Sergei Skorobogatov's Home Page

Hello!

My name is Sergei Skorobogatov (Сергей Скоробогатов), I was born and grew up in Moscow, Russia. I received a graduate degree (M.Sc.) in Automatics and Electronics (Engineering Diploma) from the Moscow Engineering Physics Institute (MEPhI, МИФИ) in March 1997. Then I worked (part time) as an Engineer in MEPhI and as a contractor for the Ophthalmic Centre "Prozrenie" in Moscow, where I designed several electronic devices for eye sight diagnostic and correction.
I won a Computer Laboratory Research Assistantship at Cambridge and since April 2000 I have been working on a Ph.D. project in the Security Group at the Computer Laboratory of the University of Cambridge in the UK. As a part of this research I participated in EU funded G3Card project aimed to design a new generation of smartcard chips. This project was finished in January 2003 and since that I had an independent research grant. I submitted my Ph.D. thesis in September 2004, defended my dissertation in November 2004 and graduated in February 2005. In September 2004 I was promoted to the Research Associate position for my postdoctoral research here and in July 2006 I was promoted to the Senior Research Associate position. My research grant was extended several times and it is currently until the end of 2012, therefore I am always looking for interesting and beneficial projects which could provide funding for my ongoing and future research.

I work in the Hardware Security Group on attack technologies and tamper-resistant processors.

Up-to-date information on my hardware security research

Here is the list of some of my current ongoing projects:

• Using new methods of side-channel analysis for finding backdoors and trojans in secure chips
• Using new technology for health monitoring of hardware systems used in automotive, aerospace and industrial applications
• Using side-channel analysis and fault attacks for partial reverse engineering of secure chips
• Developing new technology for effective side-channel analysis and secret key extraction from real-world devices
• Investigation of hardware security related problems in SRAM, Flash and EEPROM memory of semiconductor chips including microcontrollers, secure memory chips and FPGAs. Evaluation against: fault injection, data remanence, side-channel attacks, heating attacks, side-channel emission analysis attacks, bumping attacks, fault masking attacks and other recently discovered attacks
• Investigation of hardware security related problems in hardware encryption engines embedded into various semiconductor devices. Evaluation against: side-channel attacks, fault injection, side-channel emission, bumping and other recently discovered attacks
• Hardware security analysis of nonvolatile memory structures in microcontrollers, smartcards, CPLDs and FPGAs against all known attacks
• Flash Memory 'Bumping' Attacks
• Using Optical Emission Analysis for Estimating Contribution to Power Analysis
• Optically Enhanced Position-Locked Power Analysis
• Data remanence in EPROM, EEPROM and Flash memories
• Thermal imaging analysis of semiconductors
• Back side imaging techniques
• Fault injection attacks
• Laser scanning microscopy
• Side-channel attacks

I am a member of the following communities:

• Hardware-Oriented Security and Trust (HOST), Program Committee (2008, 2009, 2010, 2011, 2012)
• Cryptographic Hardware and Embedded Systems (CHES), Program Committee (2010, 2012)
• Fault Diagnosis and Tolerance in Cryptography (FDTC), Program Committee (2010, 2011, 2012)
• Smart Card Research and Advanced Application Conference (CARDIS), Program Committee (2011, 2012)
• Constructive Side-Channel Analysis and Secure Design (COSADE), Program Committee (2012)
• IEEE Transactions on Computers (TC), Peer Reviewer (2006, 2007, 2009)
• European Research Council (ERC), Peer Reviewer (2010)
• Wiley Reviewer (2010)
• Journal of Information Security, Reviewer (2011)
• Journal of Cryptographic Engineering (JCEN), Associate Editor (2011)

Here are some of my current project ideas for undergraduate students. Old project ideas are placed here and here.

What's New

I have been critised a lot about the fact that most of the chips I analyse and publish successful attacks on, are built with 0.7-micron or even 0.9-micron technology. This is now changed, meaning that chips I use in my new research investigations are built with at least 0.5-micron technology (still popular in some secure chips) and some tests applied down to 90nm chips, with some interesting results recently published on 0.13-micron chips.

