected by production testing methods of either the digital or the analog part of the IC and do not violate the transmission protocol or any system-level specifications. Nevertheless, the informed adversary, who knows what to look for in the transmission power waveform, is capable of retrieving the 128-bit AES key, which is leaked with every 128-bit ciphertext block sent by the UWB TX. Moreover, through physical measurements and MATLAB simulations, we show that the attack facilitated by these hardware Trojans is robust to test equipment and communication channel noise. Finally, we experimentally evaluate the effectiveness of a popular hardware Trojan detection method, namely, statistical side-channel fingerprinting via trained one-class classifiers, in detecting the hardware Trojans introduced in our fabricated IC population.

Static and Dynamic Obfuscations of Scan Data Against Scan-Based Side-Channel Attacks

Due to the fallibility of advanced integrated circuit (IC) fabrication processes, scan test has been widely used by cryptographic ICs to provide high fault coverage. Full controllability and observability offered by the scan design also open out the trapdoor to side-channel attacks. To better resist signature attacks on scan testable cryptochip, we propose to fortify the key and lock method by the static obfuscation of scan data. Instead of spatially reshuffling the scan cells, the working mode of some scan cells is altered to jumble up the scan data when the scan test is performed with an incorrect test key. However, when the plaintext is fed directly through the primary inputs for test efficiency, the static obfuscation of scan data is inadequate as demonstrated by a new test-mode-only signature attack (TMOSA) proposed in this paper. To thwart TMOSA, a new countermeasure based on the dynamic obfuscation of scan data is proposed. By cyclically shifting the incorrect test key throughout the test phase, the blocking cells due to the mismatched bits of the test key are made to move temporally to dynamically obfuscate the scan data. This latter scheme is unconditionally resilient against TMOSA and all other known scan-based attacks while preserving the merits of high testability and low area overhead compared with other countermeasures.

Hardware Trojans in Wireless Cryptographic Integrated Circuits

We study the problem of hardware Trojans in wireless cryptographic integrated circuits, wherein the objective is to leak secret information (i.e. the encryption key) through the wireless channel. Using a mixed-signal system-on-chip, consisting of a DES encryption core and a UWB transmitter, we demonstrate the following three key findings of this study: i) Simple malicious modifications to the digital part of a wireless cryptographic chip suffice to leak information without changing the more sensitive analog part. We demonstrate two hardware Trojan examples, which leak the encryption key by manipulating the transmission amplitude or frequency. ii) Such hardware Trojans do not change the functionality of the digital part or the performances of the analog part and their impact on the wireless transmission parameters can be hidden within the fabrication process variations. Hence, neither traditional manufacturing testing nor recently proposed hardware Trojan detection methods will expose them. iii) For the attacker to be able to discern the leaked information from the legitimate signal, effective hardware Trojans must impose some structure to the transmission parameters. While this structure is not known to the defender, advanced statistical analysis of these parameters (i.e. transmission power), may reveal its existence and, thereby, expose the hardware Trojan.