840

IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015

A Near-Field Magnetic Sensing System With

High-Spatial Resolution and Application
for Security of Cryptographic LSIs
Nguyen Ngoc Mai-Khanh, Member, IEEE, Tetsuya Iizuka, Member, IEEE, Akihiko Sasaki,
Makoto Yamada, Osamu Morita, and Kunihiro Asada, Member, IEEE

Abstract This paper presents a high-resolution inductive

near-field magnetic sensing system to detect sensitive and
suspicious areas of cryptographic large-scale integration (LSI)
chips for nondestructive inspection. The proposed system includes
a probe chip based on a 0.18-m five-metal-layer CMOS process
technology and a microposition calibration mechanism. The
probe chip includes a magnetic pick-up coil followed by a threestage low-noise amplifier (LNA) to amplify the induced voltage
on the coil. The Si-substrate area under the coil is removed
by applying a focused-ion-beam (FIB) technique to enhance
the quality factor of the coil. A mechanical scanning system
with an ability of microposition calibration is proposed to allow
high-precision calibration and microscanning operation. Highspatial resolution magnetic scanning experiment is conducted
on a microstrip line and on the surface of a cryptographic
field programmable gate array (FPGA) running 128-b advanced
encryption standard (AES) algorithm. By making a comparison
in the scanning performance of a commercial probe, this sensing
measurement holds the advantage of higher resolution magnetic
maps in multiple frequency bands. Moreover, the proposed
system can be used to identify vulnerable areas of cryptographic
LSI chips that can cause location-dependent side-channel leakage.
Index Terms CMOS, coil, cryptography, high-spatial
resolution, integrated circuit, magnetic, probe, sensing.

I. I NTRODUCTION

T HAS been widely known that nondestructive or

side-channel attacks on cryptographic chips can exploit
leaked physical parameters and properties of the chips. Sensing
on such leaked properties of a cryptographic chip during
its operation can reveal corresponding secret key and secure
data. Conventional operating-time-based attack method [1]
Manuscript received May 30, 2014; revised August 6, 2014; accepted
October 12, 2014. Date of publication February 26, 2015; date of current
version March 6, 2015. This work was supported by the Japan Society for
the Promotion of Science through the Grants-in-Aid for Scientific Research
under Grant 24700042. The Associate Editor coordinating the review process
was Dr. Deniz Gurkan.
N. N. Mai-Khanh and K. Asada are with the VLSI Design and
Education Center, University of Tokyo, Tokyo 113-8654, Japan (e-mail:
khanh@silicon.u-tokyo.ac.jp).
T. Iizuka is with the Department of Electrical Engineering and Information
Systems, University of Tokyo, Tokyo 113-8654, Japan.
A. Sasaki and M. Yamada are with Morita-Tech Company, Ltd.,
Kawasaki 215-0032, Japan.
O. Morita is with the Department of Electrical and Electronics Engineering,
Aoyama Gakuin University, Tokyo 150-8366, Japan.
Color versions of one or more of the figures in this paper are available
online at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TIM.2014.2373472

Fig. 1.

Design and measurement procedure of this paper.

analyzes the amount of time required to perform private

key operations of a cryptosystem. In addition, other research
groups employ simple or differential analysis methods on
power consumption [2][5]. For example, Kocher et al. [2]
proposed the differential power attack with a small resistor
connected to the power pin of cryptographic devices to analyze
power consumption. Another improvement on power-based
analysis is correlation power attack [6], [7]. However, leaked
electromagnetic (EM) emanations can provide more secret
information [8], [9] and then side-channel cryptanalysis based
on EM emanations has studied and investigated [10][13].
Electric variations produced from an operating cryptographic
LSI chip generate magnetic flux, which can be detected to
reveal secret information. Sensing methods based on leakage
EM emission of a cryptographic chip provide highest amount
of information compared with power consumption analysis
ones [9]. Micromagnetic sensing approach is preferred due
to its ability of detecting susceptible locations and leaked
magnetic field direction [14], [15]. In LSI circuits, value
changes such as digital clock or data chains in the logic state of
CMOS gates cause time-varying currents and hence produce
concentric magnetic fields around conductors. By placing
magnetic sensing coils close to a cryptographic chips surface
to measure and monitor data-dependent leakage magnetic

0018-9456 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

MAI-KHANH et al.: NEAR-FIELD MAGNETIC SENSING SYSTEM WITH HIGH-SPATIAL RESOLUTION AND APPLICATION

Fig. 2.

841

Three-stage LNA diagram with the magnetic pick-up coil.

