skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: 1/0 Shades of UC: Photonic Side-Channel Analysis of Universal Circuits
A universal circuit (UC) can be thought of as a programmable circuit that can simulate any circuit up to a certain size by specifying its secret configuration bits. UCs have been incorporated into various applications, such as private function evaluation (PFE). Recently, studies have attempted to formalize the concept of semiconductor intellectual property (IP) protection in the context of UCs. This is despite the observations made in theory and practice that, in reality, the adversary may obtain additional information about the secret when executing cryptographic protocols. This paper aims to answer the question of whether UCs leak information unintentionally, which can be leveraged by the adversary to disclose the configuration bits. In this regard, we propose the first photon emission analysis against UCs relying on computer vision-based approaches. We demonstrate that the adversary can utilize a cost-effective solution to take images to be processed by off-the-shelf algorithms to extract configuration bits. We examine the efficacy of our method in two scenarios: (1) the design is small enough to be captured in a single image during the attack phase, and (2) multiple images should be captured to launch the attack by deploying a divide-and-conquer strategy. To evaluate the effectiveness of our attack, we use metrics commonly applied in side-channel analysis, namely rank and success rate. By doing so, we show that our profiled photon emission analysis achieves a success rate of 1 by employing a few templates (concretely, only 18 images were used as templates).  more » « less
Award ID(s):
2117349 2138420
PAR ID:
10547565
Author(s) / Creator(s):
; ; ; ;
Publisher / Repository:
IACR Transactions on Cryptographic Hardware and Embedded Systems
Date Published:
Journal Name:
IACR Transactions on Cryptographic Hardware and Embedded Systems
Volume:
2024
Issue:
3
ISSN:
2569-2925
Page Range / eLocation ID:
574 to 602
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, 2020 54th Asilomar Conference on Signals, Systems, and Computers)
    null (Ed.)
    A Quantum Key Distribution (QKD) protocol describes how two remote parties can establish a secret key by communicating over a quantum and a public classical channel that both can be accessed by an eavesdropper. QKD protocols using energy-time entangled photon pairs are of growing practical interest because of their potential to provide a higher secure key rate over long distances by carrying multiple bits per entangled photon pair. We consider a system where information can be extracted by measuring random times of a sequence of entangled photon arrivals. Our goal is to maximize the utility of each such pair. We propose a discrete-time model for the photon arrival process, and establish a theoretical bound on the number of raw bits that can be generated under this model. We first analyze a well-known simple binning encoding scheme, and show that it generates a significantly lower information rate than what is theoretically possible. We then propose three adaptive schemes that increase the number of raw bits generated per photon, and compute and compare the information rates they offer. Moreover, the effect of public channel communication on the secret key rates of the proposed schemes is investigated. 
    more » « less
  2. ; ; (, IEEE)
    While reconfigurable intelligent surface (RIS) technology shows great promise for wireless communication, an adversary using such technology can threaten wireless performance. This paper explores an RIS-based attack on time-division duplex (TDD) based wireless systems that use channel reciprocity for physical layer key generation (PLKG). We demonstrate that deploying a non-reciprocal RIS with a non-symmetric "beyond diagonal" (BD) phase shift matrix can compromise channel reciprocity and thus break key consistency. The attack can be achieved without transmission of signal energy, channel state information (CSI), and synchronization with the legitimate system, and thus it is difficult to detect and counteract. We propose a physically consistent BD-RIS model and verify the impact of its attack on the secret key rate (SKR) of the legitimate system via simulations. Moreover, we provide a heuristic approach for optimizing the BD-RIS configuration to realize a more severe attack in cases where some partial knowledge of the channel state information is available. Our results demonstrate that such channel reciprocity attacks can significantly decrease the SKR of the legitimate system. 
