Abstract
Physically unclonable function (PUF) is a technology to generate a device-unique identifier using process variation. PUF enables a cryptographic key that appears only when the chip is active, providing an efficient countermeasure against reverse-engineering attacks. In this paper, we explore the data conversion that digitizes a physical quantity representing PUF’s uniqueness into a numerical value as a new attack surface. We focus on time-to-digital converter (TDC) that converts time duration into a numerical value. We show the first signal injection attack on a TDC by manipulating its clock, and verify it through experiments on an off-the-shelf TDC chip. Then, we show how to leverage the attack to reveal a secret key protected by a PUF that uses a TDC for digitization.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Chen, A.: Utilizing the variability of resistive random access memory to implement reconfigurable physical unclonable functions. IEEE Electron Dev. Lett. 36(2), 138–140 (2015)
Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_5
Henzler, S. (ed.): Time-to-Digital Converters. Advanced Microelectronics. Springer, Netherland (2010). https://doi.org/10.1007/978-90-481-8628-0
Kune, D., et al.: Ghost talk: Mitigating EMI signal injection attacks against analog sensors. In: 2012 IEEE Symposium on Security and Privacy (2013)
Liu, R., Wu, H., Pang, Y., Qian, H., Yu, S.: A highly reliable and tamper-resistant RRAM PUF: design and experimental validation. In: 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (2016)
Maes, R.: Physically Unclonable Functions. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41395-7
Miki, T., Miura, N., Sonoda, H., Mizuta, K., Nagata, M.: A random interrupt dithering SAR technique for secure ADC against reference-charge side-channel attack. Express Briefs, IEEE Transactions on Circuits and Systems II (2020)
RIGOL Technologies, I.: User’s guide: DG1000Z series function/arbitrary waveform generator (2013)
Sugawara, T., Cyr, B., Rampazzi, S., Genkin, D., Fu, K.: Light commands: Laser-based audio injection on voice-controllable systems (2019)
Texas Instruments: SNAS647D: TDC7200 time-to-digital converter for time-of-flight applications in lidar, magnetostrictive and flow meter. http://www.ti.com/lit/ds/symlink/tdc7200.pdf
Texas Instruments: SNAU177: TDC7200EVM user’s guide. http://www.ti.com/lit/ug/snau177/snau177.pdf
Torrance, R., James, D.: The state-of-the-art in semiconductor reverse engineering. In: 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 333–338 June 2011
Trippel, T., Weisse, O., Xu, W., Honeyman, P., Fu, K.: WALNUT: waging doubt on the integrity of mems accelerometers with acoustic injection attacks. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P) (2017)
Tu, Y., Rampazzi, S., Hao, B., Rodriguez, A., Fu, K., Hei, X.: Trick or heat?: Manipulating critical temperature-based control systems using rectification attacks. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 2301–2315 (2019)
Turchetta, R.: Analog Electronics for Radiation Detection. CRC Press (2016)
Yoshimoto, Y., Katoh, Y., Ogasahara, S., Wei, Z., Kouno, K.: A ReRAM-based physically unclonable function with bit error rate \(<\) 0.5% after 10 years at 125 \(^o\)C for 40 nm embedded application. In: 2016 IEEE Symposium on VLSI Technology (2016)
Zeitouni, S., Oren, Y., Wachsmann, C., Koeberl, P., Sadeghi, A.: Remanence decay side-channel: the PUF case. IEEE Trans. Inf. Foren. Secur. 11(6), 1106–1116 (2016)
Acknowledgement
This paper is based on results obtained from a project commissioned by the New Energy and Industrial Technology Development Organization (NEDO).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Sugawara, T., Onuma, T., Li, Y. (2020). (Short Paper) Signal Injection Attack on Time-to-Digital Converter and Its Application to Physically Unclonable Function. In: Aoki, K., Kanaoka, A. (eds) Advances in Information and Computer Security. IWSEC 2020. Lecture Notes in Computer Science(), vol 12231. Springer, Cham. https://doi.org/10.1007/978-3-030-58208-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-58208-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58207-4
Online ISBN: 978-3-030-58208-1
eBook Packages: Computer ScienceComputer Science (R0)