em injection : fault model and locality

EM INJECTION : FAULT MODEL AND LOCALITY S. Ordas𝟏 , L. Guillaume−Sage𝟏, P. 𝐌𝐚𝐮𝐫𝐢𝐧𝐞𝟏,𝟐

𝟏 LIRMM

𝟐 CEA-TECH

STATE OF THE ART

J.J. Quisquater, D. Samyde : Eddy current for Magnetic Analysis with Active Sensor

2

J.-M. Schmidt, M. Hutter : Optical and EM Fault-Attacks on CRT-based RSA: Concrete Results

A. Alaeldine, T. Ordas, R. Perdriau, P. Maurine, M. Ramdani, L. Torres, M. Drissi Assessment of the Immunity of Unshielded Multicore Integrated Circuits to Near Field Injection

F. Poucheret, M. Lisart, L. Chusseau, B. Robisson, P. Maurine Local and Direct EM Injection of Power Into CMOS Integrated Circuits

P. Bayon, L. Bossuet, V. Fischer, F. Poucheret, B. Robisson, P. Maurine Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator

A. Dehbaoui, J-M. Dutertre, P. Orsatelli, P. Maurine, A. Tria Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system

A. Dehbaoui, J-M Dutertre, B. Robisson, A.Tria Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES

2002

2007

2009

2011

2012

2014 S. Ordas,L. Guillaume-Sage, K. Tobich, J-M. Dutertre, P. Maurine Evidence of a larger EM-induced fault model

STATE OF THE ART

J.-M. Schmidt, M. Hutter : Optical and EM Fault-Attacks on CRT-based RSA: Concrete Results

3






EM injection allows disrupting the behavior of embedded memories 2002

2007

2009

2011

2012


STATE OF THE ART


4





EM injection allows disrupting the behavior of embedded memories

EM injection allows disrupting the course of a RSA algorithm

2002

2007

2009

2011

2012


STATE OF THE ART


5






Harmonic EM Injection modifies the propagation delays of logical paths

2002

2007

2009

2011

2012


STATE OF THE ART


6 STATE OF THE ART

6






Harmonic EM Injection modifies the oscillating Frequency of an internal clock generator

2002

2007

2009

2011

2012


STATE OF THE ART 7







2002

2007

2009

2011

2012

Harmonic EM Injection modifies the behavior or RO based TRNG (phase locking)


STATE OF THE ART





2002

2007

2009

2011

2012


EM pulse Injection produces timing faults during the course of hardware cryptographic modules

EM pulse Injection produces timing faults during the course of hardware and software …


8

STATE OF THE ART





2002

2007

2009

2011

2012


EM pulse Injection produces timing faults during the course of hardware cryptographic modules

EM pulse Injection produces timing faults during the course of hardware and software …

9

2014 EM pulse Injection produces bitsets and bitresets

CONCLUSION OF OUR PREVIOUS PAPER

1. Polarity of EM injection is important

2. EM injection has a local effect

3. EM injection induce bitsets and bitresets

4. Pulse must have a high voltage to produce bitset and

bitreset

What kind of faults appears on an operating

circuit?

10

TIMING FAULTS MODEL

Data D1

CLK

LOGIC CLK

Q1 D2 Q2

CLK

Timing constraint :

TCLK→𝑄1+ T𝑄1→𝐷2

< TCLK − Tskew − TSetup

EM Injection induces Setup time constraint violations

11

T𝑄1→𝐷2

TCLK→𝑄1

EM Injection Platform: overview

3-axes vision system 3-axes positioning system Oscilloscope Pulse generator Hand made injection probes a laptop

12

HAND MADE INJECTION PROBES 13

Concentrate the magnetic flux on a reduced

area of the IC surface using concentric field

lines

Directionnal Directionnal

Magnetic flux is spread over a large

surface

EXPERIMENTATION ON AN OPERATING CIRCUIT

Fpga Xilinx Spartan 3

Vdd= 1.2V

Frequency : 100MHz (generated by DCM)

Cartography step : 200µm

Vpulse = 44V << 110V

Hand made probe

100 shoots per position

FSM + Registers

DCM

RS232

AES

To evaluate if some areas of the system are more sensitive to EM pulsed than others

14

LOCALITY OF THE EM INJECTION

AES

FSM + Registers

RS232

DCM

AES

FSM + Registers

RS232

DCM

AES

FSM + Register

RS232

DCM

bad ciphering

bad ciphering

no-response

Crescent injector

flathead injector

15

LOCALITY OF EACH BYTE FAULTED

Byte n°1 Byte n°2 Byte n°3 Byte n°4




16

AES

EXPERIMENTATION ON AN OPERATING CIRCUIT

Fpga Xilinx Spartan 3

Vdd= 1,2V

Frequency : 100MHz (generated by DCM)

Vpulse = 44V << 110V

Hand made probe

Moment of the injection varies for covering all the ciphering

FSM + Registers

DCM

RS232

AES

To evaluate if some moments of the AES calculus are more sensitive to EM pulsed than others

EM probe

17

LOCALIZATION IN TIME OF THE FAULTS

tpulse (ns)

EM in

ject

ion

n°

…

4 to 8 faulted bytes 12 to 16 faulted bytes 2 to 3 faulted bytes

10ns

10ns

10ns

6ns

6ns

Frequency dependence?

18

𝐹𝐶𝐿𝐾 = 100𝑀𝐻𝑧 𝑇𝐶𝐿𝐾 = 10ns

FREQUENCY DEPENDENCE? P

rob

abili

ty (

%)

of

a fa

ult

ed

re

spo

nse

Frequency CLK =25MHz



40ns

20ns

10ns

6ns

6ns

6ns

tpulse (ns)

tpulse (ns)

tpulse (ns)

34ns

14ns

4ns

No frequency dependence Faults are not timing faults

19

𝑇𝐶𝐿𝐾 = 40ns



EXPERIMENT VALIDATION ON MICRO-CONTROLLER

Experiment realized on an AES hardware

Frequency of the CLK : 120MHz P

rob

abili

ty t

o o

bse

rve

a f

ault

ed

re

spo

nse

tpulse (ns)

Vpulse = 120V Vpulse = 160V Vpulse = 190V

8th round

9th round

10th round

8.3ns

2.9ns 4.25ns

20

XXXXXX XXXXXXXXXXXXX

OPERATING CIRCUIT

CK

XXXXXXXXXXXXX D

ts ts+thold ts-tsetup

Data D1

CLK

LOGIC CLK

Q1 D2 Q2

CLK

D

21

: Stability window

: Processing window

FAULT MODEL

Sampling faults Disrupt an input signal of the DFF (CLK, Data ,Reset, Set)

Disrupt during the stability window (tsetup+thold around rising clock edges)

22

XXXXXX XXXXXXXXXXXXX

CK

XXXXXXXXXXXXX D D

ts ts+thold ts-tsetup

EM susceptibility

+ +

: Bitset or bitreset produced

: Sampling fault produced

𝑉𝐻𝑖𝑔ℎ

𝑉𝐿𝑜𝑤

𝐻𝑖𝑔ℎ

𝐿𝑜𝑤

EM power

: Stability window

: Processing window

CONCLUSION 23

1. EM injection has a local effect

2. EM injection may induces bitsets and bitresets

3. EM injection do not produce timing faults

4. EM injection easily disrupts the switching of DFF

5. Define a fault model for EM Injection (the sampling

fault model)

Thank you for your attention

Questions?

em injection : fault model and locality

Documents