near-field magnetic sensing system with high-spatial resolution and application for security of...
Post on 14-Feb-2018
214 Views
Preview:
TRANSCRIPT
-
7/23/2019 Near-Field Magnetic Sensing System With High-Spatial Resolution and Application for Security of Cryptographic LSI
1/9
840 IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015
A Near-Field Magnetic Sensing System With
High-Spatial Resolution and Application
for Security of Cryptographic LSIs
Nguyen Ngoc Mai-Khanh, Member, IEEE, Tetsuya Iizuka, Member, IEEE, Akihiko Sasaki,Makoto Yamada, Osamu Morita, and Kunihiro Asada, Member, IEEE
Abstract This paper presents a high-resolution inductivenear-field magnetic sensing system to detect sensitive andsuspicious areas of cryptographic large-scale integration (LSI)chips for nondestructive inspection. The proposed system includesa probe chip based on a 0.18-m five-metal-layer CMOS processtechnology and a microposition calibration mechanism. Theprobe chip includes a magnetic pick-up coil followed by a three-stage low-noise amplifier (LNA) to amplify the induced voltageon the coil. The Si-substrate area under the coil is removedby applying a focused-ion-beam (FIB) technique to enhancethe quality factor of the coil. A mechanical scanning systemwith an ability of microposition calibration is proposed to allowhigh-precision calibration and microscanning operation. High-spatial resolution magnetic scanning experiment is conductedon a microstrip line and on the surface of a cryptographicfield programmable gate array (FPGA) running 128-b advancedencryption standard (AES) algorithm. By making a comparisonin the scanning performance of a commercial probe, this sensingmeasurement holds the advantage of higher resolution magneticmaps in multiple frequency bands. Moreover, the proposedsystem can be used to identify vulnerable areas of cryptographicLSI chips that can cause location-dependent side-channel leakage.
Index TermsCMOS, coil, cryptography, high-spatial
resolution, integrated circuit, magnetic, probe, sensing.
I. INTRODUCTION
IT HAS been widely known that nondestructive or
side-channel attacks on cryptographic chips can exploit
leaked physical parameters and properties of the chips. Sensing
on such leaked properties of a cryptographic chip during
its operation can reveal corresponding secret key and secure
data. Conventional operating-time-based attack method [1]
Manuscript received May 30, 2014; revised August 6, 2014; acceptedOctober 12, 2014. Date of publication February 26, 2015; date of currentversion March 6, 2015. This work was supported by the Japan Society forthe Promotion of Science through the Grants-in-Aid for Scientific Researchunder Grant 24700042. The Associate Editor coordinating the review processwas Dr. Deniz Gurkan.
N. N. Mai-Khanh and K. Asada are with the VLSI Design andEducation Center, University of Tokyo, Tokyo 113-8654, Japan (e-mail:khanh@silicon.u-tokyo.ac.jp).
T. Iizuka is with the Department of Electrical Engineering and InformationSystems, University of Tokyo, Tokyo 113-8654, Japan.
A. Sasaki and M. Yamada are with Morita-Tech Company, Ltd.,Kawasaki 215-0032, Japan.
O. Morita is with the Department of Electrical and Electronics Engineering,Aoyama Gakuin University, Tokyo 150-8366, Japan.
Color versions of one or more of the figures in this paper are availableonline at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TIM.2014.2373472
Fig. 1. Design and measurement procedure of this paper.
analyzes the amount of time required to perform private
key operations of a cryptosystem. In addition, other researchgroups employ simple or differential analysis methods on
power consumption [2][5]. For example, Kocher et al. [2]
proposed the differential power attack with a small resistor
connected to the power pin of cryptographic devices to analyze
power consumption. Another improvement on power-based
analysis is correlation power attack [6], [7]. However, leaked
electromagnetic (EM) emanations can provide more secret
information [8], [9] and then side-channel cryptanalysis based
on EM emanations has studied and investigated [10][13].
Electric variations produced from an operating cryptographic
LSI chip generate magnetic flux, which can be detected to
reveal secret information. Sensing methods based on leakage
EM emission of a cryptographic chip provide highest amountof information compared with power consumption analysis
ones [9]. Micromagnetic sensing approach is preferred due
to its ability of detecting susceptible locations and leaked
magnetic field direction [14], [15]. In LSI circuits, value
changes such as digital clock or data chains in the logic state of
CMOS gates cause time-varying currents and hence produce
concentric magnetic fields around conductors. By placing
magnetic sensing coils close to a cryptographic chips surface
to measure and monitor data-dependent leakage magnetic
0018-9456 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
-
7/23/2019 Near-Field Magnetic Sensing System With High-Spatial Resolution and Application for Security of Cryptographic LSI
2/9
MAI-KHANH et al.: N EAR-FIELD M AGNETIC SENSING SYSTEM WITH H IGH -SPATIAL RESOLUTION AN D APPLICATION 841
Fig. 2. Three-stage LNA diagram with the magnetic pick-up coil.
emanations of the chip, related secret information of the
chip can be captured [3], [13][17]. Therefore, there is a
strong demand to analyze and identify vulnerable portions of
cryptographic chips from EM-based side-channel attacks.
