Dr Sergei Skorobogatov

I am Senior Research Associate in the Security Group at the Computer Laboratory of the University of Cambridge in the UK. Before that I was Research Associate and Research Assistant in the same group.

I received my PhD degree in Computer Science from the University of Cambridge in 2005. I received my MSc degree in Physics, Automatics and Electronics (Engineering Diploma) from the Moscow Engineering Physics Institute (MEPhI, МИФИ) in 1997. In between of those degrees I was working for industry designing various electronic devices for eye sight diagnostic and correction.

My ongoing research projects are aimed at Hardware Security and Hardware Assurance. My first project here was EU funded G3Card project aimed to design a new generation of smartcard chips. This project was finished in January 2003 and since then I had independent research grants from industrial sponsors and collaborators.

Teaching

Since 2008 I have been giving guest lectures on Tamper resistance and hardware security in the Part II Security course for undergraduate students.

I contributed to the PartIII/MPhil ACS course Current Applications and Research in Computer Security as a guest convener with topic "Tampering with hardware" on 25 January 2013.

I am currently a second supervisor of a PhD student Omar Choudary.

I am invited from time to time to give lectures about my research achievements. The usual places are security-related workshops and other universities. Please refer to my publications section for the full list.

I now have a dedicated teaching course on Hardware Security aimed at industrial engineers and graduate students. It covers the following subjects: Introduction to Hardware Security; Common mistakes in the design of secure hardware; Data remanence effects in memory; Imaging techniques and Optical attacks; Side-channel attacks; Lessons, Countermeasures and Defence technologies. The course was well received by various people from industry and academia. I now have a contract with a large industrial chip manufacturing company for running yearly teaching course for their design engineers during the next five years.

I gave a lecture course on Hardware Security of semiconductor chips at Nanyang Technological University in Singapore for undergraduates and PhD students of Temasek Laboratory department in May 2013.

As an initial reading on the hardware security subject I recommend my PhD thesis and a book "Introduction to Hardware Security and Trust" to which I contributed on Physical Security (Chapter 7). For further reading please see my publications list. Also latest research achievements in that area are usually published at the following conferences: CHES, HOST, FDTC, COSADE and CARDIS.

Research

I work in the Hardware Security field on attack technologies and tamper-resistant processors. My Hardware Security research is aimed at finding vulnerabilities, hidden functions and backdoors in silicon chips.

Here is the list of some of my ongoing projects:

• Failure analysis of embedded systems
• Using new methods of side-channel analysis for finding backdoors and trojans in secure chips
• Using new technology for health monitoring of hardware systems used in automotive, aerospace and industrial applications
• Using side-channel analysis and fault attacks for partial reverse engineering of secure chips
• Developing new technology for effective side-channel analysis and secret key extraction from real-world devices
• Investigation of hardware security related problems in SRAM, Flash and EEPROM memory of semiconductor chips including microcontrollers, secure memory chips and FPGAs. Evaluation against: fault injection, data remanence, side-channel attacks, heating attacks, side-channel emission analysis attacks, bumping attacks, fault masking attacks and other recently discovered attacks
• Investigation of hardware security related problems in hardware encryption engines embedded into various semiconductor devices. Evaluation against: side-channel attacks, fault injection, side-channel emission, bumping and other recently discovered attacks
• Hardware security analysis of nonvolatile memory structures in microcontrollers, smartcards, CPLDs and FPGAs against all known attacks
• Flash Memory 'Bumping' Attacks
• Using Optical Emission Analysis for Estimating Contribution to Power Analysis
• Optically Enhanced Position-Locked Power Analysis
• Data remanence in EPROM, EEPROM and Flash memories
• Thermal imaging analysis of semiconductors
• Back side imaging techniques
• Fault injection attacks
• Laser scanning microscopy
• Side-channel attacks

I am a member of the following communities:

