Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Exploiting Ring Oscillators to Leak Secret Information

Lundberg, Fanny LU (2025) EITM01 20251
Department of Electrical and Information Technology
Abstract
The manufacturing of hardware is a complex process where many different types
of parties are involved. This creates risks of inserting hidden harmful parts, so
called Hardware Trojans (HTs). HTs can have many different functions, such as
reducing security, leaking information or degrading a system. This thesis examines
how Ring Oscillators (ROs) can be exploited by a malicious party and modified
to instead of protecting a system, leak secret information. This was examined by
implementing a HT with the purpose of leaking the encryption key of an AES
encryption module through power side-channels.
It was also examined how HTs can be categorized, and if the categorization
could be improved. It was suggested that apart from existing... (More)
The manufacturing of hardware is a complex process where many different types
of parties are involved. This creates risks of inserting hidden harmful parts, so
called Hardware Trojans (HTs). HTs can have many different functions, such as
reducing security, leaking information or degrading a system. This thesis examines
how Ring Oscillators (ROs) can be exploited by a malicious party and modified
to instead of protecting a system, leak secret information. This was examined by
implementing a HT with the purpose of leaking the encryption key of an AES
encryption module through power side-channels.
It was also examined how HTs can be categorized, and if the categorization
could be improved. It was suggested that apart from existing categories: insertion phase, abstraction level, activation mechanism, effect, location and physical
characteristic one should also add the categories: type of components/hardware,
malicious actor, attack type and attack difficulty.
The effects of the designed HT were measured using an oscilloscope. The
results of the measurements showed that even with a small RO of only five Look Up
Tables, one could easily read out the encryption key from the power consumption.
It was also discussed that there exist many different valid reasons for inserting
ROs in a system and discovering one or two small ROs of the HT kind would be
very difficult. Therefore, this is a problem that should be further examined. (Less)
Popular Abstract
Manufacturing Hardware is a complex and expensive process. Therefore, most
companies does not do the entire process by themselves, rather it is divided between many different companies, often from many different countries. The hardware produced is also very complex and often contains so many components that
it becomes almost impossible to test every part of it effectively. The problem
then becomes how to ensure that secure hardware actually is secure, and that no
modifications have been made during the production process. A Hardware Trojan
(HT) is a hidden modification of hardware with the purpose of doing harm to a
system. These HTs, if successful, reduces the trust of secure applications.

This thesis demonstrates the problem... (More)
Manufacturing Hardware is a complex and expensive process. Therefore, most
companies does not do the entire process by themselves, rather it is divided between many different companies, often from many different countries. The hardware produced is also very complex and often contains so many components that
it becomes almost impossible to test every part of it effectively. The problem
then becomes how to ensure that secure hardware actually is secure, and that no
modifications have been made during the production process. A Hardware Trojan
(HT) is a hidden modification of hardware with the purpose of doing harm to a
system. These HTs, if successful, reduces the trust of secure applications.

This thesis demonstrates the problem above by proposing a HT design that can be
used to attack cryptographic applications. The encryption algorithm most used
today is the Advanced Encryption Standard (AES). The HT targets the encryption key of the AES encryption and tries to leak it through modifying the circuits
power consumption.

The HT was built on a Ring Oscillator (RO), which is a loop of components,
typically inverters. By inverting a signal and sending it around the loop before
inverting it again, and so on, an oscillating signal is created. When a signal oscillates, it consumes extra power.

Many ROs also contain an enable signal that can turn the oscillation on or off. When the RO is enabled it consumes more power than when it it disabled. By
enabling and disabling the RO in a controlled matter based on what value the
encryption key is, it is possible to read out the key from measurements of the
circuits power consumption.

The results showed that it was possible to easily read out the encryption key
from measuring the power consumption for a circuit with as few as five components in the RO loop, and a total of 173 components in the whole HT.

Using a RO in a circuit can have many valid reasons, such as creating a clock
or checking the timing. Therefore having an RO in a circuit is not strange. Normal, non-modified, circuits can have many thousands of ROs for valid reasons. One RO that has been modified can therefore be hard to detect. Together with its
small size, this makes the HT stealthy and difficult to discover. Leaking information this way can therefore be considered a threat to the security of applications and protection against it should be examined. (Less)
Please use this url to cite or link to this publication:
author
Lundberg, Fanny LU
supervisor
organization
course
EITM01 20251
year
type
H2 - Master's Degree (Two Years)
subject
keywords
Hardware Trojan, Ring Oscillator, Leak information
report number
LU/LTH-EIT 2025-1058
language
English
id
9202676
date added to LUP
2025-06-24 14:05:10
date last changed
2025-06-24 14:05:10
@misc{9202676,
  abstract     = {{The manufacturing of hardware is a complex process where many different types
of parties are involved. This creates risks of inserting hidden harmful parts, so
called Hardware Trojans (HTs). HTs can have many different functions, such as
reducing security, leaking information or degrading a system. This thesis examines
how Ring Oscillators (ROs) can be exploited by a malicious party and modified
to instead of protecting a system, leak secret information. This was examined by
implementing a HT with the purpose of leaking the encryption key of an AES
encryption module through power side-channels.
It was also examined how HTs can be categorized, and if the categorization
could be improved. It was suggested that apart from existing categories: insertion phase, abstraction level, activation mechanism, effect, location and physical
characteristic one should also add the categories: type of components/hardware,
malicious actor, attack type and attack difficulty.
The effects of the designed HT were measured using an oscilloscope. The
results of the measurements showed that even with a small RO of only five Look Up
Tables, one could easily read out the encryption key from the power consumption.
It was also discussed that there exist many different valid reasons for inserting
ROs in a system and discovering one or two small ROs of the HT kind would be
very difficult. Therefore, this is a problem that should be further examined.}},
  author       = {{Lundberg, Fanny}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Exploiting Ring Oscillators to Leak Secret Information}},
  year         = {{2025}},
}