Fig. 3.

emanations of the chip, related secret information of the

chip can be captured [3], [13][17]. Therefore, there is a
strong demand to analyze and identify vulnerable portions of
cryptographic chips from EM-based side-channel attacks.
Previously, we presented a near-field magnetic probe with
a coil integrated with an LNA in a chip [18], [19]. However,
the probe system encountered the problem of eddy currents
generated from metal probe holder and the small size of
the coil of 100 100 m2 with the effective core area of
3030 m2 is not sufficient for picking-up and detecting submilliampere electric currents flowing under the lossy material
of the cipher LSI package. Furthermore, the probe must have a
wide frequency range, e.g., 500 MHz in the case of supplying
a 50-MHz clock to the cipher LSI, to capture such high
harmonic signals of the clock frequency emitted from the
clock circuit and other internal frequency synthesizer circuits.
In this paper, which is an extension of [20], we present
our enhancement of near-field magnetic sensing and scanning
system for localized EM nondestructive analysis as described
in Fig. 1. Basic components of the system include an onchip magnetic pick-up coil, an integrated three-stage LNA,
and a plastic probe holder attached to a high-spatial resolution
scanning system. Furthermore, a microposition calibration
mechanism and a postmeasurement step to process scanned
magnetic cartography are presented. Measured results show
an ability of mapping and microresolution locating on a
small logic block intentionally localized on a cryptographic
FPGA.
This paper is organized as follows. Section II presents
the design of the magnetic probe and probe fabrication
steps. Microposition calibration mechanism is described
in Section III. Scanning results of the proposed probe on a
microstrip (MS) line and on the surface of a cryptographic
FPGA, and a comparison with a commercial probe are
discussed in Section IV. Section V concludes this paper.
II. P ROBE D ESIGN AND I NTEGRATION
A. On-Chip Magnetic Pick-Up Coil
Fig. 2 shows a coil with N turns placed at a distance r from
a time-varying current metal wire. As well-known Faradays
induction law, the coil induces the magnetic field based on

Proposed coil with symmetric topology.

the relationship of the magnetic flux through the coil and the
coils voltage, Vcoil . Current I of the wire produces magnetic
flux  B as BiotSavart law:  B = (0 I /2)X ln(r + Y /r ).
If the coil is in a perpendicular direction to the magnetic plane
of the wire, one can write
0
r + Y dI
d B
= N
X ln
(1)
dt
2
r dt
where 0 is the vacuum permeability. If I = I0 sin(2 f 0 t)
Vcoil = N

r +Y
I0 f cos(2 f 0 t).
(2)
r
To enhance Vcoil , increments of both N and X can be
applied but the former confronts the limitation of the number
of metal layers in a determined CMOS technology process
while the latter can offer easily multi-increment in Vcoil .
Therefore, we proposed a magnetic pick-up coil with a larger
size of X = 500 m and Y = 100 m, five times bigger than
that in [18] and [19], to allow more magnetic flux through
the coil, as shown in Fig. 3. The Si-substrate under the coil is
removed by applying an FIB process to avoid eddy currents
and enhance both inductance L and quality factor Q of the
coil [19]. Quality factor of a coil is defined as
Vcoil = N0 X ln

Q = 2

(E mag E elec )
E loss

(3)

where E mag and E elec are peak magnetic and electric energies
stored, respectively, and E loss is the energy loss per cycle [21].
Q is detailed as a product of ideal quality factor (ideal-Q),
substrate loss factor, and self-resonance factor [22]. Ideal-Q
accounts for the magnetic energy stored and the ohmic loss
in series resistance of the coil while self-resonance factor
depends on the increment of electric energy stored. Substrate
loss factor represents the energy dissipated in the Si-substrate.
Note that both substrate loss factor and self-resonance factor
are less than 1. The removal of the Si-substrate under the
coil eliminates the loss on the resistive Si-substrate, reduces
coil-substrate coupling capacitors, and enhances the coils selfinductance. Fig. 4 shows the improvement on L and Q of the
coil when its Si-substrate is removed. The improvement on
L enhances the magnetic energy E mag stored in the coil. The
Si-substrate removal reduces peak electric energy and hence
enhances the quality factor Q of the coil.

842

IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015

Fig. 4. Improvement percentages on L and Q of the Si-substrate removal

case compared with a nonremoved Si-substrate one.

Fig. 5. Periodic rectangular pulse signal x(t) and its harmonic amplitude
function cn in a case of duty cycle D = 1/6. A wideband amplifier is required
due to the existence of sufficient amplitude harmonics.

