[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Log in

Extensive Laser Fault Injection Profiling of 65 nm FPGA

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Fault injection attacks have been widely investigated in both academia and industry during the past decade. In this attack approach, the adversary intentionally induces computational faults in the security components of the integrated circuit (IC) for deducing the confidential information processed or stored inside the device. However, the internal architecture of real-world devices is typically unknown to the attacker and the insufficient information about the device internals often cannot satisfy requirements of a practical fault injection attack. In this paper, we target Field Programmable Gate Array (FPGA) that is widely used in hardware security applications. By analyzing the faulty outputs of implemented algorithms, the scale of logic arrays and the sensitive logic cells can be precisely profiled. Using the outcome of this work, practical attacks can be significantly accelerated, without a need of time-consuming chip-scale injection scan. In addition, the observed fault models are compatible with most of the previously proposed fault models for differential or algebraic fault attacks (DFA/AFA). Moreover, a low-cost and highly sensitive logic-level countermeasure for predicting the laser fault injection attempt is described, which can be applied into any digital IC with a minimal overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18

Similar content being viewed by others

References

  1. Agoyan M, Dutertre JM, Mirbaha AP, Naccache D, Ribotta AL, Tria A (2010) Single-bit DFA using multiple-byte laser fault injection. In: 2010 IEEE international conference on HST, pp 113–119

  2. Alderighi M, Casini F, d’Angelo S, Mancini M, Pastore S, Sechi GR (2007) Evaluation of single event upset mitigation schemes for sram based FPGAs using the FLIPPER fault injection platform. In: 22nd IEEE international symposium on defect and fault-tolerance in VLSI systems, 2007. DFT’07. pp 105–113. IEEE

  3. Anderson R (2001) Security engineering: a guide to building dependable distributed systems

  4. Bagheri N, Ebrahimpour R, Ghaedi N (2013) New differential fault analysis on PRESENT. EURASIP J Advances Signal Process 2013(1):1–10

    Article  Google Scholar 

  5. Bagheri N, Ghaedi N, Sanadhya SK (2015) Differential fault analysis of SHA-3. In: Progress in cryptology–INDOCRYPT 2015, pp 253–269. Springer

  6. Beutler J (2015) Visible light lvp on bulk silicon devices. In: 41st international symposium for testing and failure analysis (November 1-5, 2015), pp 1–8. Asm

  7. Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Advances in cryptology-CRYPTO’97, pp 513–525. Springer

  8. Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) Present: An ultra-lightweight block cipher. In: Paillier P, Verbauwhede I (eds) Cryptographic hardware and embedded systems - CHES 2007: 9th international workshop, Vienna, Austria, September 10-13, 2007. Proceedings, pp 450–466. Springer Berlin Heidelberg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74735-2_31

  9. Boneh D, DeMillo RA, Lipton RJ (2001) On the importance of eliminating errors in cryptographic computations. J Cryptol 14(2):101–119

    Article  MathSciNet  MATH  Google Scholar 

  10. Breier J, Jap D (2015) Testing feasibility of back-side laser fault injection on a microcontroller. In: Proceedings of the WESS’15, pp 5:1–5:6

  11. Buchner S, Miller F, Pouget V, McMorrow D (2013) Pulsed-laser testing for single-event effect investigations. IEEE Trans Nucl Sci 60(3):1852–1875

    Article  Google Scholar 

  12. Canivet G, Maistri P, Leveugle R, Cldire J, Valette F, Renaudin M (2011) Glitch and laser fault attacks onto a secure AES implementation on a SRAM-based FPGA. J Cryptol 24(2):247–268

    Article  MATH  Google Scholar 

  13. Courbon F, Loubet-Moundi P, Fournier JJ, Tria A (2014) Adjusting laser injections for fully controlled faults. In: International workshop on constructive side-channel analysis and secure design, pp 229–242. Springer

  14. Courtois NT, Jackson K, Ware D (2010) Fault-algebraic attacks on inner rounds of des. In: e-Smart’10 proceedings: the future of digital security technologies

  15. Dutertre JM, Mirbaha AP, Naccache D, Tria A (2010) Reproducible single-byte laser fault injection. In: 2010 conference on PRIME, pp 1–4

  16. He W, Breier J, Bhasin S (2016) Cheap and cheerful: a low-cost digital sensor for detecting laser fault injection attacks. In: Security, privacy, and applied cryptography engineering - 6th international conference, SPACE 2016, Hyderabad, India, December 14-18, 2016, Proceedings, pp 27–46. https://doi.org/10.1007/978-3-319-49445-6_2

  17. He W, Otero A, de la Torre E, Riesgo T (2014) Customized and automated routing repair toolset towards side-channel analysis resistant dual rail logic. Microprocess Microsyst 38(8):899–910