Previously, we presented a near-field magnetic probe with
a coil integrated with an LNA in a chip [18], [19]. However,
the probe system encountered the problem of eddy currents
generated from metal probe holder and the small size of
the coil of 100 100 m2 with the effective core area of
3030m2 is not sufficient for picking-up and detecting sub-
milliampere electric currents flowing under the lossy material
of the cipher LSI package. Furthermore, the probe must have a
wide frequency range, e.g., 500 MHz in the case of supplying
a 50-MHz clock to the cipher LSI, to capture such high
harmonic signals of the clock frequency emitted from the
clock circuit and other internal frequency synthesizer circuits.
In this paper, which is an extension of [20], we present
our enhancement of near-field magnetic sensing and scanningsystem for localized EM nondestructive analysis as described
in Fig. 1. Basic components of the system include an on-
chip magnetic pick-up coil, an integrated three-stage LNA,
and a plastic probe holder attached to a high-spatial resolution
scanning system. Furthermore, a microposition calibration
mechanism and a postmeasurement step to process scanned
magnetic cartography are presented. Measured results show
an ability of mapping and microresolution locating on a
small logic block intentionally localized on a cryptographic
FPGA.
This paper is organized as follows. Section II presents
the design of the magnetic probe and probe fabrication
steps. Microposition calibration mechanism is describedin Section III. Scanning results of the proposed probe on a
microstrip (MS) line and on the surface of a cryptographic
FPGA, and a comparison with a commercial probe are
discussed in Section IV. Section V concludes this paper.
I I . PROBED ESIGN ANDI NTEGRATION
A. On-Chip Magnetic Pick-Up Coil
Fig. 2 shows a coil with Nturns placed at a distance r from
a time-varying current metal wire. As well-known Faradays
induction law, the coil induces the magnetic field based on
Fig. 3. Proposed coil with symmetric topology.
the relationship of the magnetic flux through the coil and the
coils voltage, Vcoil. Current Iof the wire produces magnetic
flux B as BiotSavart law: B = (0I/2)Xln(r+ Y/r).
If the coil is in a perpendicular direction to the magnetic plane
of the wire, one can write
Vcoil = N dB
dt= N
0
2Xln
r+ Y
r
d I
dt(1)
where 0 is the vacuum permeability. If I= I0sin(2 f0t)
Vcoil = N0Xlnr+ Y
rI0fcos(2f0t). (2)
To enhance Vcoil, increments of both N and X can be
applied but the former confronts the limitation of the number
of metal layers in a determined CMOS technology process
while the latter can offer easily multi-increment in Vcoil.
Therefore, we proposed a magnetic pick-up coil with a larger
size of X = 500 m and Y = 100m, five times bigger than
that in [18] and [19], to allow more magnetic flux throughthe coil, as shown in Fig. 3. The Si-substrate under the coil is
removed by applying an FIB process to avoid eddy currents
and enhance both inductance L and quality factor Q of the
coil [19]. Quality factor of a coil is defined as
Q = 2 (Emag Eelec)
Eloss(3)
where Emag and Eelec are peak magnetic and electric energies
stored, respectively, and Eloss is the energy loss per cycle [21].
Q is detailed as a product of ideal quality factor (ideal-Q),
substrate loss factor, and self-resonance factor [22]. Ideal-Q
accounts for the magnetic energy stored and the ohmic loss
in series resistance of the coil while self-resonance factordepends on the increment of electric energy stored. Substrate
loss factor represents the energy dissipated in the Si-substrate.
Note that both substrate loss factor and self-resonance factor
are less than 1. The removal of the Si-substrate under the
coil eliminates the loss on the resistive Si-substrate, reduces
coil-substrate coupling capacitors, and enhances the coils self-
inductance. Fig. 4 shows the improvement on L and Q of the
coil when its Si-substrate is removed. The improvement on
L enhances the magnetic energy Emag stored in the coil. The
Si-substrate removal reduces peak electric energy and hence
enhances the quality factor Q of the coil.
-
7/23/2019 Near-Field Magnetic Sensing System With High-Spatial Resolution and Application for Security of Cryptographic LSI
3/9
842 IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015
Fig. 4. Improvement percentages on L and Q of the Si-substrate removalcase compared with a nonremoved Si-substrate one.
Fig. 5. Periodic rectangular pulse signal x(t) and its harmonic amplitudefunction cn in a case of duty cycle D = 1/6. A wideband amplifier is requireddue to the existence of sufficient amplitude harmonics.