In practical applications for sensing weak magnetic fields

generated from digital clock-supplied cryptographic LSIs, two
things should be considered to design the related integrated
circuit. First, a high-gain amplifier should be used to magnify
the induced voltage on the coil. In addition, this amplifier should have a low-noise feature and an infinite input
impedance. Second, the circuit including the coil followed by
the amplifier should have an ability of wideband spectrum
sensing to induce and then amplify magnetic fields generated
by not only the fundamental frequency of the clock but
also its harmonics. If clock x(t) is a repeating square pulse
with an amplitude of A, a cycle of T, and a duty cycle
D = 2T p /T as shown in Fig. 5, x(t) is even and hence its
Fourier transformation series contains only cosine terms and
a constant term as
x(t) = c0 +

+

n=1

= D A +

cn cos(nt)
+

2A
n=1

sin(n D)cos(nt)

(4)

Fig. 6. Postprocessing steps including the remove of the Si-substrate area

underneath the coil and mounting the flipped chip to a PCB by golden
balls. An X-ray photo is used to confirm the alignment of chips pads and
corresponding PCBs ones.

as delay-locked loop, phase-locked loop, frequency dividers, or

flip-flops, which can generate magnetic fields in different
frequencies. Therefore, a sufficient wideband amplifier is
required. The proposed variable-gain LNA has a maximum
bandwidth of 500 MHz and a maximum gain of 63 dB in
simulation as presented in the previous work [18]. The LNA is
integrated with the coil into a chip to reduce signal reduction,
reflection, and noise from cables or connections. In addition,
an ability of frequency-band filtering is added to the scanning
system for postmeasuring image processing.
B. Probe Fabrication Steps
Postfabrication steps of the proposed probe include chipmounting on a based printed circuit board (PCB) and
FIB process. After wafer dicing, tiny golden balls are attached
to pads of the probe chip. The probe chip is then flipped and
mounted on a based PCB by the usage of these golden balls.
An FIB process is applied to remove the Si-substrate region
under the coil, as shown in Fig. 6. The PCB then is fixed to a
plastic probe holder. The advantage of the plastic probe holder
compared with the metal one in the previous work [18] is to
reduce other EM interference and to avoid eddy currents on
the metal probe holder. Eddy currents were induced within the
metal probe holder when it was close enough to the deviceunder-test (DUT) and thus caused a magnetic field that could
affect to the sensing on-chip coil. The plastic probe holder is
then attached to the probe arm of the high-precision scanning
system placed in a shielded box to perform calibration and
magnetic cartography scanning.

(5)

where = (2/T ), c0 = D A, and cn = (2 A/n)

sin(n D) is harmonic amplitude. For example, if T = 12T p
or D = 1/6, harmonic components of x(t) are nonzero
except the multiples of the sixth component, as shown in
the right-hand side of Fig. 5. The induced signals at the coil
are proportional with derivation function of x(t), x/t, and
contain harmonic components of x(t). Moreover, inside digital
cryptographic LSIs, there are several clock-based circuits such

III. M ICROPOSITION C ALIBRATION

Fig. 7 shows the calibration setup for horizontal and vertical
directions prior to the implementation of magnetic sensing.
Main components for the calibration are a laser attached to
the probe arm, which also can move along the z-axis, a flat
metal block placed on a motorized stage, and a fixed-lens
camera whose output is fed to a computer. The computer is
utilized to control the positions of the stage and the probes
arm. Outputs of the camera, the laser, and the laser camera are

MAI-KHANH et al.: NEAR-FIELD MAGNETIC SENSING SYSTEM WITH HIGH-SPATIAL RESOLUTION AND APPLICATION

843

Fig. 7. Calibration setup diagram with a real-time microphotograph for calibration. Details of connection cables between computer and other equipment
are omitted.
Fig. 9. Results of the flatness and magnetic scanning on an MS line with
h thickness. The flatness map including relative surface roughness values is
then used in the magnetic scan step to keep the liftoff constant. Note that the
resolution of the flatness scan must be higher or equal to the magnetic scan
resolution.

Fig. 8.

Calibration setup picture and the base PCB with the probe chip.

fed to the computer for monitoring and controlling the calibration process. The distance of the laser original point (LOP) to
any surfaces below can be measured by the laser camera but
the gap between LOP and the probe head should be calculated
by the first calibration step.
The first step of the calibration is to find the gap in z-axis
from LOP to the probe chip head. This step is performed only
once by measuring the distance hz from LOP to the metal
block surface and then manually finding the gap h0 between
the probe chip head and the block surface as depicted in Fig. 7.
Therefore, the gap between LOP and the probe head is the
result of (hz h0). To measure h0, the probe arm is gradually
lowered close to the flat surface of the metal block as shown in
Fig. 8 so that the chip head and the metal block surface can be
in range of the fixed camera and observed on the display. Then,
h0 is measured manually based on the mesh on the display.
Camera position is fixed and the camera lens is set together
with an appropriate distance resolution corresponding to the
display mesh; for example, 20 m/div, as shown in Fig. 7.
From now, the gap between LOP and the probe chip head is
saved and used to calculate the liftoff of the probe chip head
to the surface of any DUTs by the laser.

