Scan-based side-channel attack against HMAC-SHA-256 circuits based on isolating bit-transition groups using scan signatures

    Research output: Contribution to journalArticle

    Abstract

    A scan chain is used by scan-path test, one of design-for-test techniques, which can control and observe internal registers in an LSI chip. On the other hand, a scan-based side-channel attack is focused on which can restore secret information by exploiting the scan data obtained from a scan chain inside the crypto chip during cryptographic processing. In this paper, we propose a scan-based attack method against a hash generator circuit called HMAC-SHA- 256. Our proposed method is composed of three steps; Firstly, we isolate 64 bit-transition groups from a scan data using scan signatures based on the property of the HMAC-SHA-256 algorithm. Secondly, we classify these 64 bittransition groups into 32 pairs. Lastly, we find out the correspondence between the scan data and the internal registers in the target HMAC-SHA-256 circuit. Our proposed method restores the secret information by the three steps above, even if the scan chain includes registers other than the target hash generator circuit and hence it becomes too long. Experimental results show that our proposed method successfully restores two secret keys of the HMAC-SHA-256 circuit using up to 425 input messages in 7.5 hours.

    Original languageEnglish
    Pages (from-to)16-28
    Number of pages13
    JournalIPSJ Transactions on System LSI Design Methodology
    Volume11
    DOIs
    Publication statusPublished - 2018 Feb 1

    Fingerprint

    Networks (circuits)
    Side channel attack
    Processing

    Keywords

    • HMAC
    • Scan chain
    • Scan-based side-channel attack
    • SHA-256
    • Side-channel attack

    ASJC Scopus subject areas

    • Computer Science Applications
    • Electrical and Electronic Engineering

    Cite this

    @article{a554aba2da5b47aaab0d25fc24130135,
    title = "Scan-based side-channel attack against HMAC-SHA-256 circuits based on isolating bit-transition groups using scan signatures",
    abstract = "A scan chain is used by scan-path test, one of design-for-test techniques, which can control and observe internal registers in an LSI chip. On the other hand, a scan-based side-channel attack is focused on which can restore secret information by exploiting the scan data obtained from a scan chain inside the crypto chip during cryptographic processing. In this paper, we propose a scan-based attack method against a hash generator circuit called HMAC-SHA- 256. Our proposed method is composed of three steps; Firstly, we isolate 64 bit-transition groups from a scan data using scan signatures based on the property of the HMAC-SHA-256 algorithm. Secondly, we classify these 64 bittransition groups into 32 pairs. Lastly, we find out the correspondence between the scan data and the internal registers in the target HMAC-SHA-256 circuit. Our proposed method restores the secret information by the three steps above, even if the scan chain includes registers other than the target hash generator circuit and hence it becomes too long. Experimental results show that our proposed method successfully restores two secret keys of the HMAC-SHA-256 circuit using up to 425 input messages in 7.5 hours.",
    keywords = "HMAC, Scan chain, Scan-based side-channel attack, SHA-256, Side-channel attack",
    author = "Daisuke Oku and Masao Yanagisawa and Nozomu Togawa",
    year = "2018",
    month = "2",
    day = "1",
    doi = "10.2197/ipsjtsldm.11.16",
    language = "English",
    volume = "11",
    pages = "16--28",
    journal = "IPSJ Transactions on System LSI Design Methodology",
    issn = "1882-6687",
    publisher = "Information Processing Society of Japan",

    }

    TY - JOUR

    T1 - Scan-based side-channel attack against HMAC-SHA-256 circuits based on isolating bit-transition groups using scan signatures

    AU - Oku, Daisuke

    AU - Yanagisawa, Masao

    AU - Togawa, Nozomu

    PY - 2018/2/1

    Y1 - 2018/2/1

    N2 - A scan chain is used by scan-path test, one of design-for-test techniques, which can control and observe internal registers in an LSI chip. On the other hand, a scan-based side-channel attack is focused on which can restore secret information by exploiting the scan data obtained from a scan chain inside the crypto chip during cryptographic processing. In this paper, we propose a scan-based attack method against a hash generator circuit called HMAC-SHA- 256. Our proposed method is composed of three steps; Firstly, we isolate 64 bit-transition groups from a scan data using scan signatures based on the property of the HMAC-SHA-256 algorithm. Secondly, we classify these 64 bittransition groups into 32 pairs. Lastly, we find out the correspondence between the scan data and the internal registers in the target HMAC-SHA-256 circuit. Our proposed method restores the secret information by the three steps above, even if the scan chain includes registers other than the target hash generator circuit and hence it becomes too long. Experimental results show that our proposed method successfully restores two secret keys of the HMAC-SHA-256 circuit using up to 425 input messages in 7.5 hours.

    AB - A scan chain is used by scan-path test, one of design-for-test techniques, which can control and observe internal registers in an LSI chip. On the other hand, a scan-based side-channel attack is focused on which can restore secret information by exploiting the scan data obtained from a scan chain inside the crypto chip during cryptographic processing. In this paper, we propose a scan-based attack method against a hash generator circuit called HMAC-SHA- 256. Our proposed method is composed of three steps; Firstly, we isolate 64 bit-transition groups from a scan data using scan signatures based on the property of the HMAC-SHA-256 algorithm. Secondly, we classify these 64 bittransition groups into 32 pairs. Lastly, we find out the correspondence between the scan data and the internal registers in the target HMAC-SHA-256 circuit. Our proposed method restores the secret information by the three steps above, even if the scan chain includes registers other than the target hash generator circuit and hence it becomes too long. Experimental results show that our proposed method successfully restores two secret keys of the HMAC-SHA-256 circuit using up to 425 input messages in 7.5 hours.

    KW - HMAC

    KW - Scan chain

    KW - Scan-based side-channel attack

    KW - SHA-256

    KW - Side-channel attack

    UR - http://www.scopus.com/inward/record.url?scp=85045643031&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85045643031&partnerID=8YFLogxK

    U2 - 10.2197/ipsjtsldm.11.16

    DO - 10.2197/ipsjtsldm.11.16

    M3 - Article

    VL - 11

    SP - 16

    EP - 28

    JO - IPSJ Transactions on System LSI Design Methodology

    JF - IPSJ Transactions on System LSI Design Methodology

    SN - 1882-6687

    ER -