TY - GEN
T1 - Scan-based attack against des cryptosystems using scan signatures
AU - Kodera, Hirokazu
AU - Yanagisawa, M.
AU - Togawa, Nozomu
PY - 2012/12/1
Y1 - 2012/12/1
N2 - With the high integration of LSI in recent years, the importance of design-for-techniques has been increasing. A scan-path test is one of the useful design-for-test techniques, in which testers can observe and control registers inside the target LSI chip directly. On the other hand, the risk of side-channel attacks against cryptographic LSIs and modules has been pointed out. In particular, scan-based attacks which retrieve secret keys by analyzing scan data obtained from scan chains has been attracting attention. In this paper, we propose a scan-based attack method against DES using scan signatures. Our proposed method are based on focusing on particular bit-column-data in a set of scan data and observing their changes when given several plaintexts. We can retrieve secret keys by partitioning the S-BOX process into eight independent sub-processes and reducing the number of the round key candidates from 2 48 to 26×8 = 512. Our proposed methods can retrieve secret keys even if a scan chain includes registers except a crypto module and attackers do not know when the encryption is really done in the crypto module. Experimental results demonstrate that we successfully retrieve the secret keys of a DES cryptosystem using at most 32 plaintexts.
AB - With the high integration of LSI in recent years, the importance of design-for-techniques has been increasing. A scan-path test is one of the useful design-for-test techniques, in which testers can observe and control registers inside the target LSI chip directly. On the other hand, the risk of side-channel attacks against cryptographic LSIs and modules has been pointed out. In particular, scan-based attacks which retrieve secret keys by analyzing scan data obtained from scan chains has been attracting attention. In this paper, we propose a scan-based attack method against DES using scan signatures. Our proposed method are based on focusing on particular bit-column-data in a set of scan data and observing their changes when given several plaintexts. We can retrieve secret keys by partitioning the S-BOX process into eight independent sub-processes and reducing the number of the round key candidates from 2 48 to 26×8 = 512. Our proposed methods can retrieve secret keys even if a scan chain includes registers except a crypto module and attackers do not know when the encryption is really done in the crypto module. Experimental results demonstrate that we successfully retrieve the secret keys of a DES cryptosystem using at most 32 plaintexts.
KW - data encryption standard
KW - scan chain
KW - scan-based attack
KW - side-channel attacks
UR - http://www.scopus.com/inward/record.url?scp=84874149005&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84874149005&partnerID=8YFLogxK
U2 - 10.1109/APCCAS.2012.6419106
DO - 10.1109/APCCAS.2012.6419106
M3 - Conference contribution
AN - SCOPUS:84874149005
SN - 9781457717291
T3 - IEEE Asia-Pacific Conference on Circuits and Systems, Proceedings, APCCAS
SP - 599
EP - 602
BT - 2012 IEEE Asia Pacific Conference on Circuits and Systems, APCCAS 2012
T2 - 2012 IEEE Asia Pacific Conference on Circuits and Systems, APCCAS 2012
Y2 - 2 December 2012 through 5 December 2012
ER -