Scan-based side-channel attack against HMAC-SHA-256 circuits based on isolating bit-transition groups using scan signatures

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

A scan chain is used by scan-path test, one of design-for-test techniques, which can control and observe internal registers in an LSI chip. On the other hand, a scan-based side-channel attack is focused on which can restore secret information by exploiting the scan data obtained from a scan chain inside the crypto chip during cryptographic processing. In this paper, we propose a scan-based attack method against a hash generator circuit called HMAC-SHA- 256. Our proposed method is composed of three steps; Firstly, we isolate 64 bit-transition groups from a scan data using scan signatures based on the property of the HMAC-SHA-256 algorithm. Secondly, we classify these 64 bittransition groups into 32 pairs. Lastly, we find out the correspondence between the scan data and the internal registers in the target HMAC-SHA-256 circuit. Our proposed method restores the secret information by the three steps above, even if the scan chain includes registers other than the target hash generator circuit and hence it becomes too long. Experimental results show that our proposed method successfully restores two secret keys of the HMAC-SHA-256 circuit using up to 425 input messages in 7.5 hours.

Original languageEnglish
Pages (from-to)16-28
Number of pages13
JournalIPSJ Transactions on System LSI Design Methodology
Volume11
DOIs
Publication statusPublished - 2018 Feb

Keywords

  • HMAC
  • SHA-256
  • Scan chain
  • Scan-based side-channel attack
  • Side-channel attack

ASJC Scopus subject areas

  • Computer Science Applications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Scan-based side-channel attack against HMAC-SHA-256 circuits based on isolating bit-transition groups using scan signatures'. Together they form a unique fingerprint.

Cite this