• Hardware-Oriented Security and Trust (HOST), Program Committee (2008, 2009, 2010, 2011, 2012, 2013)
• Cryptographic Hardware and Embedded Systems (CHES), Program Committee (2010, 2012)
• Fault Diagnosis and Tolerance in Cryptography (FDTC), Program Committee (2010, 2011, 2012, 2013)
• Smart Card Research and Advanced Application Conference (CARDIS), Program Committee (2011, 2012, 2013)
• Constructive Side-Channel Analysis and Secure Design (COSADE), Program Committee (2012)
• IEEE Transactions on Computers (TC), Peer Reviewer (2006, 2007, 2009, 2012)
• European Research Council (ERC), Peer Reviewer (2010)
• Wiley Reviewer (2010)
• Journal of Information Security, Reviewer (2011)
• Journal of Cryptographic Engineering (JCEN), Associate Editor (2011, 2012)
• Journal of Microelectronics Reliability, Reviewer (2012, 2013)
• Journal of Information Science and Engineering, Reviewer (2013)
• The Computer Journal (COMPJ), Reviewer (2013)
• ACM Transactions on Information and System Security (2013)

Here are some of my current project ideas for undergraduate students. Old project ideas are placed here and here.

What's New

I have been criticised a lot about the fact that most of the chips I analyse and publish successful attacks on, are built with 0.7-micron or even 0.9-micron technology. This is now changed, meaning that chips I use in my new research investigations are built with at least 0.5-micron technology (still popular in some secure chips) and some tests applied down to 90nm chips, with some interesting results recently published on 0.13-micron chips.

I was contacted many times in the past with questions about consulting projects I can perform here in the lab. It was mainly caused by rapidly growing concerns about hardware security of semiconductor products (mostly microcontrollers, CPLDs and FPGAs) and growing intellectual property theft in Asian countries where most outsourcing is taking place. Some projects were aimed on finding security flaws in existing devices in order to improve their security or to select the most secure parts from a list. Other projects were dedicated for teaching and educating personnel. While other projects were about developing of certain attack techniques. More information on the types of research projects and possible collaboration with industry.

Upcoming events (soonest first)

The cause of embedded systems sporadic failures was found and this could have very serious consequences. You might have come across situations when some microcontroller-based systems started behaving odd or stopped working. This might be home appliances, cars, industrial equipment etc. It seems that a serious reliability issue was overlooked and we might see more systems and devices starting to behave unpredictably or going off. If it is a toaster or microwave oven you can cope, but what about old electronic equipment used in cars, avionics and industrial infrastructure? Draft report will be published soon.

Past events (latest first)

I gave a lecture course on Hardware Security of semiconductor chips at Nanyang Technological University in Singapore for undergraduates and PhD students of Temasek Laboratory department in May 2013.

I gave invited talk "Silicon scanning technology for hidden backdoors in semiconductor chips" at National University of Singapore, Department of Engineering on 20 May 2013.

I gave a guest lecture "Tamper resistance and hardware security" in the Part II Security course for undergraduate students 2012-13.

Chip and Skim: cloning EMV cards with the pre-play attack. Co-authored paper on yet another EMV vulnerability. We found flaws in widely-used ATMs from the largest manufacturers. We can now explain at least some of the increasing number of frauds in which victims are refused refunds by banks which claim that EMV cards cannot be cloned and that a customer involved in a dispute must therefore be mistaken or complicit.

Breakthrough silicon scanning discovers backdoor in military chip (slides). Exposes some serious security issues in the devices which were supposed to be unbreakable. Appeared at Cryptographic Hardware and Embedded Systems Workshop (CHES-2012).

In the blink of an eye: There goes your AES key. IACR Cryptology ePrint Archive, Report 2012/296, 2012. Short summary of a real world AES key extraction performed on a military grade FPGA marketed as 'virtually unbreakable' and 'highly secure'.

I gave a guest lecture "Tamper resistance and hardware security" in the Part II Security course for undergraduate students 2011-12.

I created a new page: Up-to-date information on my hardware security research.

I wrote chapter Physical Attacks and Tamper Resistance in Introduction to Hardware Security and Trust, Eds: Mohammad Tehranipoor and Cliff Wang, Springer, September 2011, ISBN 978-1-4419-8079-3

I gave an invited talk "Hardware Security of Semiconductor Chips: Progress and Lessons" on 27 June 2011 at School of Computing Science, Newcastle University (abstract).

I gave two invited talks: Fault attacks on secure chips: from glitch to flash (slides); and Side-channel attacks: new directions and horizons (slides) at ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.

I gave an invited talk at the 2nd ARO Special Workshop on Hardware Assurance (abstract, slides and video).