I was contacted many times in the past with questions about consulting projects I can perform here in the lab. It was mainly caused by rapidly growing concerns about hardware security of semiconductor products (mostly microcontrollers, CPLDs and FPGAs) and growing intellectual property theft in Asian countries where most outsourcing is taking place. Some projects were aimed on finding security flaws in existing devices in order to improve their security or to select the most secure parts from a list. Other projects were dedicated for teaching and educating personnel. While other projects were about developing of certain attack techniques. More information on the types of research projects and possible collaboration with industry.

Upcoming events (soonest first)

Past events (latest first)

I created a new page: Up-to-date information on my hardware security research.

I wrote chapter Physical Attacks and Tamper Resistance in Introduction to Hardware Security and Trust, Eds: Mohammad Tehranipoor and Cliff Wang, Springer, September 2011, ISBN 978-1-4419-8079-3

I gave an invited talk "Hardware Security of Semiconductor Chips: Progress and Lessons" on 27 June 2011 at School of Computing Science, Newcastle University (abstract).

I gave two invited talks: Fault attacks on secure chips: from glitch to flash (slides); and Side-channel attacks: new directions and horizons (slides) at ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.

I gave an invited talk at the 2nd ARO Special Workshop on Hardware Assurance (abstract, slides and video).

Synchronization method for SCA and fault attacks. Journal of Cryptographic Engineering (JCEN), Springer, 2011. New application for frequency locking in side-channel and fault attacks on secure microcontrollers and secure FPGAs.

I gave a talk at the Security Group seminar on 7 December 2009 (slides: Bumping attacks: the affordable way of obtaining chip secrets). I presented my research into a new class of fault injection attacks called bumping attacks. These attacks are aimed at data extraction from secure embedded memory, which usually stores critical parts of algorithms, sensitive data and cryptographic keys. I evaluated memory verification and AES authentication schemes used in secure microcontrollers and a highly secure FPGA. Partial reverse engineering of the FPGA made bumping attacks possible via the use of non-invasive threshold voltage alteration combined with power glitching. How the sensitive areas can be found? How the AES key can be attacked? How long does it take to get the AES key? How the super secret factory backdoor can be found? What was the biggest security mistake in Actel ProASIC3, Igloo, Fusion and SmartFusion FPGAs? How not to get screwed by irresponsible corporate security strategy? These and other questions are answered.

I gave a guest lecture "Tamper resistance and hardware security" in the Part II Security course for undergraduate students 2010-11. Slides are substantially revised and new material is included compared to the last year lecture.

Optical Fault Masking Attacks. (slides). I presented new inexpensive semi-invasive optical fault technique which can disable Flash memory write and erase operations 7th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2010).

Real world AES key extraction. Rump session at Cryptographic Hardware and Embedded Systems Workshop (CHES-2010).

Flash Memory 'Bumping' Attacks (slides). New powerful attack method aimed at secure memory integrity check which allows contents and secret key extraction. Appeared at Cryptographic Hardware and Embedded Systems Workshop (CHES-2010).

I gave an invited talk at the PASTIS-2010 Workshop on PACA Security Trends in Embedded Systems (abstract and slides).

I gave an invited talk at the Lorentz Center Workshop on Provable Security against Physical Attacks (abstract and slides).

I gave a guest lecture "Tamper resistance and hardware security" in the Part II Security course for undergraduate students 2009-10. Slides are revised and new material is included compared to the last year lecture.

I gave a talk at the Security Group seminar on 13 October 2009 (slides: Optical surveillance on silicon chips: your crypto keys are visible). I presented my research into a new class of side-channel attacks - optical side-channel attacks on secure semiconductor chips. By using an inexpensive CCD camera to monitor the emission from operating chip, information stored in SRAM, EEPROM and Flash was successfully recovered. In extreme cases, AES key stored inside a secure FPGA chip and used for secure code updates could be extracted thus seriously compromising the hardware security. Protection against these new side-channel attacks should become a new challenge to chip manufacturers.

Using Optical Emission Analysis for Estimating Contribution to Power Analysis. (slides). I presented new inexpensive semi-invasive side-channel attack method which is marking new direction in the hardware security arm race between developers and attackers. 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009).

Local Heating Attacks on Flash Memory Devices (slides). I presented a new semi-invasive attack technique which is aimed on modifying Flash and EEPROM memory as well as data extraction directly from the memory cell. Appeared at 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2009).