The second purpose of the calibration is to automatically

scan the flatness of the DUT surface by the laser to compensate
the liftoff. The metal block is removed from the motorized
stage. A DUT, MS line, or FPGA chip, is then placed on
the stage for surface scanning to achieve relative surface
flatness map with a minimum accuracy of 1 m. Each of the
points of this surface map containing values of x y positions
and the relative surface roughness is used to compensate for
the correspondent points on the DUT surface to keep the
same liftoff during the magnetic scanning. Fig. 9 shows an
illustration of height compensation and scanning results on
a surface area of an MS line placed at the liftoff from the
on-chip coil. Details of magnetic scanning results are presented
in the following section.
IV. S ENSING E XPERIMENTAL R ESULTS
Magnetic sensing on an MS line and a cryptographic
FPGA is performed in a shielded room to avoid external
RF inferences. A comparison in magnetic scanning performance between the proposed probe and a commercial one is
presented.
A. Magnetic Sensing on a Microstrip Line
The experimental setup for magnetic sensing on a 100-m
width MS line is shown in Fig. 10. After the calibration,
the MS-line board is located on the motorized stage with
a liftoff d from the coil. To measure the gain between the
probe chip output and the MS-line input, the probe chip output
is connected to port 1 of a Z V L RohdeSchwarz network
analyzer and one terminal of the MS line is connected to
port 2 of the network analyzer. Flatness surface map of the
MS-line board is achieved using the laser. Magnetic scan
is performed across the MS line and along x-axis so that
magnetic flux generated from the MS line is perpendicular

844

IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015

Fig. 12.

Measured probes output by spectrum analyzer on the MS line.

Fig. 10. Two measurement setups using network analyzer and spectrum
analyzer to measure the gain between the probe chip output and the
MS-line input and the probe output versus MS-line positions.

Fig. 11.

Measured gain between the probe output and the MS-line input.

with the coils plane to achieve maximum magnetic flux

through the coil. Fig. 11 shows measured gains between the
probe output and the MS-line input power by varying the liftoff
from 100 to 1000 m.
To measure the magnetic strength distribution on the planes
perpendicular to the MS line, an FSVR20 RohdeSchwarz
spectrum analyzer is connected to the probe chip output and
the MS line is fed with a 0-dBm power by an Agilent N9310A
RF signal generator. The liftoff is kept at 200 m. The laser
is used to scan the surface of the MS-line board and the
thickness of the MS line with a 10-m step. Fig. 12 shows
the measured distributed magnetic strength of the MS line at
four frequencies of 50, 100, 150, and 200 MHz. These results
show a higher gain of this probe in measurements on MS line
than in the previous work [18].
B. Magnetic Sensing on a Cryptographic FPGA
by the Proposed Probe
Another measurement setup is performed to measure magnetic field cartography of a Virtex-5 FPGA running a 128-b
AES algorithm core, as shown in Fig. 13. The FPGA cooling

Fig. 13. (a) Scan setup on FPGA. (b) FPGA floorplanning. (c) Scanned
magnetic cartography of the whole FPGA surface.

cover part is removed to enhance the scanning performance.

The FPGA surface is scanned and marked by the laser, which
is synthesized with a video camera to achieve corresponding
ridge maps. This ridge map is then applied to compensate
for the next step of magnetic scanning to ensure the same
liftoff value for all scanning points. The FPGA is programmed
by a computer through a USB cable, which is wrapped
round by a ferrite cover to reduce EM interference noises,
which can generate low-frequency noise toward the sensing
probe.
AES encryption includes four steps in which substitutionboxes (S-box) are the basic components to perform

MAI-KHANH et al.: NEAR-FIELD MAGNETIC SENSING SYSTEM WITH HIGH-SPATIAL RESOLUTION AND APPLICATION

substitution [23]. To demonstrate the ability of high-spatial

scanning resolution of the proposed probe to detect abnormal or suspicious chips areas, we intentionally mapped the
logic block of S-box1 far away from AES circuits and other
S-boxes by FPGA floorplanning, as shown in Fig. 13(b).
In addition, the S-box1 code-block in the FPGA is added one
more bit so that the operation of S-box1 can be independently
enable/disable to other blocks.
The implementation of magnetic cartography 2-D scanning
by the proposed probe is performed with a scanning spatial
resolution of 50 m and a liftoff of 100 m. The probe
output is connected to a spectrum analyzer whose data are
transferred to a computer. Measured data from the spectrum analyzer are then applied a filtering step in frequency
domain to obtain frequency-dependent magnetic maps.
Fig. 13(c) shows a scanned magnetic cartography at 72 MHz
in the case of operating the AES core with the running of
S-box1. The map shows vertical streaks that can be caused
by the operation of digital registers and metallic mesh inside
the FPGA. Furthermore, several areas in red color disclose
that a higher magnetic field is distributed and leakage information in such positions might be revealed easily under
EM side-channel attacks.

