Side-Channel Analysis of the Xilinx Zynq UltraScale+ Encryption Engine

Authors

  • Benjamin Hettwer Robert Bosch GmbH, Corporate Sector Research, Stuttgart, Germany; Ruhr University Bochum, Bochum, Germany
  • Sebastien Leger Robert Bosch GmbH, Corporate Sector Research, Stuttgart, Germany
  • Daniel Fennes Ruhr University Bochum, Bochum, Germany
  • Stefan Gehrer Robert Bosch LLC, Pittsburgh, USA
  • Tim Güneysu Ruhr University Bochum, Bochum, Germany

DOI:

https://doi.org/10.46586/tches.v2021.i1.279-304

Keywords:

Side-Channel Attacks, Deep Learning, Bitstream Encryption, Key Rolling

Abstract

The Xilinx Zynq UltraScale+ (ZU+) is a powerful and flexible System-on- Chip (SoC) computing platform for next generation applications such as autonomous driving or industrial Internet-of-Things (IoT) based on 16 nm production technology. The devices are equipped with a secure boot mechanism in order to provide confidentiality, integrity, and authenticity of the configuration files that are loaded during power-up. This includes a dedicated encryption engine which features a protocol-based countermeasure against passive Side-Channel Attacks (SCAs) called key rolling. The mechanism ensures that the same key is used only for a certain number of data blocks that has to be defined by the user. However, a suitable choice for the key rolling parameter depends on the power leakage behavior of the chip and is not published by the manufacturer. To close this gap, this paper presents the first publicly known side-channel analysis of the ZU+ encryption unit. We conduct a black-box reverse engineering of the internal hardware architecture of the encryption engine using Electromagnetic (EM) measurements from a decoupling capacitor of the power supply. Then, we illustrate a sophisticated methodology that involves the first five rounds of an AES encryption to attack the 256-bit secret key. We apply the elaborated attack strategy using several new Deep Learning (DL)-based evaluation methods for cryptographic implementations. Even though we are unable to recover all bytes of the secret key, the experimental results still allow us to provide concrete recommendations for the key rolling parameter under realistic conditions. This eventually helps to configure the secure boot mechanism of the ZU+ and similar devices appropriately.

Downloads

Published

2020-12-03

Issue

Section

Articles

How to Cite

Side-Channel Analysis of the Xilinx Zynq UltraScale+ Encryption Engine. (2020). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(1), 279-304. https://doi.org/10.46586/tches.v2021.i1.279-304