International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Side-Channel Analysis of the Xilinx Zynq UltraScale+ Encryption Engine

Authors:
Benjamin Hettwer , Robert Bosch GmbH, Corporate Sector Research, Stuttgart, Germany; Ruhr University Bochum, Bochum, Germany
Sebastien Leger , Robert Bosch GmbH, Corporate Sector Research, Stuttgart, Germany
Daniel Fennes , Ruhr University Bochum, Bochum, Germany
Stefan Gehrer , Robert Bosch LLC, Pittsburgh, USA
Tim Güneysu , Ruhr University Bochum, Bochum, Germany
Download:
DOI: 10.46586/tches.v2021.i1.279-304
URL: https://tches.iacr.org/index.php/TCHES/article/view/8735
Search ePrint
Search Google
Abstract: The Xilinx Zynq UltraScale+ (ZU+) is a powerful and flexible System-on- Chip (SoC) computing platform for next generation applications such as autonomous driving or industrial Internet-of-Things (IoT) based on 16 nm production technology. The devices are equipped with a secure boot mechanism in order to provide confidentiality, integrity, and authenticity of the configuration files that are loaded during power-up. This includes a dedicated encryption engine which features a protocol-based countermeasure against passive Side-Channel Attacks (SCAs) called key rolling. The mechanism ensures that the same key is used only for a certain number of data blocks that has to be defined by the user. However, a suitable choice for the key rolling parameter depends on the power leakage behavior of the chip and is not published by the manufacturer. To close this gap, this paper presents the first publicly known side-channel analysis of the ZU+ encryption unit. We conduct a black-box reverse engineering of the internal hardware architecture of the encryption engine using Electromagnetic (EM) measurements from a decoupling capacitor of the power supply. Then, we illustrate a sophisticated methodology that involves the first five rounds of an AES encryption to attack the 256-bit secret key. We apply the elaborated attack strategy using several new Deep Learning (DL)-based evaluation methods for cryptographic implementations. Even though we are unable to recover all bytes of the secret key, the experimental results still allow us to provide concrete recommendations for the key rolling parameter under realistic conditions. This eventually helps to configure the secure boot mechanism of the ZU+ and similar devices appropriately.
Video from TCHES 2020
BibTeX
@article{tches-2020-30768,
  title={Side-Channel Analysis of the Xilinx Zynq UltraScale+ Encryption Engine},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2021, Issue 1},
  pages={279-304},
  url={https://tches.iacr.org/index.php/TCHES/article/view/8735},
  doi={10.46586/tches.v2021.i1.279-304},
  author={Benjamin Hettwer and Sebastien Leger and Daniel Fennes and Stefan Gehrer and Tim Güneysu},
  year=2020
}