In practical applications for sensing weak magnetic fields
generated from digital clock-supplied cryptographic LSIs, two
things should be considered to design the related integrated
circuit. First, a high-gain amplifier should be used to magnify
the induced voltage on the coil. In addition, this ampli-fier should have a low-noise feature and an infinite input
impedance. Second, the circuit including the coil followed by
the amplifier should have an ability of wideband spectrum
sensing to induce and then amplify magnetic fields generated
by not only the fundamental frequency of the clock but
also its harmonics. If clock x(t) is a repeating square pulse
with an amplitude of A, a cycle of T, and a duty cycle
D = 2Tp/T as shown in Fig. 5, x(t) is even and hence its
Fourier transformation series contains only cosine terms and
a constant term as
x(t) = c0 +
+
n=1
cncos(nt) (4)
= DA +
+
n=1
2A
n sin(nD)cos(nt) (5)
where = (2/T), c0 = D A, and cn = (2A/n)
sin(nD) is harmonic amplitude. For example, if T = 12 Tpor D = 1/6, harmonic components of x(t) are nonzero
except the multiples of the sixth component, as shown in
the right-hand side of Fig. 5. The induced signals at the coil
are proportional with derivation function of x(t), x/t, and
contain harmonic components ofx(t). Moreover, inside digital
cryptographic LSIs, there are several clock-based circuits such
Fig. 6. Postprocessing steps including the remove of the Si-substrate areaunderneath the coil and mounting the flipped chip to a PCB by goldenballs. An X-ray photo is used to confirm the alignment of chips pads andcorresponding PCBs ones.
as delay-locked loop, phase-locked loop, frequency dividers, or
flip-flops, which can generate magnetic fields in different
frequencies. Therefore, a sufficient wideband amplifier is
required. The proposed variable-gain LNA has a maximumbandwidth of 500 MHz and a maximum gain of 63 dB in
simulation as presented in the previous work [18]. The LNA is
integrated with the coil into a chip to reduce signal reduction,
reflection, and noise from cables or connections. In addition,
an ability of frequency-band filtering is added to the scanning
system for postmeasuring image processing.
B. Probe Fabrication Steps
Postfabrication steps of the proposed probe include chip-
mounting on a based printed circuit board (PCB) and
FIB process. After wafer dicing, tiny golden balls are attached
to pads of the probe chip. The probe chip is then flipped andmounted on a based PCB by the usage of these golden balls.
An FIB process is applied to remove the Si-substrate region
under the coil, as shown in Fig. 6. The PCB then is fixed to a
plastic probe holder. The advantage of the plastic probe holder
compared with the metal one in the previous work [18] is to
reduce other EM interference and to avoid eddy currents on
the metal probe holder. Eddy currents were induced within the
metal probe holder when it was close enough to the device-
under-test (DUT) and thus caused a magnetic field that could
affect to the sensing on-chip coil. The plastic probe holder is
then attached to the probe arm of the high-precision scanning
system placed in a shielded box to perform calibration and
magnetic cartography scanning.
III. MICROPOSITIONCALIBRATION
Fig. 7 shows the calibration setup for horizontal and vertical
directions prior to the implementation of magnetic sensing.
Main components for the calibration are a laser attached to
the probe arm, which also can move along the z-axis, a flat
metal block placed on a motorized stage, and a fixed-lens
camera whose output is fed to a computer. The computer is
utilized to control the positions of the stage and the probes
arm. Outputs of the camera, the laser, and the laser camera are
-
7/23/2019 Near-Field Magnetic Sensing System With High-Spatial Resolution and Application for Security of Cryptographic LSI
4/9
MAI-KHANH et al.: N EAR-FIELD M AGNETIC SENSING SYSTEM WITH H IGH -SPATIAL RESOLUTION AN D APPLICATION 843
Fig. 7. Calibration setup diagram with a real-time microphotograph for cal-ibration. Details of connection cables between computer and other equipmentare omitted.
Fig. 8. Calibration setup picture and the base PCB with the probe chip.
fed to the computer for monitoring and controlling the calibra-
tion process. The distance of the laser original point (LOP) to
any surfaces below can be measured by the laser camera but
the gap between LOP and the probe head should be calculated
by the first calibration step.
The first step of the calibration is to find the gap in z-axis
from LOP to the probe chip head. This step is performed only
once by measuring the distance hz from LOP to the metal
block surface and then manually finding the gap h0 between
the probe chip head and the block surface as depicted in Fig. 7.
Therefore, the gap between LOP and the probe head is theresult of (hz h0). To measure h 0, the probe arm is gradually
lowered close to the flat surface of the metal block as shown in
Fig. 8 so that the chip head and the metal block surface can be
in range of the fixed camera and observed on the display. Then,
h0 is measured manually based on the mesh on the display.
Camera position is fixed and the camera lens is set together
with an appropriate distance resolution corresponding to the
display mesh; for example, 20 m/div, as shown in Fig. 7.
