My summary of the paper "Scan Based Side-Channel Attack on Data Encryption Standard" by Yang et al.
This work was published in IACR 2004.
https://hsiung.cc/posts/yang-scan-based-side-channel-attack-on-des/
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Scan Based Side Channel Attack on Data Encryption Standard
1. Scan Based Side Channel Attack on
Data Encryption Standard
IACR’04
Bo Yang, Kaijie Wu, Ramesh Karri
ECE Dept., Polytechnic University, Brooklyn. (Currently NYU Tandon)
2. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
2
3. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
3
4. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Cryptographic algorithms
– Application-Specific Integrated Circuits (ASIC)
– Cryptographic Coprocessors
• Scan-based tests
– Validate the function of a hardware system at fabrication time and in
field.
– High fault coverage, test pattern generation and signature analysis
w/o additional hardware. (cp. built-in self test (BIST))
4
5. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Scan-based tests
– Constructs several Scan Chains (SCs) in a chip by tying together
internal registers and flip flops and connecting them to the JTAG.
– During test synthesis
• SCs are inserted by synthesis tool.
– During chip packaging
• SCs are connected to external JTAG
interface pins to provide on-chip debugging
and maintenance in field, or left unbound.
5
6. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Scan-based tests
– However, unbound scan chains can still be accessed by breaking the
package open.
6
7. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Data Encryption Standard
– DES is a symmetric encryption algorithm developed in the 1970s by
IBM.
– Encrypts 64-bit data blocks under the control of a 56-bit user key.
– DES decryption is the inverse of DES encryption and uses the same
user key.
7
8. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Data Encryption Standard
8
9. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Contributions
– Show that scan chains can be used to discover the secret keys stored
in a cryptographic device.
– The approach is simple yet general and powerful and can be adapted
to any cryptographic implementation on ASICs or FPGAs or general
microprocessors.
9
10. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
10
11. Assumptions
• Know the DES algorithm.
• Have access to high level timing
diagrams.
• Do not know the exact number of
registers used.
• Round keys are stored in a secure
RAM/ROM.
• Round key registers are not included
in the scan chain.
• Do not know the structure of the scan
chain.
11
12. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
12
13. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Step 1. Determine Scan Chain Structure
• Step 2. Recover DES Round Key
• Step 3. Recover DES User Key
13
14. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Switch the DES circuit between normal mode
and test mode.
1. Reset to normal mode -> Load a known plaintext into input register.
2. Switch to test mode -> Scan out the bit stream, pattern 1.
3. Switch to normal mode -> Load the plaintext into L or R registers.
4. Switch to test mode -> Scan out the bit stream, pattern 2.
5. Repeat steps 1 to 3 using a plaintext that is different from the first
plaintext in only one-bit position. Save the pattern 3 and pattern 4.
14
Step 1. Determine Scan Chain Structure
15. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Know the location of L and R registers in the scan chain
→ Break DES algorithm!
15
Step 2. Recover DES Round Key
L1 = R0
‚ R1 = L0 ⨁ d
ƒ d = permutation(c)
„ a = Expand(r)
… b = a ⨁ K1
† c = S_box(b)
d
d
L1
L0
R0
R1
r
a
a
c
c b
b K1
16. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Reverse the S-box (Substitution Box)
– Each S-box compresses the 6-bit input into a 4-bit output.
16
Step 2. Recover DES Round Key
(000110)2, (001111)2, (100010)2 or (101101)2
(001110)2, (000111)2, (101010)2 or (100101)2
c2=8 c2=8
c2=4 c2=6
(010111)2 (111100)2
c3=11 c3=5
K148K143
K147K146K145K144
17. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Each round key contains 48 bits of the 56-bit user key.
• By analysis of the DES round key generation algorithm, we
only need to recover round keys K1, K2, and K3 to derive the
user key.
17
Step 3. Recover DES User Key
18. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
18
19. Scan Based Side Channel Attack on Data Encryption Standard
Discussion
19
• Attack Complexity Analysis
– 198 clock cycles to scan-out the first bit stream.
– 198 clock cycles to locate one flip flop in the input register.
• Total 38016 cycles to determine the entire scan chain.
– 397 clock cycles for every input plaintext to reach R0, L0, R1 and L1.
• Total 3561 cycles to discover round keys K1, K2 and K3.
– Overall, 41775 clock cycles are required to discover the user key.
20. Scan Based Side Channel Attack on Data Encryption Standard
Discussion
20
• Attack Complexity Analysis
– 198 clock cycles to scan-out the first bit stream.
• 1 cycle for normal operation + 197 cycles for scan operations
– 198 clock cycles to locate one flip flop in the input register.
• Total 38016 (=192×198) cycles to determine the entire scan chain.
– 397 clock cycles for every input plaintext to reach R0, L0, R1 and L1.
• 2 cycles for normal operation + 197 cycles for scan operation + 1 cycle for
normal operation + 197 cycles for scan operation
• 1191 cycles (397×3) to discover round key K1.
• 1185 cycles to discover round keys K2 and K3.
21. Scan Based Side Channel Attack on Data Encryption Standard
Discussion
21
• Extension to a pipelined DES architecture
– 16-stage pipeline will have 17 pairs: (L0, R0) … (L16, R16).
– L0 and R0 can be located first.
– L1 and R1 can be located by observing that
L1= R0 and R1=L0⊕f (R0, K1).
– If we only change the lowest bit in L0, L1 remains
unchanged, then the lowest bit in R1 will switch
because f (R0, K1) remains unchanged.
– Similarly, we can locate all flip-flops.
– Hence, we can recover round key K1, K2 and K3.
22. Scan Based Side Channel Attack on Data Encryption Standard
Discussion
22
• Characteristics of crypto algorithms on hardware
– Data-driven: different plaintexts, but the control logic performs the
same action.
– Avalanche effect: One-bit difference in a round will translate into
several bit changes in the next round.
• This determines the clock cycle when the plaintext is loaded
into the input plaintext register and the L, R registers.
23. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
23
24. Scan Based Side Channel Attack on Data Encryption Standard
Conclusions
• Several side-channel attacks have been proposed.
• Show that scan chains and scan-based tests are a potent side-
channel.
• Propose an attack using only 3 plaintexts to break DES.
24