Scan-based side channel attack on stream ciphers and its prevention

摘要

Scan chains, a design for testability feature, are included in most modern-day ICs. But, it opens a side channel for attacking cryptographic chips. We propose a methodology by which we can recover internal states of any stream cipher using scan chains. We consider conventional scan chain design which is normally not scrambled or protected in any other way. In this scenario, the challenge of the adversary is to obtain the correspondence of output of the scan chain and the internal state registers of the stream cipher. We present a mathematical model of the attack and the correspondence between the scan chain-outputs and the internal state bits have been proved under this model. We propose an algorithm that through offline and online simulation forms bijection between the above-mentioned sets and thus finds the required correspondence. We also give an estimate of the number of offline simulations necessary for finding the correspondence. The proposed strategy is successfully applied to eStream hardware based winners MICKEY-128 2.0, Trivium and Grain-128.