845

TABLE I
M AGNETIC C ARTOGRAPHY S CANNED BY MT-545 C OMMERCIAL P ROBE

C. Comparison in Performance With a Commercial Probe

A commercial probe [24], MT-545, is employed to scan
on the FPGAs surface running the AES core to achieve nearfield magnetic maps for the purpose of comparison in scanning
performance. The FPGA configuration in the case of using
MT-545 is the same with that in the proposed probe.
Table I shows 10-mm 10-mm magnetic maps scanned
by the commercial probe with/without S-box1 operations.
These maps are with several harmonic frequencies of the
FPGAs clock frequency of 24 MHz. These maps provide lower
resolution and less information compared with the scanned
magnetic cartography exhibited in Fig. 13(c). A differential
image processing step is applied for these scanned magnetic
maps to find S-box1-operation-related portions, as shown in
the figures of the rightmost column of Table I. It seems that
these portions are scattered but still distributed along the center
stripe of the maps.
Table II shows 11.2-mm 11.6-mm magnetic maps built
by the proposed probe. Measured data with/without S-box1
operations are collected in several harmonic frequencies of
the clock. In the postscanned processing step, data maps are
rescaled with the same range of 61.0 to 55 dB. Then,
a differential image processing is executed as shown in the
rightmost column of Table II. As can be seen, the map in
the case of 72 MHz (the third harmonic of 24 MHz) shows
the highest received power distribution. However, that of the
fundamental frequency indeed reveals less power distribution
than both of the 48- and 96-MHz maps although in theory
spectrum of the clock signal x(t) shows that the amplitude
of fundamental component is the highest. This is because
the coils voltage induced by the magnetic field increases in
proportion to the frequency of the magnetic, as expressed
in (2). Therefore, the total gain from the induced magnetic

field to the probe output is proportionate to the frequency

within the range from 20 to 300 MHz, as shown in Fig. 11.
Vertical stripes in differential magnetic cartography produced
by the proposed probe are sharper and show more details than
those of MT-545. In addition, one may recognize on these
differential cartography several blurred traces of a gird, which
may correspond to the metal mesh and dummy metals of
the FPGA.
Table IV shows a comparison among this proposal,
MT-545 commercial probe, and prior works. Dubois et al. [25],
Wei and Wilkinson [26], and Zhang et al. [27] used handmade
or on-PCB sensing coils connected to portable or on-board
LNAs for their probes. They used several millimeter size
coils for the detection of the magnetic fields from digital
logic circuits and magnetic induced tomography applications
without any position calibration [25], [26] or with a timedomain simulation-versus-measurement calibration [27] for
millimeter accuracy. These schemes are inadequate for the

846

IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015

TABLE II
M AGNETIC C ARTOGRAPHY S CANNED BY THE P ROPOSED P ROBE

TABLE III
33-mm2 S CANNED M AGNETIC C ARTOGRAPHY OF THE
S-B OX 1 A REA BY THE P ROPOSED P ROBE

security applications that request microprecision magnetic

sensing. Our probe integrates a several hundred micrometer
scale coils with an LNA into a 0.68-mm 2.5-mm chip
to enhance the scanning resolution as well as to reduce the
problems of loss, reflection, and noise from the cable-based
connection between the coil and the LNA. Another group
implemented a standalone coil integration using the same
chip fabrication process with us but employed an external
LNA [28], whereas we realized a single-chip implementation.
We performed a microposition calibration for the measurement
with the higher scanning accuracy of 1 m, which is 10 times
finer than that in [28]. We improved the quality factor of
the coil by the removal of the Si-substrate area under the
coil by applying a postprocessing FIB technique. Because
of the high sensitivity of the integrated magnetic probe and
the fine spatial resolution of our scanning system, we can
perform a magnetic scanning on an abnormal small area of

the cryptographic FPGA surface, including the S-box1 area as

marked in Fig. 13(c), to demonstrate the ability of detecting
malicious blocks. Scanned magnetic maps with a
scanning resolution of 25 m are shown in Table III at
harmonic frequencies of the 24-MHz clock frequency. Corresponding differential maps shows some streaks caused by the
operation of the S-box1 block. These scanned data are rescaled
with the same range of 61.0 to 55 dB. Due to differential
EM maps in harmonic frequencies of 24 MHz as depicted
in the rightmost column, the S-box1 area can be obviously
detected. In addition to the detection of the S-box1 operation,
measured magnetic maps of the S-box1 area scanned by the
proposed microprobe reveals more detailed information and
higher resolution than that by the macro-MT-545. Moreover,
the measured cartography maps in harmonic frequencies show
more sharp-edged stripes and more details. The detection of
the S-box1 area illustrates the ability of the proposed probe