Synchronization method for SCA and fault attacks. Journal of Cryptographic Engineering (JCEN), Springer, 2011. New application for frequency locking in side-channel and fault attacks on secure microcontrollers and secure FPGAs.

I gave a talk at the Security Group seminar on 7 December 2009 (slides: Bumping attacks: the affordable way of obtaining chip secrets). I presented my research into a new class of fault injection attacks called bumping attacks. These attacks are aimed at data extraction from secure embedded memory, which usually stores critical parts of algorithms, sensitive data and cryptographic keys. I evaluated memory verification and AES authentication schemes used in secure microcontrollers and a highly secure FPGA. Partial reverse engineering of the FPGA made bumping attacks possible via the use of non-invasive threshold voltage alteration combined with power glitching. How the sensitive areas can be found? How the AES key can be attacked? How long does it take to get the AES key? How the super secret factory backdoor can be found? What was the biggest security mistake in Actel ProASIC3, Igloo, Fusion and SmartFusion FPGAs? How not to get screwed by irresponsible corporate security strategy? These and other questions are answered.

I gave a guest lecture "Tamper resistance and hardware security" in the Part II Security course for undergraduate students 2010-11. Slides are substantially revised and new material is included compared to the last year lecture.

Optical Fault Masking Attacks. (slides). I presented new inexpensive semi-invasive optical fault technique which can disable Flash memory write and erase operations 7th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2010).

Real world AES key extraction. Rump session at Cryptographic Hardware and Embedded Systems Workshop (CHES-2010).

Flash Memory 'Bumping' Attacks (slides). New powerful attack method aimed at secure memory integrity check which allows contents and secret key extraction. Appeared at Cryptographic Hardware and Embedded Systems Workshop (CHES-2010).

I gave an invited talk at the PASTIS-2010 Workshop on PACA Security Trends in Embedded Systems (abstract and slides).

I gave an invited talk at the Lorentz Center Workshop on Provable Security against Physical Attacks (abstract and slides).

I gave a guest lecture "Tamper resistance and hardware security" in the Part II Security course for undergraduate students 2009-10. Slides are revised and new material is included compared to the last year lecture.

I gave a talk at the Security Group seminar on 13 October 2009 (slides: Optical surveillance on silicon chips: your crypto keys are visible). I presented my research into a new class of side-channel attacks - optical side-channel attacks on secure semiconductor chips. By using an inexpensive CCD camera to monitor the emission from operating chip, information stored in SRAM, EEPROM and Flash was successfully recovered. In extreme cases, AES key stored inside a secure FPGA chip and used for secure code updates could be extracted thus seriously compromising the hardware security. Protection against these new side-channel attacks should become a new challenge to chip manufacturers.

Using Optical Emission Analysis for Estimating Contribution to Power Analysis. (slides). I presented new inexpensive semi-invasive side-channel attack method which is marking new direction in the hardware security arm race between developers and attackers. 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009).

Local Heating Attacks on Flash Memory Devices (slides). I presented a new semi-invasive attack technique which is aimed on modifying Flash and EEPROM memory as well as data extraction directly from the memory cell. Appeared at 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2009).

I gave a talk at the Security Group seminar on 20 January 2009 (slides: Hardware security: trends and pitfalls of the past decade). I was talking about progress in the hardware security area during the past decade. Instead of looking at various attack technologies, like I did in my previous lectures, I paid more attention to underlying problems of security failures caused by silicon hardware. I summarised achievements in attack and defence technologies and discussed some hardware security related issues of security economics and security psychology. After giving some examples of low-cost attacks on moderately secure silicon chips, I finally tried projecting the trend of hardware security area into the nearest future which is likely to be fruitful on news of more previously thought unbreakable devices actually being easy to attack.

I gave a guest lecture "Tamper resistance and hardware security" in the Part II Security course for undergraduate students 2008-09.

I prepared a short live hardware security demonstration course for students. Demonstrations involved decapsulated samples show, optical microscopy and rear-side infrared microscopy of various microcontrollers including deprocessed chips, optical fault injection history and live attack on security in microcontroller, power analysis attack on security in custom design. A short version of the demonstrations were also given as a part of Show and Tell local event here in the Computer Lab on 29 September 2008.

I gave a talk as invited speaker at the IPAM Workshop on Special purpose hardware for cryptography: Attacks and Applications (abstract and slides).

