Optical side-channel attack on PIC16F84A Martin Hlaváč Charles University in Prague CNES internship summary (part of USE IT project) ECRYPT Ph. D. Summer.

Optical side-channel attack on PIC16F84A

Martin Hlaváč

Charles University in Prague

CNES internship summary (part of USE IT project)

ECRYPT Ph. D. Summer School, Samos, Greece, May 4, 2007

Gold Card = PIC16F84 + 24LC16B

PIC16F84

1024 x 14 bit program

68B Static RAM

5V @ 4MHz (ISO7816) 24LC16B

2048Byte EEPROM

PIC16F84

18 10

1 9

8 5

1 4

24LC16B

C1

C2

C3

C4

C5

C6

C7

C8

Gold Card uncovered (Front Side)

Problem: Too much metal on SRAM. Solution: Back Side

SRAM

PIC16F84A uncovered (Back Side)

Problem: Silicon layer too thick (~300 µm).Solution: Slim it down to ~70 µm.

SRAM back side (20x)

PIC16F84A back side

Measurement goalAES state

16 bytes

16 bytes

Monitor changes of bytes in State block during AES

How? Dynamic light emission detection (PICA)

Theory: byte flips => light is emitted

byte stays => just noise

We can do bit flips!!!

bit

bit

Static vs. dynamic observation

vs.

All photons observed at one image

Frames166 ns = 1 clock cycle

Individual framesmovlw 0xff

(frames 0..3)

movlw 0xaa

(frames 8..11)

movlw 0x55

(frames 16..19)

movlw 0x00

(frames 20..23)

xorwf block+0x0,f

(frames 4..7)

xorwf block+0x0,f

(frames 12..15)

xorwf block+0x0,f

(frames 20..23)

xorwf block+0x0,f

(frames 24..27)

3rd clock

3rd clocks reveal the key“xor 0xFF” “xor 0xAA”

“xor 0x55” “xor 0x00”

No cryptanalysis needed

AES key is fully revealed during AddRoundKey operation

Even if only byte flips can be detected, the key can be recovered with 28 measurements

Conclusions

Dynamic light emission is a very strong side channel (once

synchronized) applicable on other ciphers/schemes and

devices

The end

Thank you for your attention!

[email protected]

USE IT: http://useit.cuni.cz/