e-smart 2009 Low cost fault injection method for security characterization

Similar documents
ReCoSoC Experimental Fault Injection based on the Prototyping of an AES Cryptosystem

Cardis When Clocks Fail: On Critical Paths and Clock Faults. Michel Agoyan Bruno Robisson Assia Tria. David Naccache Ecole Normale Supérieure

Investigation of timing constraints violation as a fault injection means. ZUSSA Loïc, DUTERTRE Jean-Max, CLEDIERE Jessy, ROBISSON Bruno, TRIA Assia

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code

Using SystemVerilog Assertions in Gate-Level Verification Environments

A Predictive Delay Fault Avoidance Scheme for Coarse Grained Reconfigurable Architecture

Finite Element Based, FPGA-Implemented Electric Machine Model for Hardware-in-the-Loop (HIL) Simulation

VHDL (and verilog) allow complex hardware to be described in either single-segment style to two-segment style

Marwan Adas December 6, 2011

An High Voltage CMOS Voltage Regulator for automotive alternators with programmable functionalities and full reverse polarity capability

Wind Turbine Emulation Experiment

EE 330 Integrated Circuit. Sequential Airbag Controller

Programmable Comparator Options for the isppac-powr1220at8

(FPGA) based design for minimizing petrol spill from the pipe lines during sabotage

Smart Testing of Smart Charging

ICTP Latin-American Advanced Course on FPGADesign for Scientific Instrumentation. 19 November - 7 December, 2012

Field Programmable Gate Arrays a Case Study

Core Power Delivery Network Analysis of Core and Coreless Substrates in a Multilayer Organic Buildup Package

Full Vehicle Simulation for Electrification and Automated Driving Applications

Holistic Range Prediction for Electric Vehicles

Learn to Design with Stratix III FPGAs Programmable Power Technology and Selectable Core Voltage

CHAPTER 8 A LARGE BLOCK CIPHER HAVING A KEY ON ONE SIDE OF THE PLAINTEXT MATRIX AND ITS INVERSE ON THE OHTER SIDE AS MULTIPLICANTS

Using cloud to develop and deploy advanced fault management strategies

How to generate the Sbox of Luffa

Page 1. Goal. Digital Circuits: why they leak, how to counter. Design methodology: consider all design abstraction levels. Outline: bottom-up

: New technologies in feedback devices - Reduce costs and improve performance, maintenance, and efficiency

CprE 281: Digital Logic

Vehicle Diagnostic Logging Device

Quality control considerations for the development of the front end hybrid circuits for the CMS Outer Tracker upgrade

ABB uses an OPAL-RT real time simulator to validate controls of medium voltage power converters

Sequential Circuit Background. Young Won Lim 11/6/15

Transforming the US Electric Grid

The MathWorks Crossover to Model-Based Design

Safety Exhaust Valve Integration Guide

MSD: Case Studies D R. T A R E K A. T U T U N J I P H I L A D E L P H I A U N I V E R S I T Y, J O R D A N

Successive Approximation Time-to-Digital Converter with Vernier-level Resolution

Test Infrastructure Design for Core-Based System-on-Chip Under Cycle-Accurate Thermal Constraints

The Latest Sensor Trends

CMPEN 411 VLSI Digital Circuits Spring Lecture 20: Multiplier Design

Low Carbon Technology Project Workstream 8 Vehicle Dynamics and Traction control for Maximum Energy Recovery

Internal Combustion Optical Sensor (ICOS)

LiDAR Teach-In OSRAM Licht AG June 20, 2018 Munich Light is OSRAM

Physical Layer Switch

We Support the Automotive World to go Electric Inverter and E-Motor Integration and Validation

6.823 Computer System Architecture Prerequisite Self-Assessment Test Assigned Feb. 6, 2019 Due Feb 11, 2019

A New Approach on Battery Management Systems

ASIC Design (7v81) Spring 2000

Motor Tuning Instructions

Trigger/Timing Logic Unit (TLU) for AIDA Beam-Test

128Mb Synchronous DRAM. Features High Performance: Description. REV 1.0 May, 2001 NT5SV32M4CT NT5SV16M8CT NT5SV8M16CT