I gave a talk at the Security Group seminar on 31 October 2006 (slides: Optically Enhanced Position-Locked Power Analysis). I introduced a refinement of the power analysis attack on integrated circuits. By using a laser to illuminate a specific area on the chip surface, the current through an individual transistor can be made visible in the circuit's power trace.

Optically Enhanced Position-Locked Power Analysis (slides). New fascinating results of applying semi-invasive attacks to on-chip SRAM arrays for recovering information about its internal functionality without interfering with the chip operation. Appeared at Cryptographic Hardware and Embedded Systems Workshop (CHES-2006).

I gave a four-hour talk as invited lecturer at the ECRYPT Summer School on Cryptography in Louvain-la-Neuve (Belgium) 12-15 June 2006. I gave an introduction to hardware security and presented my achievements in hardware security analysis in the last six years. The abstract of the talk and references are available here. Slides for Part 1, Part 2, Part 3 and Part 4 of my talk are now available.

Cryptographic Processors -- A Survey (Invited Paper). IEEE Proceedings, Special Issue on Cryptography and Security, February 2006, Vol.94, No.2, pp.357-369. Full version is available as a Technical Report UCAM-CL-TR-641.

Data Remanence in Flash Memory Devices. Cryptographic Hardware and Embedded Systems Workshop (CHES-2005), 30 August - 1 September 2005, LNCS 3659, Springer-Verlag, ISBN 3-540-28474-5, pp.339-353 (slides).

My Ph.D. thesis, which discusses the area of my research and achievements up until the end of 2003, has been out since April 2005 and exists in forms of hardbound copy and on-line Technical Report version. No part of my thesis or correspondent Technical Report may be used to produce any other reports or publications. It can be viewed on a computer or printed out for reference and consultation purposes only. You must contact me and obtain my permission in writing if you want to reproduce or use any images or diagrams from my thesis. I do not provide or authorise any translation of my thesis into other languages.

I gave a talk at the Security Group seminar on 26 October 2004 (slides: Data remanence in non-volatile semiconductor memories. Part I: Introduction and non-invasive approach). I showed how the security protection in microcontrollers and smartcards with EEPROM/Flash memories can be compromised if the information from embedded memory does not disappears completely after erasing.

On a New Way to Read Data from Memory. First International IEEE Security in Storage Workshop, 11 December 2002, Greenbelt Marriott, Maryland, USA.

Optical Fault Induction Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2002), 13-15 August 2002, LNCS 2523, Springer-Verlag, ISBN 3-540-00409-2, pp.2-12 (slides, Russian version). We describe a new class of attacks on secure microcontrollers and smartcards. Illumination of a target transistor causes it to conduct, thereby inducing a transient fault. Such attacks are practical; they do not even require expensive laser equipment. As an illustration of the power of this attack, we developed techniques to set or reset any individual bit of SRAM in a microcontroller. Unless suitable countermeasures are taken, optical probing may also be used to induce errors in cryptographic computations or protocols, and to disrupt the processor's control flow. It thus provides a powerful extension of existing glitching and fault analysis techniques. This vulnerability posed a big problem for the industry, similar to those resulting from probing attacks in the mid-1990s and power analysis attacks in the late 1990s.

Low Temperature Data Remanence in Static RAM. Technical Report UCAM-CL-TR-536, University of Cambridge,Computer Laboratory, June 2002.

Copy Protection in Modern Microcontrollers is an overview of copy protection reliability in modern microcontrollers, 2000.

Recently updated material

Up-to-date information on my hardware security research.

I am a member of the following communities:

• Hardware-Oriented Security and Trust (HOST), Program Committee (2008, 2009, 2010, 2011, 2012, 2013)
• Cryptographic Hardware and Embedded Systems (CHES), Program Committee (2010, 2012)
• Fault Diagnosis and Tolerance in Cryptography (FDTC), Program Committee (2010, 2011, 2012, 2013)
• Smart Card Research and Advanced Application Conference (CARDIS), Program Committee (2011, 2012, 2013)
• Constructive Side-Channel Analysis and Secure Design (COSADE), Program Committee (2012)
• IEEE Transactions on Computers (TC), Peer Reviewer (2006, 2007, 2009, 2012)
• European Research Council (ERC), Peer Reviewer (2010)
• Wiley Reviewer (2010)
• Journal of Information Security, Reviewer (2011)
• Journal of Cryptographic Engineering (JCEN), Associate Editor (2011, 2012)
• Journal of Microelectronics Reliability, Reviewer (2012, 2013)
• Journal of Information Science and Engineering, Reviewer (2013)
• The Computer Journal (COMPJ), Reviewer (2013)
• ACM Transactions on Information and System Security (2013)