I gave a talk at the Security Group seminar on 20 January 2009 (slides: Hardware security: trends and pitfalls of the past decade). I was talking about progress in the hardware security area during the past decade. Instead of looking at various attack technologies, like I did in my previous lectures, I paid more attention to underlying problems of security failures caused by silicon hardware. I summarised achievements in attack and defence technologies and discussed some hardware security related issues of security economics and security psychology. After giving some examples of low-cost attacks on moderately secure silicon chips, I finally tried projecting the trend of hardware security area into the nearest future which is likely to be fruitful on news of more previously thought unbreakable devices actually being easy to attack.

I gave a guest lecture "Tamper resistance and hardware security" in the Part II Security course for undergraduate students 2008-09.

I prepared a short live hardware security demonstration course for students. Demonstrations involved decapsulated samples show, optical microscopy and rear-side infrared microscopy of various microcontrollers including deprocessed chips, optical fault injection history and live attack on security in microcontroller, power analysis attack on security in custom design. A short version of the demonstrations were also given as a part of Show and Tell local event here in the Computer Lab on 29 September 2008.

I gave a talk as invited speaker at the IPAM Workshop on Special purpose hardware for cryptography: Attacks and Applications (abstract and slides).

I gave a talk at the Security Group seminar on 31 October 2006 (slides: Optically Enhanced Position-Locked Power Analysis). I introduced a refinement of the power analysis attack on integrated circuits. By using a laser to illuminate a specific area on the chip surface, the current through an individual transistor can be made visible in the circuit's power trace.

Optically Enhanced Position-Locked Power Analysis (slides). New fascinating results of applying semi-invasive attacks to on-chip SRAM arrays for recovering information about its internal functionality without interfering with the chip operation. Appeared at Cryptographic Hardware and Embedded Systems Workshop (CHES-2006).

I gave a four-hour talk as invited lecturer at the ECRYPT Summer School on Cryptography in Louvain-la-Neuve (Belgium) 12-15 June 2006. I gave an introduction to hardware security and presented my achievements in hardware security analysis in the last six years. The abstract of the talk and references are available here. Slides for Part 1, Part 2, Part 3 and Part 4 of my talk are now available.

Cryptographic Processors -- A Survey (Invited Paper). IEEE Proceedings, Special Issue on Cryptography and Security, February 2006, Vol.94, No.2, pp.357-369. Full version is available as a Technical Report UCAM-CL-TR-641.

Data Remanence in Flash Memory Devices. Cryptographic Hardware and Embedded Systems Workshop (CHES-2005), 30 August - 1 September 2005, LNCS 3659, Springer-Verlag, ISBN 3-540-28474-5, pp.339-353 (slides).

My Ph.D. thesis, which discusses the area of my research and achievements up until the end of 2003, has been out since April 2005 and exists in forms of hardbound copy and on-line Technical Report version. No part of my thesis or correspondent Technical Report may be used to produce any other reports or publications. It can be viewed on a computer or printed out for reference and consultation purposes only. You must contact me and obtain my permission in writing if you want to reproduce or use any images or diagrams from my thesis. I do not provide or authorise any translation of my thesis into other languages.

I gave a talk at the Security Group seminar on 26 October 2004 (slides: Data remanence in non-volatile semiconductor memories. Part I: Introduction and non-invasive approach). I showed how the security protection in microcontrollers and smartcards with EEPROM/Flash memories can be compromised if the information from embedded memory does not disappears completely after erasing.

On a New Way to Read Data from Memory. First International IEEE Security in Storage Workshop, 11 December 2002, Greenbelt Marriott, Maryland, USA.

Optical Fault Induction Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2002), 13-15 August 2002, LNCS 2523, Springer-Verlag, ISBN 3-540-00409-2, pp.2-12 (slides, Russian version). We describe a new class of attacks on secure microcontrollers and smartcards. Illumination of a target transistor causes it to conduct, thereby inducing a transient fault. Such attacks are practical; they do not even require expensive laser equipment. As an illustration of the power of this attack, we developed techniques to set or reset any individual bit of SRAM in a microcontroller. Unless suitable countermeasures are taken, optical probing may also be used to induce errors in cryptographic computations or protocols, and to disrupt the processor's control flow. It thus provides a powerful extension of existing glitching and fault analysis techniques. This vulnerability posed a big problem for the industry, similar to those resulting from probing attacks in the mid-1990s and power analysis attacks in the late 1990s.

