Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

(Short Paper) Signal Injection Attack on Time-to-Digital Converter and Its Application to Physically Unclonable Function

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12231))

Included in the following conference series:

Abstract

Physically unclonable function (PUF) is a technology to generate a device-unique identifier using process variation. PUF enables a cryptographic key that appears only when the chip is active, providing an efficient countermeasure against reverse-engineering attacks. In this paper, we explore the data conversion that digitizes a physical quantity representing PUF’s uniqueness into a numerical value as a new attack surface. We focus on time-to-digital converter (TDC) that converts time duration into a numerical value. We show the first signal injection attack on a TDC by manipulating its clock, and verify it through experiments on an off-the-shelf TDC chip. Then, we show how to leverage the attack to reveal a secret key protected by a PUF that uses a TDC for digitization.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The attacker only increases the clock frequency in Algorithm 2, i.e., \(\delta _i \ge 0\), to avoid a countermeasure monitoring overclocking. We note that the similar attack is possible with \(\delta \le 0\).

  2. 2.

    The mean and standard deviation are obtained from Fig. 2-(b) of [16].

References

  1. Chen, A.: Utilizing the variability of resistive random access memory to implement reconfigurable physical unclonable functions. IEEE Electron Dev. Lett. 36(2), 138–140 (2015)

    Article  Google Scholar 

  2. Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_5

    Chapter  Google Scholar 

  3. Henzler, S. (ed.): Time-to-Digital Converters. Advanced Microelectronics. Springer, Netherland (2010). https://doi.org/10.1007/978-90-481-8628-0

    Book  Google Scholar 

  4. Kune, D., et al.: Ghost talk: Mitigating EMI signal injection attacks against analog sensors. In: 2012 IEEE Symposium on Security and Privacy (2013)

    Google Scholar 

  5. Liu, R., Wu, H., Pang, Y., Qian, H., Yu, S.: A highly reliable and tamper-resistant RRAM PUF: design and experimental validation. In: 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (2016)

    Google Scholar 

  6. Maes, R.: Physically Unclonable Functions. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41395-7

    Book  MATH  Google Scholar 

  7. Miki, T., Miura, N., Sonoda, H., Mizuta, K., Nagata, M.: A random interrupt dithering SAR technique for secure ADC against reference-charge side-channel attack. Express Briefs, IEEE Transactions on Circuits and Systems II (2020)

    Google Scholar 

  8. RIGOL Technologies, I.: User’s guide: DG1000Z series function/arbitrary waveform generator (2013)

    Google Scholar 

  9. Sugawara, T., Cyr, B., Rampazzi, S., Genkin, D., Fu, K.: Light commands: Laser-based audio injection on voice-controllable systems (2019)

    Google Scholar 

  10. Texas Instruments: SNAS647D: TDC7200 time-to-digital converter for time-of-flight applications in lidar, magnetostrictive and flow meter. http://www.ti.com/lit/ds/symlink/tdc7200.pdf

  11. Texas Instruments: SNAU177: TDC7200EVM user’s guide. http://www.ti.com/lit/ug/snau177/snau177.pdf

  12. Torrance, R., James, D.: The state-of-the-art in semiconductor reverse engineering. In: 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 333–338 June 2011

    Google Scholar 

  13. Trippel, T., Weisse, O., Xu, W., Honeyman, P., Fu, K.: WALNUT: waging doubt on the integrity of mems accelerometers with acoustic injection attacks. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P) (2017)

    Google Scholar 

  14. Tu, Y., Rampazzi, S., Hao, B., Rodriguez, A., Fu, K., Hei, X.: Trick or heat?: Manipulating critical temperature-based control systems using rectification attacks. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 2301–2315 (2019)

    Google Scholar 

  15. Turchetta, R.: Analog Electronics for Radiation Detection. CRC Press (2016)

    Google Scholar 

  16. Yoshimoto, Y., Katoh, Y., Ogasahara, S., Wei, Z., Kouno, K.: A ReRAM-based physically unclonable function with bit error rate \(<\) 0.5% after 10 years at 125 \(^o\)C for 40 nm embedded application. In: 2016 IEEE Symposium on VLSI Technology (2016)

    Google Scholar 

  17. Zeitouni, S., Oren, Y., Wachsmann, C., Koeberl, P., Sadeghi, A.: Remanence decay side-channel: the PUF case. IEEE Trans. Inf. Foren. Secur. 11(6), 1106–1116 (2016)

    Article  Google Scholar 

Download references

Acknowledgement

This paper is based on results obtained from a project commissioned by the New Energy and Industrial Technology Development Organization (NEDO).

Author information

Authors and Affiliations

  1. The University of Electro-Communications, Tokyo, Japan

    Takeshi Sugawara, Tatsuya Onuma & Yang Li

Authors
  1. Takeshi Sugawara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tatsuya Onuma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takeshi Sugawara .

Editor information

Editors and Affiliations

  1. Bunkyo University, Chigasaki, Japan

    Kazumaro Aoki

  2. Toho University, Funabashi, Japan

    Akira Kanaoka

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sugawara, T., Onuma, T., Li, Y. (2020). (Short Paper) Signal Injection Attack on Time-to-Digital Converter and Its Application to Physically Unclonable Function. In: Aoki, K., Kanaoka, A. (eds) Advances in Information and Computer Security. IWSEC 2020. Lecture Notes in Computer Science(), vol 12231. Springer, Cham. https://doi.org/10.1007/978-3-030-58208-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58208-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58207-4

  • Online ISBN: 978-3-030-58208-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation