Finding the AES Bits in the Haystack: Reverse Enginering and SCA Using Voltage Contrast

Christian Kison, Jürgen Frinken, Chris­tof Paar

Work­shop on Cryp­to­gra­phic Hard­ware and Em­bed­ded Sys­tems, CHES 2015, Saint-Ma­lo, Fran­ce, Sep­tem­ber 13 - 16, 2015


In this paper, we demonstrate how the Scanning Electron Microscope (SEM) becomes a powerful tool for Side Channel Analysis (SCA) and Hardware Reverse Engineering. We locate the AES hardware circuit of a XMEGA microprocessor with Capacitive-Coupled Voltage Contrast (CCVC) images and use them in a powerful Voltage Contrast Side Channel Analysis (VCSCA). This enables an attacker to locate AES bit-wires in the top metal-layer and thus, to recover valuable netlist information. An attacker gets a valuable entry-point to look for weaknesses or Intellectual Property (IP) in the AES circuit. Additionally we show the great potential of the VCSCA in a non-invasive Side Channel Analysis for Reverse Engineering (SCARE) approach. Finally, we recover the full key of the AES hardware-engine in a practical template-based VCSCA and a no-plaintext, no-ciphertext and no-key Simple Side Channel Analysis (SSCA). We show that future VCSCA attacks present a big hardware security-risk that IC vendors need to consider.


tags: AES Full key recovery, hw reverse engineering, SCA, Scare, Side channel analysis, Voltage contrast