From now, the gap between LOP and the probe chip head is
saved and used to calculate the liftoff of the probe chip head
to the surface of any DUTs by the laser.
Fig. 9. Results of the flatness and magnetic scanning on an MS line withh thickness. The flatness map including relative surface roughness values isthen used in the magnetic scan step to keep the liftoff constant. Note that the
resolution of the flatness scan must be higher or equal to the magnetic scanresolution.
The second purpose of the calibration is to automatically
scan the flatness of the DUT surface by the laser to compensate
the liftoff. The metal block is removed from the motorized
stage. A DUT, MS line, or FPGA chip, is then placed on
the stage for surface scanning to achieve relative surface
flatness map with a minimum accuracy of 1 m. Each of the
points of this surface map containing values of x y positions
and the relative surface roughness is used to compensate for
the correspondent points on the DUT surface to keep the
same liftoff during the magnetic scanning. Fig. 9 shows an
illustration of height compensation and scanning results ona surface area of an MS line placed at the liftoff from the
on-chip coil. Details of magnetic scanning results are presented
in the following section.
IV. SENSING E XPERIMENTALR ESULTS
Magnetic sensing on an MS line and a cryptographic
FPGA is performed in a shielded room to avoid external
RF inferences. A comparison in magnetic scanning perfor-
mance between the proposed probe and a commercial one is
presented.
A. Magnetic Sensing on a Microstrip LineThe experimental setup for magnetic sensing on a 100-m
width MS line is shown in Fig. 10. After the calibration,
the MS-line board is located on the motorized stage with
a liftoff d from the coil. To measure the gain between the
probe chip output and the MS-line input, the probe chip output
is connected to port 1 of a Z V L RohdeSchwarz network
analyzer and one terminal of the MS line is connected to
port 2 of the network analyzer. Flatness surface map of the
MS-line board is achieved using the laser. Magnetic scan
is performed across the MS line and along x-axis so that
magnetic flux generated from the MS line is perpendicular
-
7/23/2019 Near-Field Magnetic Sensing System With High-Spatial Resolution and Application for Security of Cryptographic LSI
5/9
844 IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015
Fig. 10. Two measurement setups using network analyzer and spectrumanalyzer to measure the gain between the probe chip output and theMS-line input and the probe output versus MS-line positions.
Fig. 11. Measured gain between the probe output and the MS-line input.
with the coils plane to achieve maximum magnetic flux
through the coil. Fig. 11 shows measured gains between the
probe output and the MS-line input power by varying the liftoff
from 100 to 1000 m.
To measure the magnetic strength distribution on the planes
perpendicular to the MS line, an FSVR20 RohdeSchwarz
spectrum analyzer is connected to the probe chip output and
the MS line is fed with a 0-dBm power by an AgilentN9310A
RF signal generator. The liftoff is kept at 200 m. The laser
is used to scan the surface of the MS-line board and thethickness of the MS line with a 10-m step. Fig. 12 shows
the measured distributed magnetic strength of the MS line at
four frequencies of 50, 100, 150, and 200 MHz. These results
show a higher gain of this probe in measurements on MS line
than in the previous work [18].
B. Magnetic Sensing on a Cryptographic FPGA
by the Proposed Probe
Another measurement setup is performed to measure mag-
netic field cartography of a Virtex-5 FPGA running a 128-b
AES algorithm core, as shown in Fig. 13. The FPGA cooling
Fig. 12. Measured probes output by spectrum analyzer on the MS line.
Fig. 13. (a) Scan setup on FPGA. (b) FPGA floorplanning. (c) Scannedmagnetic cartography of the whole FPGA surface.
cover part is removed to enhance the scanning performance.The FPGA surface is scanned and marked by the laser, which
is synthesized with a video camera to achieve corresponding
ridge maps. This ridge map is then applied to compensate
for the next step of magnetic scanning to ensure the same
liftoff value for all scanning points. The FPGA is programmed
by a computer through a USB cable, which is wrapped
round by a ferrite cover to reduce EM interference noises,
which can generate low-frequency noise toward the sensing
probe.
AES encryption includes four steps in which substitution-
boxes (S-box) are the basic components to perform
-
7/23/2019 Near-Field Magnetic Sensing System With High-Spatial Resolution and Application for Security of Cryptographic LSI
6/9
MAI-KHANH et al.: N EAR-FIELD M AGNETIC SENSING SYSTEM WITH H IGH -SPATIAL RESOLUTION AN D APPLICATION 845
substitution [23]. To demonstrate the ability of high-spatial
scanning resolution of the proposed probe to detect abnor-
mal or suspicious chips areas, we intentionally mapped the
logic block of S-box1 far away from AES circuits and other
S-boxes by FPGA floorplanning, as shown in Fig. 13(b).
In addition, the S-box1 code-block in the FPGA is added one
more bit so that the operation of S-box1 can be independently
enable/disable to other blocks.
