TY - GEN
T1 - Scan attack on Elliptic Curve Cryptosystem
AU - Ali, Sk Subidh
AU - Sinanoglu, Ozgur
PY - 2015/11/2
Y1 - 2015/11/2
N2 - We present a new scan attack on hardware implementation of Elliptic Curve Cryptography (ECC), a representative public key cipher. The existing scan attacks on ECC exploit the Design for Testability (DfT) infrastructure of the implementation to identify the internal registers used in the scalar multiplication, and leak the secret key based on a bit-flip analysis in the scalar multiplication registers. These attacks assume two internal registers are affected by the secret key in the ECC. In practical implementations, multiple internal registers are affected by the secret key, significantly complicating the identification of the targeted registers. Furthermore, existing scan attacks rely on a switch from normal to test mode, fail against the widely utilized mode-reset countermeasure. The proposed attack identifies the internal registers in a depth-first search fashion, where registers corresponding to the innermost module of the hardware design are identified first. This attack identifies all the registers related to the secret key, and does so by remaining only in the test mode, thus overcoming both limitations of the existing scan attacks.
AB - We present a new scan attack on hardware implementation of Elliptic Curve Cryptography (ECC), a representative public key cipher. The existing scan attacks on ECC exploit the Design for Testability (DfT) infrastructure of the implementation to identify the internal registers used in the scalar multiplication, and leak the secret key based on a bit-flip analysis in the scalar multiplication registers. These attacks assume two internal registers are affected by the secret key in the ECC. In practical implementations, multiple internal registers are affected by the secret key, significantly complicating the identification of the targeted registers. Furthermore, existing scan attacks rely on a switch from normal to test mode, fail against the widely utilized mode-reset countermeasure. The proposed attack identifies the internal registers in a depth-first search fashion, where registers corresponding to the innermost module of the hardware design are identified first. This attack identifies all the registers related to the secret key, and does so by remaining only in the test mode, thus overcoming both limitations of the existing scan attacks.
UR - http://www.scopus.com/inward/record.url?scp=84962897495&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84962897495&partnerID=8YFLogxK
U2 - 10.1109/DFT.2015.7315146
DO - 10.1109/DFT.2015.7315146
M3 - Conference contribution
AN - SCOPUS:84962897495
T3 - Proceedings of the 2015 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems, DFTS 2015
SP - 115
EP - 118
BT - Proceedings of the 2015 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems, DFTS 2015
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 28th IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems, DFTS 2015
Y2 - 12 October 2015 through 14 October 2015
ER -