Redshift: Manipulating Signal Propagation Delay via Continuous-Wave Lasers

Authors

  • Kohei Yamashita The University of Electro-Communications, Tokyo, Japan
  • Benjamin Cyr University of Michigan, Ann Arbor, MI, USA
  • Kevin Fu University of Michigan, Ann Arbor, MI, USA
  • Wayne Burleson University of Massachusetts, Amherst, MA, USA
  • Takeshi Sugawara The University of Electro-Communications, Tokyo, Japan

DOI:

https://doi.org/10.46586/tches.v2022.i4.463-489

Keywords:

Laser Fault Injection, Physically Unclonable Function, Delay-Sensitive Circuits, Oscillator

Abstract

We propose a new laser injection attack Redshift that manipulates signal propagation delay, allowing for precise control of oscillator frequencies and other behaviors in delay-sensitive circuits. The target circuits have a significant sensitivity to light, and a low-power continuous-wave laser, similar to a laser pointer, is sufficient for the attack. This is in contrast to previous fault injection attacks that use highpowered laser pulses to flip digital bits. This significantly reduces the cost of the attack and extends the range of possible attackers. Moreover, the attack potentially evades sensor-based countermeasures configured for conventional pulse lasers. To demonstrate Redshift, we target ring-oscillator and arbiter PUFs that are used in cryptographic applications. By precisely controlling signal propagation delays within these circuits, an attacker can control the output of a PUF to perform a state-recovery attack and reveal a secret key. We finally discuss the physical causality of the attack and potential countermeasures.

Downloads

Published

2022-08-31

How to Cite

Yamashita, K., Cyr, B., Fu, K., Burleson, W., & Sugawara, T. (2022). Redshift: Manipulating Signal Propagation Delay via Continuous-Wave Lasers. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(4), 463–489. https://doi.org/10.46586/tches.v2022.i4.463-489

Issue

Section

Articles