The implementation of magnetic cartography 2-D scanning
by the proposed probe is performed with a scanning spatial
resolution of 50 m and a liftoff of 100 m. The probe
output is connected to a spectrum analyzer whose data are
transferred to a computer. Measured data from the spec-
trum analyzer are then applied a filtering step in frequency
domain to obtain frequency-dependent magnetic maps.
Fig. 13(c) shows a scanned magnetic cartography at 72 MHz
in the case of operating the AES core with the running of
S-box1. The map shows vertical streaks that can be caused
by the operation of digital registers and metallic mesh inside
the FPGA. Furthermore, several areas in red color disclose
that a higher magnetic field is distributed and leakage infor-mation in such positions might be revealed easily under
EM side-channel attacks.
C. Comparison in Performance With a Commercial Probe
A commercial probe [24], MT-545, is employed to scan
on the FPGAs surface running the AES core to achieve near-
field magnetic maps for the purpose of comparison in scanning
performance. The FPGA configuration in the case of using
MT-545 is the same with that in the proposed probe.
Table I shows 10-mm 10-mm magnetic maps scanned
by the commercial probe with/without S-box1 operations.
These maps are with several harmonic frequencies of theFPGAs clock frequency of 24 MHz. These maps provide lower
resolution and less information compared with the scanned
magnetic cartography exhibited in Fig. 13(c). A differential
image processing step is applied for these scanned magnetic
maps to find S-box1-operation-related portions, as shown in
the figures of the rightmost column of Table I. It seems that
these portions are scattered but still distributed along the center
stripe of the maps.
Table II shows 11.2-mm 11.6-mm magnetic maps built
by the proposed probe. Measured data with/without S-box1
operations are collected in several harmonic frequencies of
the clock. In the postscanned processing step, data maps are
rescaled with the same range of 61.0 to 55 dB. Then,a differential image processing is executed as shown in the
rightmost column of Table II. As can be seen, the map in
the case of 72 MHz (the third harmonic of 24 MHz) shows
the highest received power distribution. However, that of the
fundamental frequency indeed reveals less power distribution
than both of the 48- and 96-MHz maps although in theory
spectrum of the clock signal x(t) shows that the amplitude
of fundamental component is the highest. This is because
the coils voltage induced by the magnetic field increases in
proportion to the frequency of the magnetic, as expressed
in (2). Therefore, the total gain from the induced magnetic
TABLE I
MAGNETICCARTOGRAPHYS CANNED BYMT-545 COMMERCIALP ROBE
field to the probe output is proportionate to the frequency
within the range from 20 to 300 MHz, as shown in Fig. 11.
Vertical stripes in differential magnetic cartography produced
by the proposed probe are sharper and show more details than
those of MT-545. In addition, one may recognize on these
differential cartography several blurred traces of a gird, which
may correspond to the metal mesh and dummy metals ofthe FPGA.
Table IV shows a comparison among this proposal,
MT-545 commercial probe, and prior works. Duboiset al.[25],
Wei and Wilkinson [26], and Zhang et al. [27] used handmade
or on-PCB sensing coils connected to portable or on-board
LNAs for their probes. They used several millimeter size
coils for the detection of the magnetic fields from digital
logic circuits and magnetic induced tomography applications
without any position calibration [25], [26] or with a time-
domain simulation-versus-measurement calibration [27] for
millimeter accuracy. These schemes are inadequate for the
-
7/23/2019 Near-Field Magnetic Sensing System With High-Spatial Resolution and Application for Security of Cryptographic LSI
7/9
846 IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015
TABLE II
MAGNETICC ARTOGRAPHYS CANNED BY THEP ROPOSEDP ROBE
security applications that request microprecision magnetic
sensing. Our probe integrates a several hundred micrometer
scale coils with an LNA into a 0.68-mm 2.5-mm chip
to enhance the scanning resolution as well as to reduce the
problems of loss, reflection, and noise from the cable-based
connection between the coil and the LNA. Another groupimplemented a standalone coil integration using the same
chip fabrication process with us but employed an external
LNA [28], whereas we realized a single-chip implementation.
