Among all proposed Physical Unclonable Functions (PUFs), those based on Ring Oscillators (ROs) are a popular solution for ASICs as well as for FPGAs. However, compared to other PUF architectures, oscillators emit electromagnetic (EM) signals over a relatively long run time, which directly reveal their unique frequencies. Previous work by Merli et al. exploited this fact by global EM measurements and proposed a countermeasure for their attack. In this paper, we first demonstrate that it is feasible to measure and locate the EM emission of a single tiny RO consisting of only three inverters, implemented within a single configurable logic block of a Xilinx Spartan-3A. Second, we present a localized EM attack for standard and protected RO PUFs. We practically investigate the proposed side-channel attack on a protected FPGA RO PUF implementation. We show that RO PUFs are prone to localized EM attacks and propose two countermeasures, namely, randomization of RO measurement lo gic and interleaved placement
Abstract. Most implementations of public key cryptography employ exponentiation algorithms. Side-channel attacks on secret exponents are typically bound to the leakage of single executions due to cryptographic protocols or side-channel countermeasures such as blinding. We propose for the first time, to use a well-established class of algorithms, i.e. unsupervised cluster classification algorithms such as the k-means algorithm to attack cryptographic exponentiations and recover secret exponents without any prior profiling, manual tuning or leakage models. Not requiring profiling is of significant advantage to attackers, as are well-established algorithms. The proposed non-profiled single-execution attack is able to exploit any available single-execution leakage and provides a straight-forward option to combine simultaneous measurements to increase the available leakage. We present empirical results from attacking an FPGA-based elliptic curve scalar multiplication using the kmeans clustering algorithm and successfully exploit location-based leakage from high-resolution electromagnetic field measurements to achieve a low remaining brute-force complexity of the secret exponent. A simulated multi-channel measurement even enables an error-free recovery of the exponent.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.