The security of modern electronic devices relies on secret keys stored on secure hardware modules as the root-of-trust (RoT). Extracting those keys would break the security of the entire system. As shown before, sophisticated side-channel analysis (SCA) attacks, using chip failure analysis (FA) techniques, can extract data from on-chip memory cells. However, since the chip's layout is unknown to the adversary in practice, secret key localization and reverse engineering are onerous tasks. Consequently, hardware vendors commonly believe that the ever-growing physical complexity of the integrated circuit (IC) designs can be a natural barrier against potential adversaries. In this work, we present a novel approach that can extract the secret key without any knowledge of the IC's layout, and independent from the employed memory technology as key storage. We automate the -- traditionally very labor-intensive -- reverse engineering and data extraction process. To that end, we demonstrate that black-box measurements captured using laser-assisted SCA techniques from a training device with known key can be used to profile the device for a later key prediction on other victim devices with unknown keys. To showcase the potential of our approach, we target keys on three different hardware platforms, which are utilized as RoT in different products.
翻译:现代电子设备的安全依赖于作为信任根基(ROT)的安全硬件模块存储的秘密密钥。 提取这些密钥会破坏整个系统的安全。 如前所述, 使用芯片故障分析( FA) 技术, 复杂的侧道分析(SCA) 能够从芯片内存细胞中提取数据。 但是, 由于对手在实践中不知道芯片的布局, 秘密关键定位和反向工程是繁重的任务。 因此, 硬件供应商通常认为, 集成电路设计日益复杂的物理内容可以成为针对潜在对手的天然屏障。 在这项工作中, 我们提出了一个新颖的方法, 它可以在不了解IC布局的情况下提取秘密密钥, 并且独立于用于存储的关键存储的记忆技术。 我们将传统上劳动密集型的反向工程和数据提取程序自动化。 为此, 我们证明, 使用激光辅助的电路段测量器技术从已知钥匙的培训设备中捕获的黑盒可以用来定位设备, 用于对其它使用未知钥匙的受害人装置进行后期关键预测。 为了展示我们的方法的潜力, 我们的目标是三个不同的硬件平台上所使用的钥匙。
相关内容
微信扫码咨询专知VIP会员