Showing 1–2 of 2 results for author: Ghandali, S

Side-Channel Hardware Trojan for Provably-Secure SCA-Protected Implementations

Authors: Samaneh Ghandali, Thorben Moos, Amir Moradi, Christof Paar

Abstract: Hardware Trojans have drawn the attention of academia, industry and government agencies. Effective detection mechanisms and countermeasures against such malicious designs can only be developed when there is a deep understanding of how hardware Trojans can be built in practice, in particular Trojans specifically designed to avoid detection. In this work, we present a mechanism to introduce an extre… ▽ More Hardware Trojans have drawn the attention of academia, industry and government agencies. Effective detection mechanisms and countermeasures against such malicious designs can only be developed when there is a deep understanding of how hardware Trojans can be built in practice, in particular Trojans specifically designed to avoid detection. In this work, we present a mechanism to introduce an extremely stealthy hardware Trojan into cryptographic primitives equipped with provably-secure first-order side-channel countermeasures. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage, leading to successful key recovery attacks. Generally, such a Trojan requires neither addition nor removal of any logic which makes it extremely hard to detect. On ASICs, it can be inserted by subtle manipulations at the sub-transistor level and on FPGAs by changing the routing of particular signals, leading to \textbf{zero} logic overhead. The underlying concept is based on modifying a securely-masked hardware implementation in such a way that running the device at a particular clock frequency violates one of its essential properties, leading to exploitable leakage. We apply our technique to a Threshold Implementation of the PRESENT block cipher realized in two different CMOS technologies, and show that triggering the Trojan makes the ASIC prototypes vulnerable. △ Less

Submitted 22 September, 2019; originally announced October 2019.

Temperature-Based Hardware Trojan For Ring-Oscillator-Based TRNGs

Authors: Samaneh Ghandali, Daniel Holcomb, Christof Paar

Abstract: True random number generators (TRNGs) are essential components of cryptographic designs, which are used to generate private keys for encryption and authentication, and are used in masking countermeasures. In this work, we present a mechanism to design a stealthy parametric hardware Trojan for a ring oscillator based TRNG architecture proposed by Yang et al. at ISSCC 2014. Once the Trojan is trigge… ▽ More True random number generators (TRNGs) are essential components of cryptographic designs, which are used to generate private keys for encryption and authentication, and are used in masking countermeasures. In this work, we present a mechanism to design a stealthy parametric hardware Trojan for a ring oscillator based TRNG architecture proposed by Yang et al. at ISSCC 2014. Once the Trojan is triggered the malicious TRNG generates predictable non-random outputs. Such a Trojan does not require any additional logic (even a single gate) and is purely based on subtle manipulations on the sub-transistor level. The underlying concept is to disable the entropy source at high temperature to trigger the Trojan, while ensuring that Trojan-infected TRNG works correctly under normal conditions. We show how an attack can be performed with the Trojan-infected TRNG design in which the attacker uses a stochastic Markov Chain model to predict its reduced-entropy outputs. △ Less

Submitted 22 September, 2019; originally announced October 2019.