Prof. Dr. Jean-Pierre Seifert
Jean-Pierre Seifert studied computer science and mathematics at Johann-Wolfgang-Goethe- University at Frankfurt/Main. Here he received his PhD in the year 2000 with Prof. Dr. Claus Schnorr, one of the most important theoretician in the field of secure information systems. Afterwards Seifert gained intensive practical experience working in the research and development departments for hardware Security at Infineon, Munich and Intel, USA. At Intel, USA (2004 – 2006), Prof. Seifert has been responsible for the design and integration of new CPU security instructions for micro processors that are going to be integrated in all Intel micro processors. From 2007 – 2008 he developed for Samsung Electronics the worldwide first commercial secure cell-phone based on the Linux operating system. Since the end of 2008 Jean-Pierre Seifert has been Professor heading the group “Security in Telecommunications” at TU Berlin. This professorship is at the same time related with the management of the identically-named research field at Telekom Innovation Laboratories, the research and development institute of Deutsche Telekom at TU Berlin. In 2002 Prof. Seifert has been honoured by Infineon with the award “Inventor of the Year” and has received as well two Intel Achievement Awards in 2005 for his new CPU security instructions for the Intel micro processors. Approx. 40 patents have been granted to Prof. Seifert in the field of computer security.
Thermal laser stimulation (TLS) is a failure analysis technique, which can be deployed by an adversary to localize and read out stored secrets in the SRAM of a chip. To this date, a few proof-of-concept experiments based on TLS or similar approaches have been reported in the literature, which do not reflect a real attack scenario. Therefore, it was questioned whether this attack technique is applicable to modern ICs equipped with very strong security countermeasures. The primary aim of this work is to assess the feasibility of launching a TLS attack against a device with very sophisticated security features. To this end, we select a modern (20nm) FPGA, and more specifically, its key memory, the so-called battery-backed SRAM (BBRAM), as a target. We demonstrate that an attacker is able to extract the stored 256-bit AES key used for the decryption of the FPGA’s bitstream, by conducting just a single non-invasive measurement. Moreover, it becomes evident that conventional countermeasures are incapable of preventing our attack since the FPGA is turned off during key recovery. Based on our time measurements, the required effort to develop the complete attack is less than 7 hours.