2021, Kabin, Ievgen, Dyka, Zoya, Klann, Dan, Schaeffner, Jan, Langendoerfer, Peter

In this paper we discuss the difficulties of mounting successful attacks against crypto implementations if essential information is missing. We start with a detailed description of our attack against our own design, to highlight which information is needed to increase the success of an attack, i.e. we use it as a blueprint to the following attack against commercially available crypto chips. We would like to stress that our attack against our own design is very similar to what happens during certification e.g. according to the Common Criteria Standard as in those cases the manufacturer needs to provide detailed information. If attacking commercial designs without signing NDAs, we were forced to intensively search the Internet for information about the designs. We were able to reveal information on the processing sequence during the authentication process even as detailed as identifying the clock cycles in which the individual key bits are processed. But we could not reveal the private keys used by the attacked commercial authentication chips 100% correctly. Moreover, as we did not knew the used keys we could not evaluate the success of our attack. To summarize, the effort of such an attack is significantly higher than the one of attacking a well-known implementation.

2020, Kabin, Ievgen, Dyka, Zoya, Klann, Dan, Langendoerfer, Peter

Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behaviour of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA is the so called horizontal differential SCA. In this paper we investigate two different approaches to increase the inherent resistance of our hardware accelerator for the kP operation. The first approach aims at reducing the impact of the addressing in our design by realizing a regular schedule of the addressing. In the second approach, we investigated how the formula used to implement the multiplication of GF(2n)-elements influences the results of horizontal DPA attacks against a Montgomery kP-implementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly. The combination of these two approaches leads to the most resistant design. For the 250 nm technology only 2 key candidates could be revealed with a correctness of about 70% which is a huge improvement given the fact that for the original design 7 key candidates achieved a correctness of more than 90%. For our 130 nm technology no key candidate was revealed with a correctness of more than 60%.

2020, Paolozzi, L., Cardarelli, R., Débieux, S., Favre, Y., Ferrère, D., Gonzalez-Sevilla, S., Iacobucci, G., Kaynak, M., Martinelli, F., Nessi, M., Rücker, H., Sanna, I., Sultan, D.M.S., Valerio, P., Zaffaroni, E.

SiGe BiCMOS technology can be used to produce ultra-fast, low-power silicon pixel sensors that provide state-of-the-art time resolution even without internal gain. The development of such sensors requires the identification and control of the main factors that may degrade the timing performance as well as the characterisation of the dependance of the sensor time resolution on the amplifier power consumption. Measurements with a 90Sr source of a prototype sensor produced in SG13G2 technology from IHP Microelectronics shows a time resolution of 140 ps at an amplifier current of 7 µA and 45 ps at a power consumption of 150 µA. The resolution on the measurement of the signal time-over-threshold, which is used to correct for time walk, is the main factor affecting the timing performance of this prototype. c 2020 CERN. Published by IOP Publishing Ltd on behalf of Sissa Medialab.

2018, Keeler, Paul, Jahnel, Benedikt, Maye, Oliver, Aschenbach, Daniel, Brzozowski, Marcin

Stochastic geometry models are used to study wireless networks, particularly cellular phone networks, but most of the research focuses on the typical user, often ignoring atypical events, which can be highly disruptive and of interest to network operators. We examine atypical events when a unexpected large proportion of users are disconnected or connected by proposing a hybrid approach based on ray launching simulation and point process theory. This work is motivated by recent results [12] using large deviations theory applied to the signal-to-interference ratio. This theory provides a tool for the stochastic analysis of atypical but disruptive events, particularly when the density of transmitters is high. For a section of a European city, we introduce a new stochastic model of a single network cell that uses ray launching data generated with the open source RaLaNS package, giving deterministic path loss values. We collect statistics on the fraction of (dis)connected users in the uplink, and observe that the probability of an unexpected large proportion of disconnected users decreases exponentially when the transmitter density increases. This observation implies that denser networks become more stable in the sense that the probability of the fraction of (dis)connected users deviating from its mean, is exponentially small. We also empirically obtain and illustrate the density of users for network configurations in the disruptive event, which highlights the fact that such bottleneck behaviour not only stems from too many users at the cell boundary, but also from the near-far effect of many users in the immediate vicinity of the base station. We discuss the implications of these findings and outline possible future research directions.

2019, Valerio, P., Cardarelli, R., Iacobucci, G., Paolozzi, L., Ripiccini, E., Hayakawa, D., Bruno, S., Caltabiano, A., Kaynak, M., Rücker, H., Nessi, M.

Time-of-flight measurement is an important advancement in PET scanners to improve image reconstruction with a lower delivered radiation dose. This article describes the monolithic ASIC for the TT-PET project, a novel idea for a high-precision PET scanner for small animals. The chip uses a SiGe Bi-CMOS process for timing measurements, integrating a fully-depleted pixel matrix with a low-power BJT-based front-end per channel, integrated on the same 100 µm thick die. The target timing resolution of the scanner is 30 ps RMS for electrons from the conversion of 511 keV photons. The system will include 1.6 million channels across almost 2000 different chips. A full-featured demonstrator chip with a 3×10 matrix of 500×500 µm2 pixels was fabricated to validate each block. Its design and experimental results are presented here. © 2019 CERN.

2018, Klesse, Wolfgang Matthias, Rathsfeld, Andreas, Groß, Claudine, Malguth, Enno, Skibitzki, Oliver, Zealouk, Lahbib

To satisfy the continuous demand of ever smaller feature sizes, plasma etching technologies in microelectronics processing enable the fabrication of device structures with dimensions in the nanometer range. In a typical plasma etching system a plasma phase of a selected etching gas is activated, thereby generating highly energetic and reactive gas species which ultimately etch the substrate surface. Such dry etching processes are highly complex and require careful adjustment of many process parameters to meet the high technology requirements on the structure geometry. In this context, real-time access of the structures dimensions during the actual plasma process would be of great benefit by providing full dimension control and film integrity in real-time. In this paper, we evaluate the feasibility of reconstructing the etched dimensions with nanometer precision from reflectivity spectra of the etched surface, which are measured in real-time throughout the entire etch process. We develop and test a novel and fast reconstruction algorithm, using experimental reflection spectra taken about every second during the etch process of a periodic 2D model structure etched into a silicon substrate. Unfortunately, the numerical simulation of the reflectivity by Maxwell solvers is time consuming since it requires separate time-harmonic computations for each wavelength of the spectrum. To reduce the computing time, we propose that a library of spectra should be generated before the etching process. Each spectrum should correspond to a vector of geometry parameters s.t. the vector components scan the possible range of parameter values for the geometrical dimensions. We demonstrate that by replacing the numerically simulated spectra in the reconstruction algorithm by spectra interpolated from the library, it is possible to compute the geometry parameters in times less than a second. Finally, to also reduce memory size and computing time for the library, we reduce the scanning of the parameter values to a sparse grid.