Automatic Extraction of Secrets from the Transistor Jungle using Laser-Assisted Side-Channel Attacks

Authors: 

Thilo Krachenfels and Tuba Kiyan, Technische Universität Berlin; Shahin Tajik, Worcester Polytechnic Institute; Jean-Pierre Seifert, Technische Universität Berlin; Fraunhofer SIT

Abstract: 

The security of modern electronic devices relies on secret keys stored on secure hardware modules as the root-of-trust (RoT). Extracting those keys would break the security of the entire system. As shown before, sophisticated side-channel analysis (SCA) attacks, using chip failure analysis (FA) techniques, can extract data from on-chip memory cells. However, since the chip's layout is unknown to the adversary in practice, secret key localization and reverse engineering are onerous tasks. Consequently, hardware vendors commonly believe that the ever-growing physical complexity of the integrated circuit (IC) designs can be a natural barrier against potential adversaries. In this work, we present a novel approach that can extract the secret key without any knowledge of the IC's layout, and independent from the employed memory technology as key storage. We automate the—traditionally very labor-intensive—reverse engineering and data extraction process. To that end, we demonstrate that black-box measurements captured using laser-assisted SCA techniques from a training device with known key can be used to profile the device for a later key prediction on other victim devices with unknown keys. To showcase the potential of our approach, we target keys on three different hardware platforms, which are utilized as RoT in different products.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {272159,
author = {Thilo Krachenfels and Tuba Kiyan and Shahin Tajik and Jean-Pierre Seifert},
title = {Automatic Extraction of Secrets from the Transistor Jungle using {Laser-Assisted} {Side-Channel} Attacks},
booktitle = {30th USENIX Security Symposium (USENIX Security 21)},
year = {2021},
isbn = {978-1-939133-24-3},
pages = {627--644},
url = {https://www.usenix.org/conference/usenixsecurity21/presentation/krachenfels},
publisher = {USENIX Association},
month = aug
}

Presentation Video