Exploiting Ring Oscillators to Leak Secret Information
(2025) EITM01 20251Department of Electrical and Information Technology
- Abstract
- The manufacturing of hardware is a complex process where many different types
of parties are involved. This creates risks of inserting hidden harmful parts, so
called Hardware Trojans (HTs). HTs can have many different functions, such as
reducing security, leaking information or degrading a system. This thesis examines
how Ring Oscillators (ROs) can be exploited by a malicious party and modified
to instead of protecting a system, leak secret information. This was examined by
implementing a HT with the purpose of leaking the encryption key of an AES
encryption module through power side-channels.
It was also examined how HTs can be categorized, and if the categorization
could be improved. It was suggested that apart from existing... (More) - The manufacturing of hardware is a complex process where many different types
of parties are involved. This creates risks of inserting hidden harmful parts, so
called Hardware Trojans (HTs). HTs can have many different functions, such as
reducing security, leaking information or degrading a system. This thesis examines
how Ring Oscillators (ROs) can be exploited by a malicious party and modified
to instead of protecting a system, leak secret information. This was examined by
implementing a HT with the purpose of leaking the encryption key of an AES
encryption module through power side-channels.
It was also examined how HTs can be categorized, and if the categorization
could be improved. It was suggested that apart from existing categories: insertion phase, abstraction level, activation mechanism, effect, location and physical
characteristic one should also add the categories: type of components/hardware,
malicious actor, attack type and attack difficulty.
The effects of the designed HT were measured using an oscilloscope. The
results of the measurements showed that even with a small RO of only five Look Up
Tables, one could easily read out the encryption key from the power consumption.
It was also discussed that there exist many different valid reasons for inserting
ROs in a system and discovering one or two small ROs of the HT kind would be
very difficult. Therefore, this is a problem that should be further examined. (Less) - Popular Abstract
- Manufacturing Hardware is a complex and expensive process. Therefore, most
companies does not do the entire process by themselves, rather it is divided between many different companies, often from many different countries. The hardware produced is also very complex and often contains so many components that
it becomes almost impossible to test every part of it effectively. The problem
then becomes how to ensure that secure hardware actually is secure, and that no
modifications have been made during the production process. A Hardware Trojan
(HT) is a hidden modification of hardware with the purpose of doing harm to a
system. These HTs, if successful, reduces the trust of secure applications.
This thesis demonstrates the problem... (More) - Manufacturing Hardware is a complex and expensive process. Therefore, most
companies does not do the entire process by themselves, rather it is divided between many different companies, often from many different countries. The hardware produced is also very complex and often contains so many components that
it becomes almost impossible to test every part of it effectively. The problem
then becomes how to ensure that secure hardware actually is secure, and that no
modifications have been made during the production process. A Hardware Trojan
(HT) is a hidden modification of hardware with the purpose of doing harm to a
system. These HTs, if successful, reduces the trust of secure applications.
This thesis demonstrates the problem above by proposing a HT design that can be
used to attack cryptographic applications. The encryption algorithm most used
today is the Advanced Encryption Standard (AES). The HT targets the encryption key of the AES encryption and tries to leak it through modifying the circuits
power consumption.
The HT was built on a Ring Oscillator (RO), which is a loop of components,
typically inverters. By inverting a signal and sending it around the loop before
inverting it again, and so on, an oscillating signal is created. When a signal oscillates, it consumes extra power.
Many ROs also contain an enable signal that can turn the oscillation on or off. When the RO is enabled it consumes more power than when it it disabled. By
enabling and disabling the RO in a controlled matter based on what value the
encryption key is, it is possible to read out the key from measurements of the
circuits power consumption.
The results showed that it was possible to easily read out the encryption key
from measuring the power consumption for a circuit with as few as five components in the RO loop, and a total of 173 components in the whole HT.
Using a RO in a circuit can have many valid reasons, such as creating a clock
or checking the timing. Therefore having an RO in a circuit is not strange. Normal, non-modified, circuits can have many thousands of ROs for valid reasons. One RO that has been modified can therefore be hard to detect. Together with its
small size, this makes the HT stealthy and difficult to discover. Leaking information this way can therefore be considered a threat to the security of applications and protection against it should be examined. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9202676
- author
- Lundberg, Fanny LU
- supervisor
- organization
- course
- EITM01 20251
- year
- 2025
- type
- H2 - Master's Degree (Two Years)
- subject
- keywords
- Hardware Trojan, Ring Oscillator, Leak information
- report number
- LU/LTH-EIT 2025-1058
- language
- English
- id
- 9202676
- date added to LUP
- 2025-06-24 14:05:10
- date last changed
- 2025-06-24 14:05:10
@misc{9202676, abstract = {{The manufacturing of hardware is a complex process where many different types of parties are involved. This creates risks of inserting hidden harmful parts, so called Hardware Trojans (HTs). HTs can have many different functions, such as reducing security, leaking information or degrading a system. This thesis examines how Ring Oscillators (ROs) can be exploited by a malicious party and modified to instead of protecting a system, leak secret information. This was examined by implementing a HT with the purpose of leaking the encryption key of an AES encryption module through power side-channels. It was also examined how HTs can be categorized, and if the categorization could be improved. It was suggested that apart from existing categories: insertion phase, abstraction level, activation mechanism, effect, location and physical characteristic one should also add the categories: type of components/hardware, malicious actor, attack type and attack difficulty. The effects of the designed HT were measured using an oscilloscope. The results of the measurements showed that even with a small RO of only five Look Up Tables, one could easily read out the encryption key from the power consumption. It was also discussed that there exist many different valid reasons for inserting ROs in a system and discovering one or two small ROs of the HT kind would be very difficult. Therefore, this is a problem that should be further examined.}}, author = {{Lundberg, Fanny}}, language = {{eng}}, note = {{Student Paper}}, title = {{Exploiting Ring Oscillators to Leak Secret Information}}, year = {{2025}}, }