Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard

Bo Yang, Kaijie Wu, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Scan based test is a double edged sword. On one hand, it is a powerful test technique. On the other hand, it is an equally powerful attack tool. In this paper we show that scan chains can be used as a side channel to recover secret keys from a hardware implementation of the Data Encryption Standard (DES). By loading pairs of known plaintexts with one-bit difference in the normal mode and then scanning out the internal state in the test mode, we first determine the position of all scan elements in the scan chain. Then, based on a systematic analysis of the structure of the nonlinear substitution boxes, and using three additional plaintexts we discover the DES secret key. Finally, some assumptions in the attack are discussed.

Original languageEnglish (US)
Title of host publicationProceedings - International Test Conference
Pages339-344
Number of pages6
StatePublished - 2004
EventProceedings - International Test Conference 2004 - Charlotte, NC, United States
Duration: Oct 26 2004Oct 28 2004

Other

OtherProceedings - International Test Conference 2004
CountryUnited States
CityCharlotte, NC
Period10/26/0410/28/04

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard'. Together they form a unique fingerprint.

  • Cite this

    Yang, B., Wu, K., & Karri, R. (2004). Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard. In Proceedings - International Test Conference (pp. 339-344)