Investigation of timing constraints violation as a fault injection means ZUSSA Loïc, DUTERTRE Jean-Max, CLEDIERE Jessy, ROBISSON Bruno, TRIA Assia
Context Timing constraints of synchronous digital IC Timing constraints violation : - Overclocking - Underpowering - Overheating Experimental proof : - Uniqueness of the injection mechanism Conclusion 2
Context Many of our daily used electronic devices embed cryptographic features, Often targeted by malicious attackers, In-depth understanding of attack means permit to : - protect properly these devices. - simplify security characterization. 3
Fault attacks against cryptographic system M K 0110010101100001 010110000110011 C 4
Fault attacks against cryptographic system Perturbation M K 0110010101100001 010110000110011 C 110101000101101 Faulted ciphertext Differential comparison 5
Common fault injection means Clock stress Power stress Overheating Laser beams EM injections 6
Common fault injection means Clock stress Power stress Overheating Laser beams EM injections Same mechanism? => Timing constraints violations. 7
Common fault injection means Clock stress Power stress Overheating Laser beams EM injections Same mechanism? => Timing constraints violations. This work : Experimental proof of the UNIQUENESS of the injection mechanism. 8
Experimental setup Injection experiments (10,000 different sets of data) Several injection means : clock, power supply, temperature, Target : hardware AES (Advenced Encryption Standard) 9
Upstream Downstream data 1 1 Logic D Q D Q 1 1 Dff i Dff i+1 clk 10
Upstream Downstream data 1 1 clk Logic D Q D D Q pmax Dff i Dff i+1 Dclk Q 1 1 T clk + T skew - su data arrival time = D clk Q + D pmax data required time = T clk + T skew - su 11
Upstream Downstream data 1 1 clk Logic D Q D D Q pmax Dff i Dff i+1 Dclk Q 1 1 T clk + T skew - su data arrival time = D clk Q + D pmax data required time = T clk + T skew - su T clk > D clk Q + D pmax - T skew + su 12
T clk > D clk Q + D pmax - T skew + su How to obtain a timing constraint violation? 13
T clk > D clk Q + D pmax - T skew + su How to obtain a timing constraint violation? T clk < D clk Q + D pmax - T skew + su Overclocking : (Frequency increasing) 14
T clk > D clk Q + D pmax - T skew + su How to obtain a timing constraint violation? T clk < D clk Q + D pmax - T skew + su Overclocking : (Frequency increasing) T clk < D clk Q + D pmax - T skew + su Underpowering : (Increasing the propagation time) Overheating : (Increasing the propagation time) 15
set-up hold Clk D clk Q Q upstream D pmax D downstream logic glitches D clk Q Q downstream 16 Timing constraint fulfilled
set-up hold Clk Dclk Q Q upstream D pmax D downstream Q downstream logic glitches D clk Q 1 OR 0? 17 Setup time violation (i.e. timing constraint violation) : metastability (non-deterministic)
set-up hold Clk Dclk Q Q upstream D pmax D downstream logic glitches D clk Q Q downstream 18 Timing constraint violation : Early latching (deterministic)
set-up hold Clk D clk Q Q upstream D pmax D downstream logic glitches D clk Q Q downstream 19 Timing constraint fulfilled
Perturbation set-up hold Clk D clk Q Q upstream D pmax D downstream Q downstream logic glitches D clk Q 1 OR 0? 20 Setup time violation (i.e. timing constraint violation) : metastability (non-deterministic)
Perturbation set-up hold Clk D clk Q Q upstream D pmax D downstream logic glitches D clk Q Q downstream 21 Timing constraint violation : Early latching (deterministic)
Planning Step by step overclocking stress until first fault: reference library generation. 10,000 trials with different plaintext and key. Step by step underpowering stress: comparison with the reference library. Step by step overheating stress: comparison with the reference library. 22
Target Algorithm : AES 128 bit (advanced encryption standard) Frequency : 100 MHz Power supply : 1.2V Platform : Spartan 3an 23
Serial COM trigger AES Clock generator Serial COM clock 24
Overclocking (reference lib) Library generated : 10,000 x {Plaintext, Key, Correct Cipher, First Faulted Cipher, Round, bit, Critical time} 25 > 90% single-bit faults.
Plaintext : Key : Cipher text : 57D2B485388BC6EC892217A34DBA548F 5E7A68029190D63F8FEBD4E36982AEC0 B7B70AFC357202B2887F43C812091993 Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n 51 - Round 8 26
Power supply Clock generator AES 27
Underpowering Voltage decreases => critical path increases. Critical Time (ps) 28 Power supply (Volt)
Underpowering Voltage decreases => critical path increases. Critical Time (ps) Metastability 29 Power supply (Volt)
Underpowering Voltage decreases => critical path increases. Critical Time (ps) Metastability Data dependence 30 Power supply (Volt)
Underpowering Voltage decreases => critical path increases. Critical Time (ps) The obtained faults over 10,000 trials by underpowering were found identical to those from the reference library. Metastability Data dependence 31 Power supply (Volt)
Plaintext : Key : Cipher text : 57D2B485388BC6EC892217A34DBA548F 5E7A68029190D63F8FEBD4E36982AEC0 B7B70AFC357202B2887F43C812091993 Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n 51 - Round 8 Underpowering results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical voltage : 1.03 V bit n 51 - Round 8 32
Heating system Clock generator AES 33
Overheating Temperature increases => critical path increases. Critical Time (ps) Data dependence Metastability The obtained faults over 10 trials by overheating were found identical to those from the reference library. 34 Temperature
Plaintext : Key : Cipher text : 57D2B485388BC6EC892217A34DBA548F 5E7A68029190D63F8FEBD4E36982AEC0 B7B70AFC357202B2887F43C812091993 Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n 51 - Round 8 Underpowering results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical voltage : 1.03 V bit n 51 - Round 8 Overheating results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Identical Faulted Cipher text Critical temperature : 129 C bit n 51 - Round 8 35
Injection experiments analysis Overclocking, Underpowering, Overheating. Identical faults : 100 % Metastability (stress increased progressively) Deterministic (same input => same first fault) Data dependence 36
Experimental proof: Overclocking, underpowering and overheating generate identical faulted cipher text. Fault injection due to timing constraints violations. Perspectives: Combined attacks feasible. Improved counter-measure design. Work in progress: Tests with transient perturbations. 37
38 Questions?