We performed a microposition calibration for the measurement
with the higher scanning accuracy of 1 m, which is 10 times
finer than that in [28]. We improved the quality factor of
the coil by the removal of the Si-substrate area under the
coil by applying a postprocessing FIB technique. Because
of the high sensitivity of the integrated magnetic probe and
the fine spatial resolution of our scanning system, we can
perform a magnetic scanning on an abnormal small area of
TABLE III
33-mm2 SCANNEDM AGNETICCARTOGRAPHY OF THE
S- BOX1 A REA BY THEP ROPOSEDPROBE
the cryptographic FPGA surface, including the S-box1 area as
marked in Fig. 13(c), to demonstrate the ability of detecting
malicious blocks. Scanned magnetic maps with a
scanning resolution of 25 m are shown in Table III at
harmonic frequencies of the 24-MHz clock frequency. Corre-
sponding differential maps shows some streaks caused by theoperation of the S-box1 block. These scanned data are rescaled
with the same range of61.0 to 55 dB. Due to differential
EM maps in harmonic frequencies of 24 MHz as depicted
in the rightmost column, the S-box1 area can be obviously
detected. In addition to the detection of the S-box1 operation,
measured magnetic maps of the S-box1 area scanned by the
proposed microprobe reveals more detailed information and
higher resolution than that by the macro-MT-545. Moreover,
the measured cartography maps in harmonic frequencies show
more sharp-edged stripes and more details. The detection of
the S-box1 area illustrates the ability of the proposed probe
-
7/23/2019 Near-Field Magnetic Sensing System With High-Spatial Resolution and Application for Security of Cryptographic LSI
8/9
MAI-KHANH et al.: N EAR-FIELD M AGNETIC SENSING SYSTEM WITH H IGH -SPATIAL RESOLUTION AN D APPLICATION 847
TABLE IV
COMPARISONWIT HOTHERWORKS
to detect malicious Trojan blocks, which may be intentionally
installed in cryptographic LSIs.
V. CONCLUSION
A high-spatial resolution measurement for near-field
magnetic scanning on cryptographic LSIs is presented. Theproposed probe chip includes a magnetic pick-up coil inte-
grated in a chip with a three-stage LNA in a 0.18-m
CMOS process. Sensing enhancement is based on the high-
spatial resolution mechanical scanning system and the removal
of the Si-substrate under the coil at the cost of the postprocess-
ing of a FIB technique. A microposition calibration is pro-
posed to allow microscanning operation with 1-m accuracy.
Because of these techniques, magnetic sensing applications by
the proposed system, which are conducted on a MS line and a
128-b AES cryptographic FPGA show higher gains than those
in the previous works. A comparison with a macro commercial
probe is also performed. Measured results show that the
proposed microprobe can be applied to detect and localize
vulnerable areas and suspicious components of cryptographic
LSIs from EM side-channel attacks.
ACKNOWLEDGMENT
The authors would like to thank the VLSI Design and
Education Center, the University of Tokyo, Japan, in collabo-
ration with Rohm Corporation, Toppan Printing Corporation,
Synopsys, Inc., Mentor Graphics, Inc., Cadence Design
Systems, Inc., and Agilent Technologies Japan, Ltd. They
would also like to thank Dr. S. Nakajima and Dr. A. Satoh
for their helpful contributions to this paper.
REFERENCES
[1] P. C. Kocher, Timing attacks on implementations of DiffieHellman,RSA, DSS, and other systems, in Advances in Cryptology. Berlin,Germany: Springer-Verlag, 1996, pp. 104113.
[2] P. C. Kocher, J. Jaffe, and B. Jun, Differential power analysis, inAdvances in Cryptology(Lecture Notes in Computer Science), vol. 1666.Berlin, Germany: Springer-Verlag, 1999, pp. 388397.
[3] E. Peeters, F.-X. Standaert, and J.-J. Quisquater, Power and electro-magnetic analysis: Improved model, consequences and comparisons,
Integr., VLSI J., vol. 40, no. 1, pp. 5260, 2007.[4] S. Mangard, E. Oswald, and T. Popp,Power Analysis Attacks: Revealing
the Secrets of Smart Cards. Heidelberg, Germany: Springer-Verlag,2007.
[5] T. Sugawaraet al., Mechanism behind information leakage in electro-magnetic analysis of cryptographic modules, in Information Security
Applications (Lecture Notes in Computer Science), vol. 5932. Berlin,Germany: Springer-Verlag, 2009, pp. 6678.
[6] E. Brier, C. Clavier, and F. Olivier, Correlation power analysis with aleakage model, in Cryptographic Hardware and Embedded Systems(Lecture Notes in Computer Science), vol. 3156. Berlin, Germany:
Springer-Verlag, 2004, pp. 1629.[7] J. Wu, Y. Shi, and M. Choi, Measurement and evaluation of power
analysis attacks on asynchronous S-box, IEEE Trans. Instrum. Meas.,vol. 61, no. 10, pp. 27652775, Oct. 2012.
[8] D. Real, F. Valette, and M. Drissi, Enhancing correlation electromag-netic attack using planar near-field cartography, in Proc. Design, Autom.Test Eur. Conf. Exhibit. (DATE), Apr. 2009, pp. 628633.
[9] F.-X. Standaert and C. Archambeau, Using subspace-based templateattacks to compare and combine power and electromagnetic informa-tion leakages, in Cryptographic Hardware and Embedded Systems(Lecture Notes in Computer Science), vol. 5154. Berlin, Germany:Springer-Verlag, 2008, pp. 411425.