MAI-KHANH et al.: NEAR-FIELD MAGNETIC SENSING SYSTEM WITH HIGH-SPATIAL RESOLUTION AND APPLICATION

847

TABLE IV
C OMPARISON W ITH O THER W ORKS

to detect malicious Trojan blocks, which may be intentionally

installed in cryptographic LSIs.
V. C ONCLUSION
A high-spatial resolution measurement for near-field
magnetic scanning on cryptographic LSIs is presented. The
proposed probe chip includes a magnetic pick-up coil integrated in a chip with a three-stage LNA in a 0.18-m
CMOS process. Sensing enhancement is based on the highspatial resolution mechanical scanning system and the removal
of the Si-substrate under the coil at the cost of the postprocessing of a FIB technique. A microposition calibration is proposed to allow microscanning operation with 1-m accuracy.
Because of these techniques, magnetic sensing applications by
the proposed system, which are conducted on a MS line and a
128-b AES cryptographic FPGA show higher gains than those
in the previous works. A comparison with a macro commercial
probe is also performed. Measured results show that the
proposed microprobe can be applied to detect and localize
vulnerable areas and suspicious components of cryptographic
LSIs from EM side-channel attacks.
ACKNOWLEDGMENT
The authors would like to thank the VLSI Design and
Education Center, the University of Tokyo, Japan, in collaboration with Rohm Corporation, Toppan Printing Corporation,
Synopsys, Inc., Mentor Graphics, Inc., Cadence Design
Systems, Inc., and Agilent Technologies Japan, Ltd. They
would also like to thank Dr. S. Nakajima and Dr. A. Satoh
for their helpful contributions to this paper.
R EFERENCES
[1] P. C. Kocher, Timing attacks on implementations of DiffieHellman,
RSA, DSS, and other systems, in Advances in Cryptology. Berlin,
Germany: Springer-Verlag, 1996, pp. 104113.
[2] P. C. Kocher, J. Jaffe, and B. Jun, Differential power analysis, in
Advances in Cryptology (Lecture Notes in Computer Science), vol. 1666.
Berlin, Germany: Springer-Verlag, 1999, pp. 388397.
[3] E. Peeters, F.-X. Standaert, and J.-J. Quisquater, Power and electromagnetic analysis: Improved model, consequences and comparisons,
Integr., VLSI J., vol. 40, no. 1, pp. 5260, 2007.
[4] S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks: Revealing
the Secrets of Smart Cards. Heidelberg, Germany: Springer-Verlag,
2007.

