Secure cryptographic hardware : assessing logic-locking and fault attack vulnerabilities

Abstract

The protection of hardware implementations of cryptographic primitives against physical attacks and supply-chain threats remains a critical challenge. This thesis investigates the fault attack vulnerabilities and the secure composability of various countermeasures, with a particular focus on logic-locking - a widely adopted design-for-trust technique aimed at safeguarding against intellectual property piracy and overproduction. One of the primary objectives of this work is to explore whether protecting a circuit against one threat inadvertently makes it more vulnerable to another, particularly when logic locking is applied to cryptographic circuits. Two novel attacks that exploit the presence of logic-locking circuitry are introduced as a major contribution of this thesis. Logic-locking typically serves to protect circuits by allowing them to function only when the correct locking key is provided. However, it is demonstrated that the ability to unlock the circuit incorrectly can provide adversaries with new and effective attack vectors. The first attack, Locking Enabled Differential Fault Analysis (LEDFA), is shown to make incorrectly unlocked circuits more susceptible to fault attacks due to the introduction of new propagation paths by the logic-locking circuitry. Experimental evaluations across various ciphers and logic-locking schemes revealed that fault attacks become either possible or consistently easier in the presence of incorrect unlocking. Moreover, it was found that logic-locking can, in some cases, make circuits vulnerable to classical algebraic attacks without the need for any fault injection, a case referred to as Locking Enabled Differential Analysis (LEDA). This vulnerability results in a significant reduction in the cryptographic strength. The success factors behind LEDA are thoroughly investigated, leading to the proposal of a countermeasure designed to enhance the resilience of logic-locked cryptographic circuits. This countermeasure involves restricting cryptographic key bits from being directly integrated into locking subcircuits, thereby mitigating the vulnerabilities facilitating LEDA. Additionally, a Test Vector Leakage Assessment (TVLA) of incorrectly unlocked AES implementation is discussed, highlighting that logic-locking significantly influences side-channel leakage. These findings raise concerns regarding the use of logic-locking in cryptographic circuits, suggesting that it, in fact, compromises rather than enhances security. The second major contribution of this thesis is the development of a methodology for evaluating the vulnerability of cryptographic circuits to fault injection attacks facilitated by clock manipulation. It is well recognized that state-of-the-art fault attacks typically require either a large number of low-precision fault injections (statistical attacks) or very few injections using sophisticated equipment (algebraic attacks) to breach modern cryptosystems. For instance, a well-known fault attack on AES-128 requires only a single fault injection, provided that the fault effects are confined to a specific 8-bit nibble of the state. This research aimed to optimize the probability of achieving the desired faulty state bit patterns during low-cost clock manipulation, thereby combining the advantages of both statistical and algebraic attacks. For this purpose, a comprehensive methodology is developed, which involves extending formal Boolean satisfiability (SAT) models initially designed for waveform-accurate automatic test pattern generation (ATPG) procedures to fault attacks on cryptographic hardware. A distinguishing feature of this analysis is the presence of fixed-yet-unknown secret cryptographic bits that influence the faulty state bit patterns. A model-counting (MC) approach is utilized to calculate the probability of success across different secret cryptographic bit combinations using a novel Vulnerability Index (VI). This methodology provides a robust framework for assessing the susceptibility of cryptographic circuits to such fault injection attacks. The practical implications of these findings are significant for both cryptographic hardware designers and security analysts. A structured approach is offered for security analysts to evaluate and strengthen cryptographic systems against fault injection attacks, ensuring a comprehensive defense strategy.