Title :
Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard
Author :
Yang, Bo ; Wu, Kaijie ; Karri, Ramesh
Author_Institution :
Dept. of Electr. & Comput. Eng., Polytech. Univ. Brooklyn, NY, USA
Abstract :
Scan based test is a double edged sword. On one hand, it is a powerful test technique. On the other hand, it is an equally powerful attack tool. We show that scan chains can be used as a side channel to recover secret keys from a hardware implementation of the Data Encryption Standard (DES). By loading pairs of known plaintexts with one-bit difference in the normal mode and then scanning out the internal state in the test mode, we first determine the position of all scan elements in the scan chain. Then, based on a systematic analysis of the structure of the nonlinear substitution boxes, and using three additional plaintexts we discover the DES secret key. Finally, some assumptions in the attack are discussed.
Keywords :
application specific integrated circuits; boundary scan testing; cryptography; design for testability; ASIC; data encryption standard; design for testability; hardware implementations; nonlinear substitution boxes; plaintexts; scan based side channel attack; scan based test; scan chains; secret key recovery; systematic analysis; Circuit synthesis; Circuit testing; Cryptography; Flip-flops; Hardware; Packaging; Protection; Sequential analysis; Signal synthesis; Standards development;
Conference_Titel :
Test Conference, 2004. Proceedings. ITC 2004. International
Print_ISBN :
0-7803-8580-2
DOI :
10.1109/TEST.2004.1386969
