Scan-based attack against DES cryptosystems using scan signatures

With the high integration of LSI in recent years, the importance of design-for-techniques has been increasing. A scan-path test is one of the useful design-for-test techniques, in which testers can observe and control registers inside the target LSI chip directly. On the other hand, the risk of side-channel attacks against cryptographic LSIs and modules has been pointed out. In particular, scan-based attacks which retrieve secret keys by analyzing scan data obtained from scan chains has been attracting attention. In this paper, we propose a scan-based attack method against DES using scan signatures. Our proposed method are based on focusing on particular bit-column-data in a set of scan data and observing their changes when given several plaintexts. We can retrieve secret keys by partitioning the S-BOX process into eight independent sub-processes and reducing the number of the round key candidates from 2⁴⁸ to 2⁶×8 = 512. Our proposed methods can retrieve secret keys even if a scan chain includes registers except a crypto module and attackers do not know when the encryption is really done in the crypto module. Experimental results demonstrate that we successfully retrieve the secret keys of a DES cryptosystem using at most 32 plaintexts.