Scan Side Channel Analysis: a New Way for Non-Invasive Reverse Engineering of a VLSI Device Leonid Azriel Technion Israel Institute of Technology May 6, 2015 May 6, 2015 1
Side Channel Attacks Side Channel Attack: Exploits Weaknesses in Algorithm Implementation May 6, 2015 2
Side Channel Attacks Side Channel Attack: Exploits Weaknesses in Algorithm Implementation Simple/Differential Power Analysis (SPA/DPA) key May 6, 2015 3
Side Channel Attacks Side Channel Attack: Exploits Weaknesses in Algorithm Implementation Simple/Differential Power Analysis (SPA/DPA) Timing key May 6, 2015 4
Side Channel Attacks Side Channel Attack: Exploits Weaknesses in Algorithm Implementation Simple/Differential Power Analysis (SPA/DPA) Timing EM Radiation key May 6, 2015 5
Side Channel Attacks Side Channel Attack: Exploits Weaknesses in Algorithm Implementation Simple/Differential Power Analysis (SPA/DPA) Timing EM Radiation Temperature key May 6, 2015 6
Side Channel Attacks Side Channel Attack: Exploits Weaknesses in Algorithm Implementation Simple/Differential Power Analysis (SPA/DPA) Timing EM Radiation Temperature Test Circuits (Scan) key May 6, 2015 7
The Scan Technique May 6, 2015 8
The Scan Technique Sequential Cells (FFs / Latches) May 6, 2015 9
The Scan Technique Scan Insertion May 6, 2015 10
The Scan Technique 01010101 ATE Scan Shift May 6, 2015 11
The Scan Technique ATE 0 1 1 1 0 1 1 0 1 1 1 0 0 1 0 1 Capture May 6, 2015 12
The Scan Technique ATE 0 1 1 1 0 1 1 0 1 1 1 0 0 1 0 1 Shift-Out May 6, 2015 13
Exploiting Scan - Retrieving Secrets May 6, 2015 14
Exploiting Scan Altering the Flow May 6, 2015 15
Reverse Engineering of an ASIC Phase 1 Invasive ASIC Circuit Delayering SEM Nanoscale Imaging Cross-section Phase 2 Algorithmic Circuit Spec FSM Extraction Model Checking SAT May 6, 2015 16
Reverse Engineering of an ASIC Phase 1 Invasive ASIC Circuit Delayering SEM Nanoscale Imaging Cross-section Phase 2 Algorithmic Circuit Spec FSM Extraction Model Checking SAT Scan Side Channel makes Phase 1 non-invasive May 6, 2015 17
Unfolding Sequential Circuits with Scan Combinational Logic Scan turns the ASIC to a stateless circuit Mapped to the Boolean Function Learning problem: {0,1} n {0,1} n Exhaustive Search: Extract the Truth Table by running queries for all inputs Exponential Size May 6, 2015 18
Unfolding Sequential Circuits with Scan 0 1 0 0 0 Combinational Logic F = 1 1 0 0 1 0 1 1................. Scan turns the ASIC to a stateless circuit Mapped to the Boolean Function Learning problem: {0,1} n {0,1} n Exhaustive Search: Extract the Truth Table by running queries for all inputs Exponential Size: 2Number of Registers May 6, 2015 19
Unfolding Sequential Circuits with Scan 0 1 0 0 0 Combinational Logic F = 1 1 0 0 1 0 1 1................. Scan turns the ASIC to a stateless circuit Mapped to the Boolean Function Learning problem: {0,1} n {0,1} n Exhaustive Search: Extract the Truth Table by running queries for all inputs Exponential Size: 2 n May 6, 2015 20
Shannon Effect Shannon Effect: almost all Boolean functions have a complexity close to the maximal possible (~O(2 n )) for the uniform probability distribution Corollary: For large n, almost all Boolean functions are not realizable in VLSI technology 22 n functions Search space for realizable digital circuits May 6, 2015 21
Limited Transitive Fan-in In practice, logic cones have limited number of inputs: Transitive Fan In = K May 6, 2015 22
Algorithm for Limited Transitive Fan-in Suppose F(0) = 0 (simple extension to any F) Example for K = 3: Testing all values of input v with Hamming Weight 3 or less covers all combinations of {a,b,c} v 0 0 a 0 b 0 c 0 0 0 Runtime ~ n K F i May 6, 2015 23
Transitive Fan-in Statistics for ITC 99 benchmark 400 100 Number of registers and outputs 200 75 50 25 Cumulative Percentage 0 0 50 100 150 200 250 300 0 Fan In May 6, 2015 24
Locality Hierarchical structure loose connectivity between blocks: clustering Physical locality: adjacent registers in the chain are likely to belong to the same function Often the same sub-circuit is shared by a few logic cones May 6, 2015 25
Incremental K-Bounded Search K=0 K=1 K=K init = Boolean cube May 6, 2015 26
Incremental K-Bounded Search K=0 K=1 K=K init = Boolean cube = Implicant: a cube, for which F i =1 for some i May 6, 2015 27
Incremental K-Bounded Search K=0 K=1 K=K init K=K init +K step May 6, 2015 28
Incremental K-Bounded Search K=0 K=1 K=K init K=K init +K step K=K init +i*k step Continue while there is a change May 6, 2015 29
Example: Arithmetic Circuits Number of probes 10 15 10 10 10 5 10 0 ESoTT KSoTT/CSoTT ISoTT 10 15 20 25 30 35 40 10 10 ESoTT 10 5 10 0 KSoTT/CSoTT ISoTT 0 5 10 15 20 25 30 Space 10 15 10 10 10 5 ESoTT KSoTT (bound) CSoTT/ISoTT 10 15 10 10 10 5 ESoTT KSoTT (bound) CSoTT/ISoTT 10 0 10 15 20 25 30 35 40 N Adder 10 0 0 5 10 15 20 25 30 N Multiplier May 6, 2015 30
Pipelined Accumulator + 10 20 10 15 ESoTT KSoTT/CSoTT ISoTT 10 20 10 15 ESoTT KSoTT (bound) CSoTT/ISoTT + Number of probes 10 10 10 5 Space 10 10 10 5 + 10 0 10 20 30 40 50 N (~Width*Depth) Runtime 10 0 10 20 30 40 50 N (~Width*Depth) Space May 6, 2015 31
Summary Reverse Engineering can be non-invasive Scan Side Channel is a security and IP protection threat Polynomial time reconstruction is possible thanks to the limited transitive fan-in Additional accuracy is achieved with incremental heuristic based algorithm May 6, 2015 32
Future Work Enhancing the algorithms Machine Learning PAC learning Overcoming Practical Limitations Compression, Masking, Protection Methods Hide the function without sacrificing testability Finding Hardware Trojans Detecting mismatches with scan May 6, 2015 33
Thanks! May 6, 2015 34