    Article  Google Scholar 

  18. Kocher PC, Jaffe J, Jun B (1999) Differential power analysis. CRYPTO 99:388–397

    MATH  Google Scholar 

  19. Kömmerling O, Kuhn MG (1999) Design principles for tamper-resistant smartcard processors. Smartcard 99:9–20

    Google Scholar 

  20. Lima Kastensmidt F, Tambara L, Bobrovsky DV, Pechenkin AA, Nikiforov AY (2014) Laser testing methodology for diagnosing diverse soft errors in a nanoscale sram-based fpga. IEEE Trans Nucl Sci 61(6):3130–3137

    Article  Google Scholar 

  21. Lohrke H, Scholz P, Boit C, Tajik S, Seifert JP (2016) Automated detection of fault sensitive locations for reconfiguration attacks on programmable logic, pp 1–6

  22. Maurine P (2012) Techniques for em fault injection: equipments and experimental results. In: 2012 workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 3–4. IEEE

  23. Merli D, Schuster D, Stumpf F, Sigl G (2011) Semi-invasive em attack on fpga ro pufs and countermeasures. In: Proceedings of the workshop on embedded systems security, WESS ’11, pp 2:1–2:9. ACM, New York, NY, USA. https://doi.org/10.1145/2072274.2072276

  24. Moradi A, Immler V (2014) Early propagation and imbalanced routing, how to diminish in fpgas. In: Cryptographic hardware and embedded systems–CHES 2014, pp 598–615. Springer

  25. Phang J, Chan D, Palaniappan M, Chin J, Davis B, Bruce M, Wilcox J, Gilfeather G, Chua C, Koh L, Ng H, Tan S (2004) A review of laser induced techniques for microelectronic failure analysis. In: Proceedings of the 11th international symposium on the physical and failure analysis of integrated circuits. IPFA 2004, pp 255–261. https://doi.org/10.1109/IPFA.2004.1345617

  26. Pouget V, Douin A, Lewis D, Fouillat P, Foucard G, Peronnard P, Maingot V, Ferron J, Anghel L, Leveugle R, Velazco R (2007) Tools and methodology development for pulsed laser fault injection in SRAM-based FPGAs. In: 8th LATW’07), p. Session 8. IEEE Computer Society, Cuzco, Peru

  27. Quisquater JJ, Samyde D (2002) Eddy current for magnetic analysis with active sensor. In: Esmart 2002, Nice, France

  28. Roscian C, Dutertre JM, Tria A (2013) Frontside laser fault injection on cryptosystems - Application to the AES’ last round. In: 2013 IEEE international symposium on HOST, pp 119–124

  29. Roscian C, Sarafianos A, Dutertre JM, Tria A (2013) Fault model analysis of laser-induced faults in SRAM memory cells. In: 2013 workshop on FDTC, pp 89–98

  30. Selmane N, Bhasin S, Guilley S, Graba T, Danger JL (2009) WDDL is protected against setup time violation attacks. In: FDTC, pp 73–83

  31. Selmke B, Brummer S, Heyszl J, Sigl G (2015) Precise laser fault injections into 90nm and 45nm SRAM-cells. In: CARDIS, pp 1–13

  32. Swierczynski P, Becker GT, Moradi A, Paar C (2017) Bitstream fault injections (bifi)—automated fault attacks against sram-based fpgas. IEEE Trans Comput PP(99):1–14. https://doi.org/10.1109/TC.2016.2646367

    Article  Google Scholar 

  33. Tajik S, Lohrke H, Ganji F, Seifert JP, Boit C (2015) Laser fault attack on physically unclonable functions. In: 2015 workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 85–96. https://doi.org/10.1109/FDTC.2015.19

  34. Tunstall M, Mukhopadhyay D, Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault. In: 5th IFIP WG, WISTP, pp 224–233

  35. Wu K, Karri R, Kuznetsov G, Goessel M (2004) Low cost concurrent error detection for the advanced encryption standard. In: Test conference, 2004. Proceedings. ITC 2004. International, pp 1242–1248. IEEE

  36. Zhang F, Guo S, Zhao X, Wang T, Yang J, Standaert FX, Gu D (2016) A framework for the analysis and evaluation of algebraic fault attacks on lightweight block ciphers. IEEE Trans Inf Forensics Secur 11(5):1039–1054. https://doi.org/10.1109/TIFS.2016.2516905

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jakub Breier.

Additional information

This paper is an extension of the paper entitled “Comprehensive Laser Sensitivity Profiling and Data Register Bit-Flips for Cryptographic Fault Attacks in 65 nm FPGA,” presented at SPACE’16 conference. This version contains an extended related work, covers chip preparation in more details, discusses compatibility with cryptographic fault injection attacks, and presents a countermeasure against laser profiling.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Breier, J., He, W., Bhasin, S. et al. Extensive Laser Fault Injection Profiling of 65 nm FPGA. J Hardw Syst Secur 1, 237–251 (2017). https://doi.org/10.1007/s41635-017-0016-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-017-0016-z

Keywords

Navigation