欢迎来到留学生英语论文网

当前位置:首页 > 论文范文 > Information Systems

Types of side channel attacks' effect on circuit security

发布时间:2018-04-18
该论文是我们的学员投稿,并非我们专家级的写作水平!如果你有论文作业写作指导需求请联系我们的客服人员

ABSTRACT

Most of small embedded circuits are vulnerable by different types of side channel attacks. Information can be obtained by monitoring power consumption, execution time. Small embedded and wireless application such as smart cards, cellular phones require security. This paper represents many types of side channel attacks affect circuit security and different types of methods to create secure. Methods like counterfeiting detection and avoidance, countermeasures for SPA and DPA attacks are mentioned in this paper.

Introduction

Although there is so much study done in the system and the application security field, there is still a lots of scope in integrated circuit security field. As design of circuit is increases, the security problem becomes worst. The manufacturers who are very strict about control over formation method of IC, now cannot be as stricter because they have to deal with global market. Moreover different kinds of vulnerable attacks hacks the device or copies highly confidential data. Different kinds of attacks and methods like physical attacks, Trojan horses, IP & IC piracy and non-temper resistance are really harmful for circuit security. These kinds and types are described below. And after all those methods we have defined different ways to protect circuit by these types of vulnerable attacks. Here, we have shown example of smart card and automatic teller machine to understand this phenomena clearly.

Counterfeiting of ICs

Counterfeiting of ICs becomes major problem. Counterfeiters use different types of methods and make profit but it give big risk for customers as well as manufacturers. As increase counterfeiting in market U.S department of commerce define a counterfeit component as one that

  1. is an unauthorized copy.
  2. does not conform to original OCM design, model, and/or performance standards.
  3. is not produced by the OCM or is produced by unauthorized contractors.
  4. is an off-specification, defective, or used OCM product sold as “new” or Working.
  5. has incorrect or false markings and/or documentation.

The following is types of counterfeits.

Counterfeits Types

(Tehranipoor)

Recycled Part

The part of system which is misrepresented as new and implemented in new equipment. This part have low performance and short life time which affects the system’s overall performance. This parts are gain by recovery process. In this process, discarded parts are go under cleaning, washing, and removal of older parts with higher temperature. This parts may be not work properly. It pass test initially but later it will not work properly. Following image shows recovering process of old components.

(Tehranipoor)

Remarked Parts

Every electronic chip or component have unique marking with specific code or pin. It defines origin of product and also provide other details. Marking of this component is removed by any chemical or any physical process. So it is easy process of remarking of component affects badly to the system. Now-a-days, Counterfeiters used upgraded machines for remarking. They use laser machine to remove marking and remark with their own part number.

Citation: (http://www.maximintegrated.com/en/app-notes/index.mvp/id/5458, n.d.)

In the above figure, Real maxim part is on left with ‘B’ graded and on the right side remarked part is with graded ’A’.

Overproduced

Normally, Design house send their design for fabrication to companies around world as it help to reduce manufacture cost. These companies have contract with design houses for material and specific production. Untrusted companies make more products than requirement and they sold these extra products in market.

Out-of-spec/defective

The ICs which have different specification or it fails manufacture test called as ‘defective’. Normally, ICs pass three test by manufacturer. Types of tests are wafer test, package test, final test. ICs which fails these tests are discarded by companies. If this ICs are not discarded or it will sold to marked. Then it fails in market and affect every people and organization which are connected with it.

Cloned Parts

Counterfeiters mostly cloned original design or ICs to remove the large research and development costs. Cloning is done by reverse engineering or by getting intellectual property. In semiconductor ICs, watermarking is done on chips such as power signature and design constrain as a proof of authorship. If watermarking is not done properly then risk of cloning is increased. Counterfeiters makes copy of IP and cloned semiconductors and make a huge profit.

Forged Documentation

Every new products have documents which have detailed information about that product such as specification, testing, certificate of conformance (CoC) and statement of work (sow). Counterfeiters change the details of document and sold defective parts.

Tampered

Untrusted companies or counterfeiters insert Trojan part in design and leak secret information or interrupt normal operations. Hardware Trojans are implemented by modifying digital signal processors (DSP), microprocessor, FPGAs. Tampering of ICs make dangerous consequences to medical, aerospace, military and financial infrastructures.

Side Channel Attacks

Side channel attacks are considered as physical attacks in which attacker exploits physical leakages such as timing information, power consumption, and electromagnetic radiations. Side channel attack are defined as invasive and non-invasive and semi-invasive attack.

Non-Invasive Attack

In this attack, Attacker observe the device and he doesn’t harm or damage the device. Timing attack, power analysis, Electro-magnetic analysis are the non-invasive attacks. These attacks are cheaper than other attacks.

Invasive Attack

In this attack, Attacker implement equipment inside the chip to get full control over device. It is expansive attack but by this attack attacker get all secrets and functionality of device. Here are following attacks which is most common side channel attacks.