[5] T. Sugawara et al., Mechanism behind information leakage in electromagnetic analysis of cryptographic modules, in Information Security
Applications (Lecture Notes in Computer Science), vol. 5932. Berlin,
Germany: Springer-Verlag, 2009, pp. 6678.
[6] E. Brier, C. Clavier, and F. Olivier, Correlation power analysis with a
leakage model, in Cryptographic Hardware and Embedded Systems
(Lecture Notes in Computer Science), vol. 3156. Berlin, Germany:
Springer-Verlag, 2004, pp. 1629.
[7] J. Wu, Y. Shi, and M. Choi, Measurement and evaluation of power
analysis attacks on asynchronous S-box, IEEE Trans. Instrum. Meas.,
vol. 61, no. 10, pp. 27652775, Oct. 2012.
[8] D. Real, F. Valette, and M. Drissi, Enhancing correlation electromagnetic attack using planar near-field cartography, in Proc. Design, Autom.
Test Eur. Conf. Exhibit. (DATE), Apr. 2009, pp. 628633.
[9] F.-X. Standaert and C. Archambeau, Using subspace-based template
attacks to compare and combine power and electromagnetic information leakages, in Cryptographic Hardware and Embedded Systems
(Lecture Notes in Computer Science), vol. 5154. Berlin, Germany:
Springer-Verlag, 2008, pp. 411425.
[10] N. Homma, T. Aoki, and A. Satoh, Electromagnetic information
leakage for side-channel analysis of cryptographic modules, in Proc.
IEEE Int. Symp. EMC, Jul. 2010, pp. 97102.
[11] M. Yamaguchi, S. Koya, H. Torizuka, S. Aoyama, and S. Kawahito,
Shielded-loop-type onchip magnetic-field probe to evaluate radiated
emission from thin-film noise suppressor, IEEE Trans. Magn., vol. 43,
no. 6, pp. 23702372, Jun. 2007.
[12] K. Chen, Q. Zhao, P. Zhang, and G. Deng, The power of electromagnetic analysis on embedded cryptographic Ics, in Proc. Int. Conf.
Embedded Softw. Syst. Symp. (ISESS), Jul. 2008, pp. 197201.
[13] K. Gandolfi, C. Mourtel, and F. Olivier, Electromagnetic analysis:
Concrete results, in Cryptographic Hardware and Embedded Systems
(Lecture Notes in Computer Science), vol. 2162. Berlin, Germany:
Springer-Verlag, 2001, pp. 251261.
[14] D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi, The EM
sideChannel(s), in Cryptographic Hardware and Embedded Systems.
Berlin, Germany: Springer-Verlag, Aug. 2002.
[15] J. Lenz and A. S. Edelstein, Magnetic sensors and their applications,
IEEE Sensor J., vol. 6, no. 3, pp. 631648, Jun. 2006.
[16] S. Mangard, Exploiting radiated emissionsEM attacks on cryptographic ICs, in Proc. Austrochip, Linz, Austria, Oct. 2003, pp. 1316.
[17] L. Sauvage, S. Guilley, J.-L. Danger, Y. Mathieu, and M. Nassar,
Successful attack on an FPGA-based WDDL DES cryptoprocessor
without place and route constraints, in Proc. Design, Autom. Test Eur.
Conf. Exhibit. (DATE), 2009, pp. 640645.
[18] N. N. Mai-Khanh, T. Iizuka, M. Yamada, O. Morita, and K. Asada,
An integrated high-precision probe system for near-field magnetic measurements on cryptographic LSIs, in Proc. IEEE Sensors, Oct. 2012,
pp. 20742077.
[19] N. N. Mai-Khanh, T. Iizuka, M. Yamada, O. Morita, and K. Asada,
An integrated high-precision probe system in 0.18-m CMOS for nearfield magnetic measurements on cryptographic LSIs, IEEE Sensors J.,
vol. 13, no. 7, pp. 26752682, Jul. 2013.
[20] N. N. Mai-Khanh, T. Iizuka, M. Yamada, O. Morita, and K. Asada,
High-resolution measurement of magnetic field generated from cryptographic LSIs, in Proc. IEEE Sensor Appl. Symp., Feb. 2014,
pp. 111114.

848

IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 64, NO. 4, APRIL 2015

[21] C. P. Yue and S. S. Wong, On-chip spiral inductors with patterned

ground shields for Si-based RF ICs, IEEE J. Solid-State Circuits,
vol. 33, no. 5, pp. 743752, May 1998.
[22] K. Nishikawa, K. Shintani, and S. Yamakawa, Effects of eddy current
on characteristics of spiral inductors on silicon, Jpn. J. Appl. Phys.,
vol. 48, no. 10R, p. 106502, Jan. 2009.
[23] [Online]. Available: http://www.csrc.nist.gov/publications/fips/fips197/
fips-197.pdf, accessed Nov. 25, 2014.
[24] [Online]. Available: http://www.morita-tech.co.jp/pdf/MT-545%20probe
%20TD.pdf, accessed Sep. 18, 2014.
[25] T. Dubois et al., Near-field electromagnetic characterization and perturbation of logic circuits, IEEE Trans. Instrum. Meas., vol. 57, no. 11,
pp. 23982404, Nov. 2008.
[26] H.-Y. Wei and A. J. Wilkinson, Design of a sensor coil and measurement electronics for magnetic induction tomography, IEEE Trans.
Instrum. Meas., vol. 60, no. 12, pp. 38533859, Dec. 2011.
[27] J. Zhang, K. W. Kam, J. Min, V. V. Khilkevich, D. Pommerenke, and
J. Fan, An effective method of probe calibration in phase-resolved nearfield scanning for EMI application, IEEE Trans. Instrum. Meas., vol. 62,
no. 3, pp. 648658, Mar. 2013.
[28] S. Muroga, K. Arai, S. Dhungana, R. Okuta, Y. Endo, and
M. Yamaguchi, 3-D magnetic-near-field scanner for IC chip-level
noise coupling measurements, IEEE Trans. Magn., vol. 49, no. 7,
pp. 38863889, Jul. 2013.