Low Temperature Data Remanence in Static RAM. Technical Report UCAM-CL-TR-536, University of Cambridge,Computer Laboratory, June 2002.

Copy Protection in Modern Microcontrollers is an overview of copy protection reliability in modern microcontrollers, 2000.

Recently updated material

Up-to-date information on my hardware security research.

I am a member of the following communities:

• Hardware-Oriented Security and Trust (HOST), Program Committee (2008, 2009, 2010, 2011, 2012)
• Cryptographic Hardware and Embedded Systems (CHES), Program Committee (2010, 2012)
• Fault Diagnosis and Tolerance in Cryptography (FDTC), Program Committee (2010, 2011, 2012)
• Smart Card Research and Advanced Application Conference (CARDIS), Program Committee (2011, 2012)
• Constructive Side-Channel Analysis and Secure Design (COSADE), Program Committee (2012)
• IEEE Transactions on Computers (TC), Peer Reviewer (2006, 2007, 2009)
• European Research Council (ERC), Peer Reviewer (2010)
• Wiley Reviewer (2010)
• Journal of Information Security, Reviewer (2011)
• Journal of Cryptographic Engineering (JCEN), Associate Editor (2011)

Added publications list:

• Physical Attacks and Tamper Resistance. Chapter 7 in Introduction to Hardware Security and Trust, Eds: Mohammad Tehranipoor and Cliff Wang, Springer, September 2011, ISBN 978-1-4419-8079-3
• Hardware Security of Semiconductor Chips: Progress and Lessons. School of Computing Science, Newcastle University, 27 June 2011, Newcastle upon Tyne.
• Fault attacks on secure chips: from glitch to flash. ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.
• Side-channel attacks: new directions and horizons. ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.
• Physical Attacks on Tamper Resistance: Progress and Lessons. 2nd ARO Special Workshop on Hardware Assurance, 11-12 April 2011, Washington DC, USA.
• Synchronization method for SCA and fault attacks. Journal of Cryptographic Engineering (JCEN), Vol.1, No.1, Springer, 2011, pp.71-77.
• Bumping attacks: the affordable way of obtaining chip secrets. Talk at the Security Group seminar 07/12/2010. (slides).
• Tamper resistance and hardware security. Guest lecture in the Part II Security course 2010-11.
• Optical Fault Masking Attacks. 7th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2010), 21 August 2010, Santa Barbara, USA. IEEE-CS Press, ISBN 978-0-7695-4169-3, pp.23-29. (slides).
• Real world AES key extraction. Rump session at Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), 19 August 2010, Santa Barbara, USA.
• Flash Memory 'Bumping' Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), 18-20 August 2010, LNCS 6225, Springer, ISBN 3-642-15030-6, pp.158-172. (slides).
• Fault and side-channel attacks on memory. PASTIS-2010 Workshop on PACA Security Trends in Embedded Systems, June 16 - 17, 2010, Gardanne, France.
• Hardware security of silicon chips: progress, pitfalls and challenges for physical attacks. Lorentz Center Workshop on Provable Security against Physical Attacks. February 15 - 19, 2010, Leiden, Netherlands.
• Poster: Optical surveillance on silicon chips
• Tamper resistance and hardware security. Guest lecture in the Part II Security course 2009-10.
• Optical surveillance on silicon chips: your crypto keys are visible. Talk at the Security Group seminar 13/10/2009 (slides).
• Using Optical Emission Analysis for Estimating Contribution to Power Analysis. 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009). IEEE-CS Press, ISBN 978-0-7695-3824-2, pp.111-119 (slides).
• Local Heating Attacks on Flash Memory Devices. 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2009). IEEE Xplore, ISBN 978-1-4244-4804-3 (slides).
• Hardware security: trends and pitfalls of the past decade. Talk at the Security Group seminar 20/01/2009 (slides).

My research proposal for the ongoing 2010-2011 academic year (public open abstract part only. detailed proposal and other parts are confidential)

Phone:  +44 (0)1223 763563
        +44 (0)1223 763744
Fax:    +44 (0)1223 334678
Email:  Sergei.Skorobogatov (at) cl.cam.ac.uk
        sps32 (at) cl.cam.ac.uk
        sps32 (at) cam.ac.uk
        Sergei.Skorobogatov (at) hushmail.com