Power Analysis

Attacker studies the power consumption of hardware device and get information. There are two power analysis attacks simple power analysis and differential power analysis.

Simple Power Analysis

Attacker observe graph and also check current movement of device. Change in current or power consumption occurs by different operation of devices. For example different instruction such as jump, move run by microprocessor have different power consumptions profile. In following figure shows sample power consumption in SPA.

(K. P. Sridhar)

Differential Power Analysis

Differential Power analysis is stronger than SPA. It has two steps, collection of power report data and make analysis on that data. It use statistical analysis and error correction technique to get secret key. It measures power usage which gives the information about which type of operation are performed by device. In this attack, Attacker get data by analyzing each bit and after getting all data attacker get full secret key. This attacks are dangerous than other attack because it circumvent device’s hardware and software security. Power is related to hamming distance which provides amount of power consumption of device for particular input in terms of hamming weight. Following figure shows relation between power consumption and hamming weight.

(K. P. Sridhar)

(K. P. Sridhar)

Counterfeiting detection and avoidance methods

Counter Detection methods

(https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=jetta14-2, n.d.)

Incoming Inspection

After receiving order, circuit goes through incoming inspection. In Low Power Visual Inspection (LPVI) all CUTs (Component Under Test) are documented and inspected. Structure of CUTs are analyzed using X-RAY imaging.

Exterior Test

Exterior test can be performed in different ways like blacktop testing, micro-blasting analysis, Hermiticity testing, Scanning acoustic microscopy (SAM).In blacktop testing, marking immobility of the component is tested. In micro-blasting, micro-blasting material such as aluminum oxide powder are sized inn grain and bombarded on CUTs and materials are connected for analysis. In hermiticity, components with hermetically sealed that means component works same it was designed and broke seal means failure of the component. In scanning acoustic microscopy (SAM) cracks, voids in the die of the circuit and structure of the bond wires are also detected.

Interior Test

In interior test dies and bond wires are inspected of components. Three methods are used for decapsulation in circuit. Chemical decapsulation, Newer laser based technique, Mechanical decapsulation, Interior test includes methods like optical inspection, wirepull, Die shear, Ball shear, Scanning acoustic microscopy, Scanning Electron Microscopy. In optical inspection die marking is inspected while the integrity of bond with die are inspected in wire pull. In die shear, die attach integrity is verified. In Ball shear, ball bond integrity at the die is observed, In SEM, image of the die is taken and scanned for a beam of electrons and detected by SEM.

Material Analysis

In this technique chemical composition of components is inspected. This method detects defects and incongruity related to circuit material.

Parametric Test

This test is used to measure parameters of the chip. It means if the chip is used before DC and AC parameter may be changed from their specified value. Functional test: In this test, functionality of component is tested. Components that are manufactured separately and when they work together, they produce desired output or not is checked.

Burn-In Test

This test is mainly performed to decide whether device or circuit reliable or not.

Structural Test

This test is basically performed to reduce the cost of the circuit. This test identifies cloned components of the circuit and then cloned netlist is matched with genuine netlist. Even for few gates if cloned netlist is not matched with a genuine list then components will be flagged.

Counter Avoidance methods

Chips are designed by considering features and parameters of the circuit. Based on that circuit designing technique is decided.

Physically Unclonable Functions

This technique is used for ICs identification, authentication and On-Chip key generation. Silicon PUFs uses instinctive physical variations. They help generate unique signature for each ICs and this unique ID is stored in the database. So, ICs overproduction can be identified by searching the chip IDs under authentication and if the record of the chip is not found that means chip is manufactured illegally.

Hardware metering

It is basically set of security protocols. It helps a circuit design house to get past fabrication control of producing ICs. It differentiates ICs Produced with the same mask. There are two ways are used in this technique; Passive & Active. Passive approach provides unique way to identify and to register chip with challenge-response pair. While in active approach ICs is blocked and it can be unlocked IP holder.

Combating Die/ IC Recovery

In this technique, light weight sensor is inserted into the chip in order to catch the usage of the chip. This sensor indicates the levels of aging of circuit and provides the circuit’s readout of the value.

Electronic Chip ID (ECID)

This method is used to track ICs. Each IC has unique ID and this ID can be easily read during lifetime. There are two ways to write unique ID in the conventional method. a) using laser fuses b) electrical fuses. Electrical fuses are more popular due to its small area and scalability.

Nanorodes

In this technique, nanorodes are developed which are less than 100nm. In nanorodes, process is repeated so same pattern is created, but exact angle and length of each individual nanorode is different. So, set of nanorodes are distinct then it is applied to chips. Chips can be authenticated by comparing patterns and visual properties of each nanorode to the database.

Magnetic PUFs

In this technique, each magnetic stripe has a noise and component along with data is stored in the database. But this noise is different to clone and it is unexpected. But still it consistent and repeatable, therefore it acts as PUFs.

上一篇:Web Server Development for Sensor Observation Service 下一篇:Types of side channel attacks' effect on circuit security