Constructive use of side-channels

Georg Becker


Side-channel attacks, such as differential power analysis attacks, have been studied for 10 years in the open literature. Side-channel attacks are still one of the main security threats to real-world applications. In this talk we will look at side-channels from a new perspective. Instead of seeing side-channels as an undesired “natural” phenomena and a threat to security, we will look at the constructive use of side-channels. At CHES 09, the idea of building hardware Trojans using side-channels was first introduced. The idea behind them is that a covert and encrypted communication channel can be established. This can be achieved by transmitting the information below the noise level of the target device, e.g. through the power-consumption. The information can only be revealed with the knowledge of a secret, e.g., details of the modulation scheme. Thus, our new Trojan side-channels form a type of physical encryption. (In fact, they are somewhat related to kleptography, as proposed by Young and Yung in the late 1990s.) The advantages of using Trojan side-channels via the power consumption are that (1) communication is hidden and encrypted, (2) no additional I/O periphery is needed and (3) that they can be implemented using only a few additional gates. As an example application for the constructive use of such a hidden communication channel we show how an authentication mechanism for integrated circuits can be build using side-channels. Such an authentication mechanism can be used, for example, to efficiently identify counterfeit products or malicious devices. In contrast to mechanisms such as physical unclonable functions (PUFs) or RFID-based solutions, Trojan side-channels are not visible from anybody who is not in possession of the details of the communication channel. This talk describes joint work with Markus Kasper and Christof Paar.

Time and Place

Nov 17 2009 (Tuesday) at 1630 hrs
Gates 4B (opposite 490)