    more » « less
  3. ; ; ; ; (, IEEE 7th European Symposium on Security and Privacy (EuroS&P))
    Motivated by the rise of quantum computers, existing public-key cryptosystems are expected to be replaced by post-quantum schemes in the next decade in billions of devices. To facilitate the transition, NIST is running a standardization process which is currently in its final Round. Only three digital signature schemes are left in the competition, among which Dilithium and Falcon are the ones based on lattices. Besides security and performance, significant attention has been given to resistance against implementation attacks that target side-channel leakage or fault injection response. Classical fault attacks on signature schemes make use of pairs of faulty and correct signatures to recover the secret key which only works on deterministic schemes. To counter such attacks, Dilithium offers a randomized version which makes each signature unique, even when signing identical messages. In this work, we introduce a novel Signature Correction Attack which not only applies to the deterministic version but also to the randomized version of Dilithium and is effective even on constant-time implementations using AVX2 instructions. The Signature Correction Attack exploits the mathematical structure of Dilithium to recover the secret key bits by using faulty signatures and the public-key. It can work for any fault mechanism which can induce single bit-flips. For demonstration, we are using Rowhammer induced faults. Thus, our attack does not require any physical access or special privileges, and hence could be also implemented on shared cloud servers. Using Rowhammer attack, we inject bit flips into the secret key s1 of Dilithium, which results in incorrect signatures being generated by the signing algorithm. Since we can find the correct signature using our Signature Correction algorithm, we can use the difference between the correct and incorrect signatures to infer the location and value of the flipped bit without needing a correct and faulty pair. To quantify the reduction in the security level, we perform a thorough classical and quantum security analysis of Dilithium and successfully recover 1,851 bits out of 3,072 bits of secret key $$s_{1}$$ for security level 2. Fully recovered bits are used to reduce the dimension of the lattice whereas partially recovered coefficients are used to to reduce the norm of the secret key coefficients. Further analysis for both primal and dual attacks shows that the lattice strength against quantum attackers is reduced from 2128 to 281 while the strength against classical attackers is reduced from 2141 to 289. Hence, the Signature Correction Attack may be employed to achieve a practical attack on Dilithium (security level 2) as proposed in Round 3 of the NIST post-quantum standardization process. 
    more » « less
  4. ; ; (, SRC TECHCON)
    Sensitive data can be extracted by mounting physical attacks, e.g., photon emission analysis, micro-probing, etc., on integrated circuits (ICs). In this paper, our ultimate goal is to examine provable security approaches that increase the number of simultaneous probes needed to perform probing in order to see how they can complement physical anti-probing countermeasures. Commonly applied mathematical models for probing attacks have employed randomized bits to mask the input, and modified computations. As the number of masks increases, the number of probes needed to extract the secret data increases linearly, assuming noise-free conditions. In another attempt, noisy leakage models have been developed to better mimic real-world scenarios, but their complexity is a major drawback. Hence, extensive research has been performed to show connections between noisy leakage models and probing models. The goal of this survey is to relate the notion of masking with physical backside attack countermeasures, which are limited in practice. To this end, our first milestone is to unify provable probing and side-channel models in order to develop and realize more practical countermeasures. 
    more » « less
  5. ; ; (, ACM Transactions on Design Automation of Electronic Systems)
    null (Ed.)
    Due to the globalization of semiconductor manufacturing and test processes, the system-on-a-chip (SoC) designers no longer design the complete SoC and manufacture chips on their own. This outsourcing of the design and manufacturing of Integrated Circuits (ICs) has resulted in several threats, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Properties (IPs). Logic locking has emerged as a promising defense strategy against these threats. However, various attacks about the extraction of secret keys have undermined the security of logic locking techniques. Over the years, researchers have proposed different techniques to prevent existing attacks. In this article, we propose a novel attack that can break any logic locking techniques that rely on the stored secret key. This proposed TAAL attack is based on implanting a hardware Trojan in the netlist, which leaks the secret key to an adversary once activated. As an untrusted foundry can extract the netlist of a design from the layout/mask information, it is feasible to implement such a hardware Trojan. All three proposed types of TAAL attacks can be used for extracting secret keys. We have introduced the models for both the combinational and sequential hardware Trojans that evade manufacturing tests. An adversary only needs to choose one hardware Trojan out of a large set of all possible Trojans to launch the TAAL attack. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email