A Novel Tampering Attack on AES Cores with Hardware Trojans

TL;DR

This paper introduces a hardware Trojan-based tampering attack on AES cores, demonstrating how untrusted foundries can manipulate internal data to extract secret keys, highlighting security vulnerabilities in cryptographic hardware implementations.

Contribution

The paper presents a novel tampering attack using hardware Trojans to compromise AES encryption by modifying internal round data, a method not previously documented.

Findings

Successfully implemented the attack on a 128-bit AES design

Demonstrated the feasibility with minimal area overhead

Able to extract secret keys from ciphertexts after Trojan activation

Abstract

The implementation of cryptographic primitives in integrated circuits (ICs) continues to increase over the years due to the recent advancement of semiconductor manufacturing and reduction of cost per transistors. The hardware implementation makes cryptographic operations faster and more energy-efficient. However, various hardware attacks have been proposed aiming to extract the secret key in order to undermine the security of these primitives. In this paper, we focus on the widely used advanced encryption standard (AES) block cipher and demonstrate its vulnerability against tampering attack. Our proposed attack relies on implanting a hardware Trojan in the netlist by an untrusted foundry, which can design and implement such a Trojan as it has access to the design layout and mask information. The hardware Trojan's activation modifies a particular round's input data by preventing the effect of all previous rounds' key-dependent computation. We propose to use a sequential hardware Trojan to deliver the payload at the input of an internal round for achieving this modification of data. All the internal subkeys, and finally, the secret key can be computed from the observed ciphertext once the Trojan is activated. We implement our proposed tampering attack with a sequential hardware Trojan inserted into a 128-bit AES design from OpenCores benchmark suite and report the area overhead to demonstrate the feasibility of the proposed tampering attack.