AVL SERIES BATTERY BENCHMARKING. Getting from low level parameter to target orientation

LLTek Introduces PowerBox Chip-Tuning Technology

EFFECTIVE APPROACH TO ENHANCE THE SHOCK PERFORMANCE OF ULTRA-LARGE BGA COMPONENTS

Series 905-IV16(E) CAN/CANopen Input Modules Installation and Operating Manual

EXPERIMENTAL VERIFICATION OF INDUCED VOLTAGE SELF- EXCITATION OF A SWITCHED RELUCTANCE GENERATOR

Exploiting Clock Skew Scheduling for FPGA

* NOTE: Legal in California only for racing vehicles which may never be used upon a highway

Objectives / Expected Results

Proposal to establish a laboratory for combustion studies

PROBLEM SOLVING COACHES IN PHYSICS TUTORING PART 2: DESIGN AND IMPLEMENTATION. Qing Xu 4/24/2010 MAAPT

Protection of Power Electronic Multi Converter Systems in AC and DC Applications

FULLY SYNCHRONOUS DESIGN By Serge Mathieu

A Process for Mapping Component Function to Mission Completion

Piktronik d. o. o. Cesta k Tamu 17 SI 2000 Maribor, Slovenia Fax:

A Presentation on. Human Computer Interaction (HMI) in autonomous vehicles for alerting driver during overtaking and lane changing

Incorporating Real Time Computing in Data Center Power Networks

Signal Hardware-In-the-Loop simulation of a Hybrid locomotive

Flexible Waveform Generation Accomplishes Safe Braking

10GBASE-LRM over 300m of FDDI-grade Fiber

University Program Software Selection

The Compact Muon Solenoid Experiment. Conference Report. Mailing address: CMS CERN, CH-1211 GENEVA 23, Switzerland

SECTIONAL AND TILTING DOOR OPENER INSTALLATION INSTRUCTIONS AND USER GUIDE. Comfort 800E/1000E

Flip-Flop Grouping in Data-Driven Clock Gating for Dynamic Power Management

Energy Efficient Content-Addressable Memory

APPLICATION NOTE QuickStick 100 Power Cable Sizing and Selection

Compatibility of STPA with GM System Safety Engineering Process. Padma Sundaram Dave Hartfelder

Using Virtualization to Accelerate the Development of ADAS & Automated Driving Functions

INCREASING ENERGY EFFICIENCY BY MODEL BASED DESIGN

Final Report. James Buttice B.L.a.R.R. EEL 5666L Intelligent Machine Design Laboratory. Instructors: Dr. A Antonio Arroyo and Dr. Eric M.

IJSER. Divya.G Student / M.E Power electronics & drives St. Joseph s College Of Engineering Chennai, Tamil Nadu, India

MGL Avionics EFIS G2 and iefis

GT-POWER/SIMULINK SIMULATION AS A TOOL TO IMPROVE INDIVIDUAL CYLINDER AFR CONTROL IN A MULTICYLINDER S.I. ENGINE

Digital Automatic. Accurate Measurement of On/Off Time for b/g WLAN/WiMAX LNAs LNA ON/OFF TIME. This article compares two

Design Specification. DDR2 UDIMM Enhanced Performance Profiles

Hardware-In-the-Loop (HIL) Testbed for Evaluating Connected Vehicle Applications

A New Buck-Boost Converter for a Hybrid-Electric Drive Stand P. Mašek

HEAVY VEHICLE HARDWARE-IN-THE-LOOP CRASH AVOIDANCE SAFETY SYSTEM SIMULATION WITH EXPERIMENTAL VALIDATION

Topics on Compilers. Introduction to CGRA

ZT-USB Series User Manual

HYB25D256400/800AT 256-MBit Double Data Rata SDRAM

SIMULATING A CAR CRASH WITH A CAR SIMULATOR FOR THE PEOPLE WITH MOBILITY IMPAIRMENTS

Generation of a pool of variable size symmetric keys through Image

Installation Instructions for: Channel Thermocouple Amplifier

APPLICATION NOTE. Short Form Description of the Atmel PEPS System. Atmel ATAN0073. Introduction. Features