Added publications list:

• Poster: Silicon scanning reveals hidden backdoors in semiconductor chips
• Tamper resistance and hardware security. Guest lecture in the Part II Security course 2012-13.
• Chip and Skim: cloning EMV cards with the pre-play attack. Eprint arXiv:1209.2531, September 2012
• Breakthrough silicon scanning discovers backdoor in military chip. Cryptographic Hardware and Embedded Systems Workshop (CHES-2012), 9-12 September 2012, Leuven, Belgium, LNCS 7428, Springer, ISBN 978-3-642-33026-1, pp.23-40. (slides).
• In the blink of an eye: There goes your AES key. IACR Cryptology ePrint Archive, Report 2012/296, 2012.
• Integrated Circuit Investigation Method and Apparatus. Patent number WO2012/046029 A1
• Tamper resistance and hardware security. Guest lecture in the Part II Security course 2011-12.
• Physical Attacks and Tamper Resistance. Chapter 7 in Introduction to Hardware Security and Trust, Eds: Mohammad Tehranipoor and Cliff Wang, Springer, September 2011, ISBN 978-1-4419-8079-3
• Hardware Security of Semiconductor Chips: Progress and Lessons. School of Computing Science, Newcastle University, 27 June 2011, Newcastle upon Tyne.
• Fault attacks on secure chips: from glitch to flash. ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.
• Side-channel attacks: new directions and horizons. ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.
• Physical Attacks on Tamper Resistance: Progress and Lessons. 2nd ARO Special Workshop on Hardware Assurance, 11-12 April 2011, Washington DC, USA.
• Synchronization method for SCA and fault attacks. Journal of Cryptographic Engineering (JCEN), Vol.1, No.1, Springer, 2011, pp.71-77.
• Bumping attacks: the affordable way of obtaining chip secrets. Talk at the Security Group seminar 07/12/2010. (slides).
• Tamper resistance and hardware security. Guest lecture in the Part II Security course 2010-11.
• Optical Fault Masking Attacks. 7th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2010), 21 August 2010, Santa Barbara, USA. IEEE-CS Press, ISBN 978-0-7695-4169-3, pp.23-29. (slides).
• Real world AES key extraction. Rump session at Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), 19 August 2010, Santa Barbara, USA.
• Flash Memory 'Bumping' Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), 18-20 August 2010, LNCS 6225, Springer, ISBN 3-642-15030-6, pp.158-172. (slides).
• Fault and side-channel attacks on memory. PASTIS-2010 Workshop on PACA Security Trends in Embedded Systems, June 16 - 17, 2010, Gardanne, France.
• Hardware security of silicon chips: progress, pitfalls and challenges for physical attacks. Lorentz Center Workshop on Provable Security against Physical Attacks. February 15 - 19, 2010, Leiden, Netherlands.
• Poster: Optical surveillance on silicon chips
• Tamper resistance and hardware security. Guest lecture in the Part II Security course 2009-10.
• Optical surveillance on silicon chips: your crypto keys are visible. Talk at the Security Group seminar 13/10/2009 (slides).
• Using Optical Emission Analysis for Estimating Contribution to Power Analysis. 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009). IEEE-CS Press, ISBN 978-0-7695-3824-2, pp.111-119 (slides).
• Local Heating Attacks on Flash Memory Devices. 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2009). IEEE Xplore, ISBN 978-1-4244-4804-3 (slides).
• Hardware security: trends and pitfalls of the past decade. Talk at the Security Group seminar 20/01/2009 (slides).

My research proposal for the ongoing 2012-2013 academic year (public open abstract part only. detailed proposal and other parts are confidential)

Phone:  +44 (0)1223 763563
        +44 (0)1223 763744
Fax:    +44 (0)1223 334678
Email:  Sergei.Skorobogatov (at) cl.cam.ac.uk
        sps32 (at) cl.cam.ac.uk
        sps32 (at) cam.ac.uk
        Sergei.Skorobogatov (at) hushmail.com