Thumbnail Image

Intentional and Unintentional Side-Channels in Embedded Systems

Side-channel attacks have become a very important and well-studied area in computer security. Traditionally, side-channels are unwanted byproducts of implementations that can be exploited by an attacker to reveal secret information. In this thesis, we take a different approach towards side-channels. Instead of exploiting already existing side-channels, they are inserted intentionally into designs. These intentional side-channels have the nice property of being hidden in the noise. Only their implementer can make use of them. This makes them a very interesting building block for different applications, especially since they can also be implemented very efficiently. In this thesis, techniques to build intentional side-channels for embedded software designs, RTL level hardware designs, as well as layout level hardware implementations are presented. The usefulness of these techniques is demonstrated by building efficient side-channel based software and hardware watermarks for intellectual property protection. These side-channel based watermarks can also be extended to be used as a tool to detect counterfeit ICs, another problem the embedded system industry is facing. However, intentional side-channels also have malicious applications. In this thesis, an extremely stealthy approach to build hardware Trojans is introduced. By only modifying the IC below the transistor level, meaningful hardware Trojans can be built without adding a single transistor. Such hardware Trojans are especially hard to detect with currently proposed Trojan detection mechanisms and highlight not only the fact that new Trojan detection mechanisms are needed, but also how stealthy intentional side-channels can be. Besides intentional side-channels, this thesis also examines unintentional side-channels in delay based Physically Unclonable Functions (PUFs). PUFs have emerged as an alternative to traditional cryptography and are believed to be especially well suited for counterfeit protection. They are also often believed to be more resistant to side-channel attacks than traditional cryptography. However, by combining side-channel analysis with machine learning, we demonstrate that delay based PUFs can be attacked, using both active as well as passive side-channels. The results not only raise strong doubt about the side-channel resistance and usefulness of delay based PUFs, but also show how powerful combining side-channel analysis techniques with machine learning can be in practice.
Research Projects
Organizational Units
Journal Issue
Publisher Version
Embedded videos