Differential Expansion Measurements on Large Steam Turbines

An Integrated Process for FDIR Design in Aerospace

Five Cool Things You Can Do With Powertrain Blockset The MathWorks, Inc. 1

TURBOGENERATOR DYNAMIC ANALYSIS TO IDENTIFY CRITICAL SPEED AND VIBRATION SEVERITY

Freescale Semiconductor, I

10+ YEARS SPECIFIED BATTERY LIFE. Case study: Strips by. Optimizing power usage in IoT devices

Transcription:

e-smart 2009 Low cost fault injection method for security characterization Jean-Max Dutertre ENSMSE Assia Tria CEA-LETI Bruno Robisson CEA-LETI Michel Agoyan CEA-LETI Département SAS Équipe mixte CEA-LETI/ENSMSE Site Georges Charpak Centre Microélectronique de Provence 880, route de Mimet 13541 Gardanne

Outline Secure ICs design issues Threats The need for security characterization tools Short review of existing tools A new fault injection based characterization tool Synchronous ICs timing analysis Faults injection through setup time violation Local over clocking Experimental results Fault nature Fault coverage 2 / 27

The threat Decoder Legal Encrypted video stream K Decrypted video stream «Attack» = method allowing to extract secret information (key K) stored into the device Illegal K K K K Cloned Decoder Cloned Decoder Cloned Decoder Cloned Decoder 3 / 27

Attacks on physical devices Cryptanalysis : mathematical analysis of plain and cipher texts sets plain? cipher Side channel attacks (SCA) : analysis of the chip environment when it performs sensitive computations plain? x(t) Fault attacks : modifications of the chip environment to bypass H/S protections plain? Y Invasive attacks : probing of internal signals? 4 / 27

Fault Attacks (FA) Experiments K Fault injection means (FIM) Cipher texts, side channels, behavior, etc. Data extraction Methods Corrupted execution Differential Fault Analysis Fault based Collision Safe-error Fault models (FM) Injection time Bit /Byte Random / Given value FIM needs to induce faults fitting the FM to allow secret information extraction 5 / 27

Fault Attacks (FA) Requirements : fault injection means must create faults compatible with the fault model, i.e. which enable to fault : particular bits without modifying others, (via spatial and/or timing control) in a particular way (form control), in a repeatable way, several times, without destroying the circuit. And if possible, at low-cost. 6 / 27

The need of security characterization tools Fault injection attacks work well Security issue Needs : - Evaluate fault effect on circuit behavior - Validate Counter measures Security characterization tool When and how? at design time (virtual)? after manufacturing (real)? fault injection means? 7 / 27

When should security evaluation take place? Design flow Simulation Specifications : Functionality Power Speed etc. Synthesis Models gds2 Manufacturing IC Characterization 8 / 27

Characterization when designing (design flow) Characterization in the virtual world Allow security weakness detection before manufacturing saving redesign costs Many injection tools developed for dependability analysis : during simulation (at different abstraction levels) - use of simulators features time consuming - instrumentation-based techniques (saboteurs, mutants) Emulate / Prototyping (on FPGA) - use of device reconfiguration features - instrumentation-based techniques (saboteurs, mutants) hardware acceleration 9 / 27

Characterization in the real world Characterization after manufacturing Use of real fault injection means : May be expensive EM pulse Vcc Over clocking Clk glitch 0 Power glitch Component preparation (opening, thinning, etc.) Flash light Laser (IR, UV, green, etc.) Source : [Skorobogatov02] 10 / 27

A new fault injection based characterization tool A tool for security characterization Target : Hardware prototype : FPGA for FPGA or ASIC final design ASIC prototype (clock access needed) 11 / 27

Fault injection principle Synchronous IC principle (reminds) propagation delay n m data Combinational logic 1 1 1 1 D Q D Q Dff i Dff i+1 clk Data are captured on the clock rising edge Time between two rising edges (i.e. clock period) depends on the propagation delay 12 / 27

