Abstract
Stream cipher is an important class of encryption algorithm that encrypts plaintext messages one bit at a time. Various stream ciphers are deployed in wireless telecommunication applications because they have simple hardware circuitry, are generally fast and consume very low power. On the other hand, scan-based Design-for-Test (DFT) is one of the most popular methods to test IC devices. All flip-flops in the Design Under Test are connected to one or more scan chains and the states of the flip-flops can be scanned out through these chains. In this paper, we present an attack on stream cipher implementations by determining the scan chain structure of the Linear Feedback Shift Registers in their implementations. Although scan-based DFT is a powerful testing scheme, we show that it can be used to retrieve the information stored in a crypto chip thus compromising its theoretically proven security.
- Berbain, C., Billet, O., Canteaut, A., Courtois, N., Debraize, B., Gilbert, H., Goubin, L., Gouget, A., Granboulan, L., Lauradoux, C., Minier, M., Pornin, T., and Sibert, H. DECIM. http://www.ecrypt.eu.org/stream/decimp3.htmlGoogle Scholar
- Clark, A., Dawson, E., Fuller, J., Golic, J., Lee, H.-J., Millan, W., Moon, S.-J., and Simpson, L. 2002. The LILI-II keystream generator. In Proceedings of the 7th Australian Conference on Information Security and Privacy. 25--39. Google ScholarDigital Library
- Erguler, I. and Anarim, E. 2005. A modified stream generator for the GSM encryption algorithms A5/1 and A5/2. In Proceedings of the European Signal Processing Conference.Google Scholar
- Goering, R. 2004. Scan design called portal for hackers, EE Times. http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=51200146Google Scholar
- Gurkaynak, F. K., Luethi, P., Bernold, N., Blattmann, R., Goode, V., Marghitola, M., Kaeslin, H., Felber, N., and Fichtner, W. Hardware evaluation of eSTREAM candidates: Achterbahn, Grain, MICKEY, MOSQUITO, SFINKS, Trivium, VEST, ZK-Crypt. http://www.ecrypt.eu.org/stream/.Google Scholar
- Hély, D., Bancel, F., Flottes, M. L., Rouzeyre, B., Renovell, M., and Bérard, N. 2004. Scan design and secure chip. In Proceedings of the IEEE International On-Line Testing Symposium. 219--226. Google ScholarDigital Library
- Jansen, C. J. A. 2004. Stream cipher design: Make your LFSRs jump! In Proceedings of the Workshop of the State of the Art of Stream Ciphers. 94--108.Google Scholar
- Jansen, C. J. A., Helleseth, T., and Kholosha, A. Cascade jump controlled sequence generator and Pomaranch stream cipher. http://www.ecrypt.eu.org/stream/pomaranchp3.html.Google Scholar
- Josephson, D. and Poehhnan, S. 2001. Debug methodology for the McKinley processor. In Proceedings of the IEEE International Test Conference. 451--460. Google ScholarDigital Library
- Lee, J., Tehranipoor, M., Patel, C., and Plusquellic, J. 2005. Securing scan design using lock and key technique. In Proceedings of 20th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems. 51--62. Google ScholarDigital Library
- Lee, J., Tehranipoor, M., Patel, C., and Plusquellic, J. 2006. A low-cost solution for protecting IPs against scan-based side-channel attacks. In Proceedings of the IEEE VLSI Test Symposium. 94--99. Google ScholarDigital Library
- Menezes, A., Van Oorschot, P., and Vanstone, S. 1996. Handbook of Applied Cryptography. CRC Press. Google ScholarDigital Library
- Mills, E. 2008. D-Day for RFID-based transit card systems. CNET News. http://news.cnet.com/8301-1009_3-10059605-83.html?tag=mncol;titleGoogle Scholar
- Nohl, K. and Plotz, H. 2007. Mifare -- Little security despite obscurity. http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.htmlGoogle Scholar
- Siegenthaler, T. 1985. Decrypting a class of stream ciphers using ciphertext only. IEEE Trans. Comput. 34, 1, 81--85. Google ScholarDigital Library
- Thomas, S., Anthony, D., Berson, T., and Gong, G. 2002. The W7 stream cipher algorithm. Internet Draft.Google Scholar
- Weis, S. A., Sarma, E. S., Rivest, R. L., and Engels, D.W. 2003. Security and privacy aspects of low-cost radio frequency identification systems. In Proceedings of the 2nd International Confernce on Security in Pervasive Computing.Google Scholar
- Yang, B., Wu, K., and Karri, R. 2005. Secure scan: A design-for-test architecture for crypto chips. In Proceedings of IEEE/ACM Design Automation Conference. Google ScholarDigital Library
- Yang, B., Wu, K., and Karri, R. 2006. Secure scan: A design-for-test architecture for crypto chips. IEEE Trans. Comput.-Aid. Des. Integr. Circ. Syst. 25, 10, 2287--2293. Google ScholarDigital Library
Index Terms
- Scan-based attacks on linear feedback shift register based stream ciphers
Recommendations
Secure scan: a design-for-test architecture for crypto chips
DAC '05: Proceedings of the 42nd annual Design Automation ConferenceScan-based Design-for-Test (DFT) is a powerful testing scheme, but it can be used to retrieve the secrets stored in a crypto chip thus compromising its security. On one hand, sacrificing security for testability by using traditional scan-based DFT ...
Differential power analysis of stream ciphers
CT-RSA'07: Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in CryptologySide-channel attacks on block ciphers and public key algorithms have been discussed extensively. However, there is only sparse literature about side-cannel attacks on stream ciphers. The few existing references mainly treat timing [8] and template ...
Practical Cryptanalysis of Full Sprout with TMD Tradeoff Attacks
Selected Areas in Cryptography – SAC 2015AbstractThe internal state size of a stream cipher is supposed to be at least twice the key length to provide resistance against the conventional Time-Memory-Data (TMD) tradeoff attacks. This well adopted security criterion seems to be one of the main ...
Comments