[10] N. Homma, T. Aoki, and A. Satoh, Electromagnetic informationleakage for side-channel analysis of cryptographic modules, in Proc.
IEEE Int. Symp. EMC, Jul. 2010, pp. 97102.
[11] M. Yamaguchi, S. Koya, H. Torizuka, S. Aoyama, and S. Kawahito,Shielded-loop-type onchip magnetic-field probe to evaluate radiatedemission from thin-film noise suppressor, IEEE Trans. Magn., vol. 43,no. 6, pp. 23702372, Jun. 2007.
[12] K. Chen, Q. Zhao, P. Zhang, and G. Deng, The power of electro-magnetic analysis on embedded cryptographic Ics, in Proc. Int. Conf.
Embedded Softw. Syst. Symp. (ISESS), Jul. 2008, pp. 197201.
[13] K. Gandolfi, C. Mourtel, and F. Olivier, Electromagnetic analysis:Concrete results, in Cryptographic Hardware and Embedded Systems(Lecture Notes in Computer Science), vol. 2162. Berlin, Germany:Springer-Verlag, 2001, pp. 251261.
[14] D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi, The EMsideChannel(s), in Cryptographic Hardware and Embedded Systems.Berlin, Germany: Springer-Verlag, Aug. 2002.
[15] J. Lenz and A. S. Edelstein, Magnetic sensors and their applications,IEEE Sensor J., vol. 6, no. 3, pp. 631648, Jun. 2006.
[16] S. Mangard, Exploiting radiated emissionsEM attacks on crypto-graphic ICs, in Proc. Austrochip, Linz, Austria, Oct. 2003, pp. 1316.
[17] L. Sauvage, S. Guilley, J.-L. Danger, Y. Mathieu, and M. Nassar,Successful attack on an FPGA-based WDDL DES cryptoprocessorwithout place and route constraints, in Proc. Design, Autom. Test Eur.Conf. Exhibit. (DATE), 2009, pp. 640645.
[18] N. N. Mai-Khanh, T. Iizuka, M. Yamada, O. Morita, and K. Asada,An integrated high-precision probe system for near-field magnetic mea-surements on cryptographic LSIs, in Proc. IEEE Sensors, Oct. 2012,pp. 20742077.
[19] N. N. Mai-Khanh, T. Iizuka, M. Yamada, O. Morita, and K. Asada,An integrated high-precision probe system in 0.18-m CMOS for near-field magnetic measurements on cryptographic LSIs, IEEE Sensors J.,vol. 13, no. 7, pp. 26752682, Jul. 2013.
[20] N. N. Mai-Khanh, T. Iizuka, M. Yamada, O. Morita, and K. Asada,High-resolution measurement of magnetic field generated from cryp-tographic LSIs, in Proc. IEEE Sensor Appl. Symp., Feb. 2014,pp. 111114.
-
7/23/2019 Near-Field Magnetic Sensing System With High-Spatial Resolution and Application for Security of Cryptographic LSI
9/9
848 IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015
[21] C. P. Yue and S. S. Wong, On-chip spiral inductors with patternedground shields for Si-based RF ICs, IEEE J. Solid-State Circuits,vol. 33, no. 5, pp. 743752, May 1998.
[22] K. Nishikawa, K. Shintani, and S. Yamakawa, Effects of eddy currenton characteristics of spiral inductors on silicon, Jpn. J. Appl. Phys.,vol. 48, no. 10R, p. 106502, Jan. 2009.
[23] [Online]. Available: http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf, accessed Nov. 25, 2014.
[24] [Online]. Available: http://www.morita-tech.co.jp/pdf/MT-545%20probe%20TD.pdf, accessed Sep. 18, 2014.
[25] T. Dubois et al., Near-field electromagnetic characterization and per-turbation of logic circuits, IEEE Trans. Instrum. Meas., vol. 57, no. 11,pp. 23982404, Nov. 2008.
[26] H.-Y. Wei and A. J. Wilkinson, Design of a sensor coil and mea-surement electronics for magnetic induction tomography, IEEE Trans.
Instrum. Meas., vol. 60, no. 12, pp. 38533859, Dec. 2011.[27] J. Zhang, K. W. Kam, J. Min, V. V. Khilkevich, D. Pommerenke, and
J. Fan, An effective method of probe calibration in phase-resolved near-field scanning for EMI application,IEEE Trans. Instrum. Meas., vol. 62,no. 3, pp. 648658, Mar. 2013.
[28] S. Muroga, K. Arai, S. Dhungana, R. Okuta, Y. Endo, andM. Yamaguchi, 3-D magnetic-near-field scanner for IC chip-levelnoise coupling measurements, IEEE Trans. Magn., vol. 49, no. 7,pp. 38863889, Jul. 2013.