Fault injection principle Synchronous IC principle (reminds) propagation delay n m data Combinational logic 1 1 1 1 D Q D Q Dff i Dff i+1 clk T clk clk propagation delay + setup time 12 / 27

Fault injection principle Fault injection principle propagation delay + setup time + margin n inputs Combinational logic D 0 D 1 D m-1 m outputs clk T clk 13 / 27

Fault injection principle Fault injection principle propagation delay + setup time + margin n inputs Combinational logic D 0 D 1 D m-1 m outputs clk T clk fault < T clk early data latching setup time violation Fault injection 13 / 27

Fault injection principle Fault location - Propagation delay delay outputs = f (inputs) n Combinational logic D 0 D 1 D m-1 m f logical function each D i had its own propagation delay inputs outputs Fault location : where delay Di > Tclk setup time Propagation times depend on : the logical states ( 0 / 1 ) the propagation delay changes with the inputs allow to change the fault location the power supply voltage the temperature 14 / 27

Fault injection by setup time violation Fault injection - Over clocking A well known approach decreasing the clock period unless faults appear by setup time violation T clk clk propagation delay + setup time T clk fault clk drawback : faults are injected at each clock cycle no timing control 15 / 27

Fault injection Local over clocking Setup time violation by modifying one clock cycle Fault injection by setup time violation T clk clk T clk - T clk fault injection cycle choice fault-nature fine tuning through T fine control (one-bit, two-bits faults) T variation step = 35 ps Experiment T clk = 10 ns 300 steps @ 100 MHz 16 / 27

Fault injection Local over clocking (cont d) Fault injection by setup time violation clk generation : use of an on chip Delay Locked Loop (Xilinx Virtex-5). Tclk clk clk Tclk - T 17 / 27

Fault injection Local over clocking (cont d) Fault injection by setup time violation clk generation : use of an on chip Delay Locked Loop (Xilinx Virtex-5). Tclk clk clk clk Tclk - T 17 / 27

Fault injection Local over clocking (cont d) Fault injection by setup time violation clk generation : use of an on chip Delay Locked Loop (Xilinx Virtex-5). Tclk clk clk clk clk Tclk - T All digital, easy to implement. 17 / 27

Experimental results Experimental setup COM serial trigger Clock generation board AES board COM serial clock 18 / 27

Experimental results T = 0 19 / 27

Experimental results T = 20 x 35 ps 19 / 27

Experimental results T = 40 x 35 ps 19 / 27

Experimental results T = 60 x 35 ps 19 / 27

Experimental results T = 80 x 35 ps 19 / 27

Experimental results T = 100 x 35 ps 19 / 27

Experimental results AES 128 bits (Rijndael / FIPS - 197) Round key Plain text 128 Mux 128 128 AddRoundKey 128 Cipher text 128 Round nb 128 MixColumns 128 ShiftRows 128 SubBytes Round nb clk 128 bits data path worst case for fault coverage clocked on Sboxes outputs 20 / 27

Experimental results Experiment scheme Initialization : T = 0, error = 0 Send plaintext T and key K to the AES Compute c = AES(T, K) Until error 0 : T = T + 35 ps c = AES T (T, K) error = c c return (error, T) Experiment results : error = 1-bit fault (rate greater than 90% for different T, K) Repeat previous algorithm for T,K constant -> same results 21 / 27

Repeat algorithm 12 000 times for T, K random Experimental results For each 1-bit fault -> retrieve T (i.e. critical time) -> retrieve error (fault location) - critical time changes with data : Number of occurrence 1400 1200 1000 800 600 400 Critical time is given for 1-bit faults 200 0 7285 7355 7425 7495 7565 7635 7705 7775 7845 7915 7985 8055 8125 8195 8265 8335 8405 8475 8545 8615 8685 8755 8825 Critical time (ps) 22 / 27

Experimental results Fault coverage AES : 16 bytes (Sboxes outputs) 128 bits (AES state) Ability to inject fault on different location Remember : propagation times depend on : the logical states ( 0 / 1 ) the propagation delay changes with the inputs allow to change the fault location Analyze previous data to draw the faulted bytes and bits maps 23 / 27

