Résumé: Permutation-based obfuscation has been proposed to protect hardware against cloning, overproduction, reverse engineering, and unauthorized operation. To prevent key extraction from memory, the key used by the obfuscation is usually stored in volatile memory. Since the key is erased after the system loses power, this scheme is often considered the best way to prevent a key from being stolen, since many attacks would require power. However, in this article, we propose a new attack where the key is determined by exploring path aging within the permutation network used for obfuscation. Both the theoretical analysis and experimental results are provided. A practical procedure to achieve the proposed attack is also discussed in the context of an attacker's capabilities and knowledge. The proposed attack is executed in both simulation and hardware. The experimental results show the accuracy of identifying the key is over 80% and more than enough to reduce the number of brute-force combinations required by an attacker. This attack accuracy reaches 100% when the permutation network has experienced sufficient degradations. Besides the attack, we also propose a low-cost countermeasure that sweeps the permutation network configurations. Incorporating this countermeasure, the proposed attack becomes no better than brute-force guessing.

Langue: Anglais