Nguyen Ngoc Mai-Khanh (M12) was born in

Vung Tau, Vietnam. He received the B.S. and
M.S. degrees in electrical engineering from Vietnam
National University, University of Technology, Ho
Chi Minh City, Vietnam, in 2002 and 2004, respectively, and the Ph.D. degree in electrical engineering
and information systems from the Graduate School
of Engineering, University of Tokyo, Tokyo, Japan,
in 2011.
He joined a system-on-chip short-term project for
the internship with the Toshiba Research and Development Center, Kawasaki, Japan, in 2006. From 2011 to 2013, he was a PostDoctoral Researcher with the VLSI Design and Education Center, University
of Tokyo, where he is currently an Assistant Professor. Since 2006, he has
been a Lecturer with the Faculty of Electrical and Electronic Engineering,
Vietnam National University, University of Technology, HCMC, Viet Nam.
His current research interests include integrated analog circuits and microwave
pulse transceiver circuits.
Dr. Mai-Khanh was a recipient of the Best Paper Award of the Asian
Symposium on Quality Electronic Design in 2010 and the third rank of Best
Student Paper Award of the 9th IEEE NEWCAS Conference in 2011.

Tetsuya Iizuka (M02) received the B.S., M.S., and

Ph.D. degrees in electronic engineering from the
University of Tokyo, Tokyo, Japan, in 2002, 2004,
and 2007, respectively.
He was a High-Speed Serial Interface Circuit
Designer with the industry for two years. He joined
the University of Tokyo in 2009, where he is currently an Assistant Professor with the Department of
Electrical Engineering and Information Systems. His
current research interests include digitally assisted
analog circuits and very large scale integration
computer-aided design.
Dr. Iizuka is a member of the Institute of Electronics, Information and Communication Engineers (IEICE). He was a recipient of the Young Researchers
Award from IEICE in 2002, the IEEE International Conference on Electronics,
Circuits, and Systems Best Student Paper Award in 2006, and the Yamashita
SIG Research Award from the Information Processing Society of Japan in
2007. He is also a member of the IEEE International Solid-State Circuits
Conference and the IEEE Custom Integrated Circuits Conference Technical
Program Committees.

Akihiko Sasaki received the B.E., M.E., and

Ph.D. degrees from the University of ElectroCommunications, Tokyo, Japan, in 2003, 2005, and
2008, respectively.
In 2011, he joined Morita-Tech Company, Ltd.,
Kawasaki, Japan. His current research interests
include evaluation platform of side-channel analysis
and fault analysis on cryptographic circuit.

Makoto Yamada was born in Nagano, Japan.

He received the B.S. degree in electrical engineering from the University of Yamanashi, Yamanashi,
Japan, in 1981.
He joined the Test and Measurement Division,
Yokogawa Hewlett Packard, Tokyo, Japan, as
a Field Sales Engineer. In 2010, he joined
Morita-Tech Company, Ltd., Kawasaki, Japan, as
a Security System Division Manager and Probe
and EMC Scanner Specialist. He is responsible for
overseeing SASEBO and SAKURA Project relating
to side channel attack, DPA, electro-magnetic analysis solutions, current
roadmap for EM, and laser fault injection system.

Osamu Morita was born in Tokyo, Japan.

He received the B.S. degree in electrical engineering
and electronics from Aoyama Gakuin University,
Tokyo, in 1978.
He set up entrepreneurial ventures and provided
custom-made solutions, including key elements of
RF technology, mechatronics, electric circuit design,
and software.

Kunihiro Asada (M80) was born in Fukui,

Japan, in 1952. He received the B.S., M.S., and
Ph.D. degrees in electronic engineering from the
University of Tokyo, Tokyo, Japan, in 1975, 1977,
and 1980, respectively.
He joined the Faculty of Engineering, University
of Tokyo, in 1980, and became a Lecturer, an Associate Professor, and a Professor in 1981, 1985, and
1995, respectively. From 1985 to 1986, he was with
the University of Edinburgh, Edinburgh, U.K., as a
Visiting Scholar supported by the British Council.
From 1990 to 1992, he served as the first Editor of the English version of
IEICE Transactions on Electronics. In 1996, he established the VLSI Design
and Education Center (VDEC), with his colleagues in the University of Tokyo,
which is the center to promote education and research of VLSI design in all the
universities and colleges in Japan. He is currently in charge of the Director of
VDEC. He has authored over 400 technical papers in journals and conference
proceedings. His current research interests include design and evaluation of
integrated systems and component devices.
Dr. Asada is a member of the Institute of Electronics, Information and
Communication Engineers of Japan (IEICE), and the Institute of Electrical
Engineers of Japan (IEEJ). He has received Best Paper Awards from IEEJ,
IEICE, and ICMTS1998/IEEE. He also served as the Chair of the IEEE/SSCS
Japan Chapter from 2001 to 2002 and the IEEE Japan Chapter Operation
Committee from 2007 to 2008.