Experimental results - Fault location analysis at byte level (Sboxes outputs) 350 Byte 0 Byte 1 300 Byte 2 Byte 3 Number of occurrence 250 200 150 100 Byte 4 Byte 5 Byte 6 Byte 7 Byte 8 Byte 9 Byte 10 50 Byte 11 Byte 12 0 7355 7460 7565 7670 7775 7880 7985 8090 8195 Critical time (ps) 8300 8405 8510 8615 8720 8825 Byte 13 Byte 14 Byte 15 24 / 27

Experimental results - Fault location analysis at byte level (Sboxes outputs) 350 Byte 0 Byte 1 300 10 (1418) Byte 2 Byte 3 Number of occurrence 250 200 150 100 50 3 (1913) 2 (1943) 7 (1639) Byte 4 Byte 5 Byte 6 Byte 7 Byte 8 Byte 9 Byte 10 Byte 11 Byte 12 0 7355 7460 7565 7670 7775 7880 7985 8090 8195 Critical time (ps) 8300 8405 8510 8615 8720 8825 Byte 13 Byte 14 Byte 15 24 / 27

Experimental results - Fault location analysis at byte level (Sboxes outputs) 350 Byte 0 Byte 1 300 10 (1418) Byte 2 Byte 3 Number of occurrence 250 200 150 100 50 3 (1913) 2 (1943) 7 (1639) Byte 4 Byte 5 Byte 6 Byte 7 Byte 8 Byte 9 Byte 10 Byte 11 Byte 12 0 7355 7460 7565 7670 7775 14 (37) 7880 5 (5) 7985 8090 8195 Critical time (ps) 8 (41) 8300 8405 8510 8615 8720 8825 Byte 13 Byte 14 Byte 15 24 / 27

Experimental results - Fault location analysis at bit level (Byte 3) 250 Number of occurrence 200 150 100 50 bit 0 bit 3 bit 6 bit 7 bit 1 Byte 3 bit 5 bit 4 0 7285 7355 7425 7495 7565 7635 7705 7775 7845 7915 7985 8055 8125 8195 8265 8335 8405 8475 8545 8615 8685 8755 8825 Critical time (ps) 25 / 27

Experimental results - fault location synthesis : Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 Byte 7 Byte 8 Byte 9 Byte 10 Byte 11 Byte 12 Byte 13 Byte 14 Byte 15 bit0 0 0 77 893 0 0 56 1 6 0 1402 0 438 746 22 0 bit1 0 9 1554 11 17 0 1 176 0 0 13 0 0 1 0 7 bit2 0 216 0 0 0 0 0 107 1 11 2 2 0 10 10 21 bit3 0 0 0 629 2 0 1 0 0 1 0 56 0 0 0 663 bit4 0 32 0 275 33 0 0 3 0 0 0 0 222 147 0 29 bit5 0 0 312 33 23 0 0 1290 22 0 0 2 368 9 0 406 bit6 225 690 0 69 83 5 0 0 0 486 1 0 0 0 5 3 bit7 0 10 0 3 95 0 0 62 12 43 0 0 0 0 0 0 Total 225 957 1943 1913 253 5 58 1639 41 541 1418 60 1028 913 37 1129 1-bit faults were injected : at every Sbox at 64 bits < 10 < 100 100 Without modifying the design Reduced design instrumentation (on the clock tree) allows reaching all locations Enough to emulate all differential fault attacks 26 / 27

Conclusion A new low-cost fault injection based characterization tool Setup time violation (clock access needed) Low-cost (a few k ) Easy to implement All digital No design modification needed Hardware prototype : On chip FPGA s DLL FPGA for FPGA or ASIC final design during design flow ASIC prototype (after manufacturing) Very good timing control (choice of the injection cycle) Fine fault nature control (1-bit fault or more) Fault coverage : ok to implement DFA extendable with a few instrumentation Contact for more information : dutertre@emse.fr 27 / 27

2024 © autodocbox.com Privacy Policy | Terms of Service | Feedback