POP (Power-OFF laser attacks on security Primitives)

Description

Secure circuits embed hardware primitives that provide security properties: Physical Unclonable Functions (PUFs) or attack sensors, for example. These only fulfil their role when powered, which makes a new class of attacks that would be carried out when the targeted circuit is powered off particularly worrying. The aim of our project is precisely to verify the feasibility of laser attacks on powered-off devices and to propose suitable countermeasures to protect against these attacks.

In order to carry out this work, we first plan to design in-house and then have an external service provider manufacture a test circuit with carefully selected elementary blocks and simple security primitives for characterisation, testing and modelling purposes. We then plan to carry out laser injection campaigns on this circuit, but also on other circuits already available from the project partners. These experimental campaigns can therefore start at the beginning of the project. This first stage will lead to the development of a fault model, describing the observed faults as exhaustively as possible, at different levels of abstraction: physical, logical and functional.

Once we understand the effects of laser attacks on powered-off devices, we plan to apply the resulting fault model to two classical examples of safety primitives. For the PUF, the aim will be to disprove the unclonability property, by experimentally modifying the statistical distribution of the identifiers generated by the PUF. This could go as far as gaining precise control of individual bits of the response obtained. The second application will be the deactivation of an attack sensor before its use, by exposing it to laser radiation when it is powered off. The aim here is to render the sensor non- functional once it is powered. Finally, we plan to illustrate the developed fault model by applying it to two existing systems, resulting from previous ANR projects, and which use the security primitives described above. Thus, we will first target the intellectual property protection system of the SALWARE project, protecting IP cores against illegal copying. This system is based on the intrinsic identification of the different instances of an IP core using a PUF, and the possibility of cloning the PUF would make it possible to illegally activate several components from a single legal activation. The second target device is an integrated substrate current sensor, known as BBICS, from the ANR LIESSE project. The objective here is to raise the detection threshold of the sensor to make it insensitive to the currents induced by a laser attack carried out later.

Finally, once this original threat has been clearly identified and validated, we will propose countermeasures that are adapted and suitably designed.

Partners

• Mines Saint- Etienne - Gardanne
• TIMA - Grenoble
• LCIS - Valence
• Lab. Hubert Curien - Saint-Etienne