Nguyen Ngoc Mai-Khanh (M12) was born inVung Tau, Vietnam. He received the B.S. andM.S. degrees in electrical engineering from VietnamNational University, University of Technology, HoChi Minh City, Vietnam, in 2002 and 2004, respec-tively, and the Ph.D. degree in electrical engineeringand information systems from the Graduate Schoolof Engineering, University of Tokyo, Tokyo, Japan,in 2011.
He joined a system-on-chip short-term project forthe internship with the Toshiba Research and Devel-
opment Center, Kawasaki, Japan, in 2006. From 2011 to 2013, he was a Post-Doctoral Researcher with the VLSI Design and Education Center, Universityof Tokyo, where he is currently an Assistant Professor. Since 2006, he hasbeen a Lecturer with the Faculty of Electrical and Electronic Engineering,Vietnam National University, University of Technology, HCMC, Viet Nam.
His current research interests include integrated analog circuits and microwavepulse transceiver circuits.
Dr. Mai-Khanh was a recipient of the Best Paper Award of the AsianSymposium on Quality Electronic Design in 2010 and the third rank of BestStudent Paper Award of the 9th IEEE NEWCAS Conference in 2011.
Tetsuya Iizuka (M02) received the B.S., M.S., andPh.D. degrees in electronic engineering from theUniversity of Tokyo, Tokyo, Japan, in 2002, 2004,and 2007, respectively.
He was a High-Speed Serial Interface CircuitDesigner with the industry for two years. He joinedthe University of Tokyo in 2009, where he is cur-rently an Assistant Professor with the Department of
Electrical Engineering and Information Systems. Hiscurrent research interests include digitally assistedanalog circuits and very large scale integration
computer-aided design.Dr. Iizuka is a member of the Institute of Electronics, Information and Com-
munication Engineers (IEICE). He was a recipient of the Young ResearchersAward from IEICE in 2002, the IEEE International Conference on Electronics,Circuits, and Systems Best Student Paper Award in 2006, and the YamashitaSIG Research Award from the Information Processing Society of Japan in2007. He is also a member of the IEEE International Solid-State CircuitsConference and the IEEE Custom Integrated Circuits Conference TechnicalProgram Committees.
Akihiko Sasaki received the B.E., M.E., andPh.D. degrees from the University of Electro-Communications, Tokyo, Japan, in 2003, 2005, and2008, respectively.
In 2011, he joined Morita-Tech Company, Ltd.,Kawasaki, Japan. His current research interestsinclude evaluation platform of side-channel analysisand fault analysis on cryptographic circuit.
Makoto Yamada was born in Nagano, Japan.He received the B.S. degree in electrical engineer-ing from the University of Yamanashi, Yamanashi,Japan, in 1981.
He joined the Test and Measurement Division,Yokogawa Hewlett Packard, Tokyo, Japan, asa Field Sales Engineer. In 2010, he joinedMorita-Tech Company, Ltd., Kawasaki, Japan, asa Security System Division Manager and Probeand EMC Scanner Specialist. He is responsible foroverseeing SASEBO and SAKURA Project relating
to side channel attack, DPA, electro-magnetic analysis solutions, current
roadmap for EM, and laser fault injection system.
Osamu Morita was born in Tokyo, Japan.He received the B.S. degree in electrical engineeringand electronics from Aoyama Gakuin University,Tokyo, in 1978.
He set up entrepreneurial ventures and providedcustom-made solutions, including key elements ofRF technology, mechatronics, electric circuit design,and software.
Kunihiro Asada (M80) was born in Fukui,Japan, in 1952. He received the B.S., M.S., andPh.D. degrees in electronic engineering from theUniversity of Tokyo, Tokyo, Japan, in 1975, 1977,and 1980, respectively.
He joined the Faculty of Engineering, Universityof Tokyo, in 1980, and became a Lecturer, an Asso-ciate Professor, and a Professor in 1981, 1985, and1995, respectively. From 1985 to 1986, he was withthe University of Edinburgh, Edinburgh, U.K., as aVisiting Scholar supported by the British Council.
From 1990 to 1992, he served as the first Editor of the English version ofIEICE Transactions on Electronics. In 1996, he established the VLSI Design
and Education Center (VDEC), with his colleagues in the University of Tokyo,which is the center to promote education and research of VLSI design in all theuniversities and colleges in Japan. He is currently in charge of the Director ofVDEC. He has authored over 400 technical papers in journals and conferenceproceedings. His current research interests include design and evaluation ofintegrated systems and component devices.
Dr. Asada is a member of the Institute of Electronics, Information andCommunication Engineers of Japan (IEICE), and the Institute of ElectricalEngineers of Japan (IEEJ). He has received Best Paper Awards from IEEJ,IEICE, and ICMTS1998/IEEE. He also served as the Chair of the IEEE/SSCSJapan Chapter from 2001 to 2002 and the IEEE Japan Chapter OperationCommittee from 2007 to 2008.
top related