Investigation of timing constraints violation as a fault injection means. ZUSSA Loïc, DUTERTRE Jean-Max, CLEDIERE Jessy, ROBISSON Bruno, TRIA Assia

Similar documents
ReCoSoC Experimental Fault Injection based on the Prototyping of an AES Cryptosystem

e-smart 2009 Low cost fault injection method for security characterization

Cardis When Clocks Fail: On Critical Paths and Clock Faults. Michel Agoyan Bruno Robisson Assia Tria. David Naccache Ecole Normale Supérieure

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code

Using SystemVerilog Assertions in Gate-Level Verification Environments

CHAPTER 8 A LARGE BLOCK CIPHER HAVING A KEY ON ONE SIDE OF THE PLAINTEXT MATRIX AND ITS INVERSE ON THE OHTER SIDE AS MULTIPLICANTS

Sequential Circuit Background. Young Won Lim 11/6/15

ICTP Latin-American Advanced Course on FPGADesign for Scientific Instrumentation. 19 November - 7 December, 2012

VHDL (and verilog) allow complex hardware to be described in either single-segment style to two-segment style

CprE 281: Digital Logic

EE 330 Integrated Circuit. Sequential Airbag Controller

IC Engine Control - the Challenge of Downsizing

Compatibility of STPA with GM System Safety Engineering Process. Padma Sundaram Dave Hartfelder

How to generate the Sbox of Luffa

A Predictive Delay Fault Avoidance Scheme for Coarse Grained Reconfigurable Architecture

Overview. Battery Monitoring

B100S - Super Swing. Instruction Manual. Document number: B100S-C Release: V4.0 Date: May 08,2009

Page 1. Goal. Digital Circuits: why they leak, how to counter. Design methodology: consider all design abstraction levels. Outline: bottom-up

Logic module. Brief description. Features. Block structure. Data Sheet Page 1/5

Crystalfontz. Thiscontrolerdatasheetwasdownloadedfrom htp:/ NT TFT LCD Source Driver V0.6.

EPE97 OPTIMIZED DESIGN OF VARIABLE-SPEED DRIVES BASED ON NUMERICAL SIMULATION

J.-J.Simond*, A.Sapin**, B.Kawkabani*, D.Schafer***, M.Tu Xuan*, B.Willy***

SiCan Simple CAN Extension Charger to PacMon

D-25 Speed Advisory System

WP8: Engine Integrated SCR and combined SCR and DPF

F-4600 INLINE ULTRASONIC FLOW METER Installation and Operation Guide

* NOTE: Legal in California only for racing vehicles which may never be used upon a highway

PumpSmart. Control Solutions

Field Programmable Gate Arrays a Case Study

QS 100 LSM Power Management

Coriolis Density Error Compensating for Ambient Temperature Effects

Transmission Grid Reinforcement with Embedded VSC-HVDC. Jonatan Danielsson, Sugam Patel, Jiuping Pan, Reynaldo Nuqui

Selective Coordination Requirements

XC95288 In-System Programmable CPLD

Programmable Comparator Options for the isppac-powr1220at8

Exploiting Clock Skew Scheduling for FPGA

Smart Grid Automation and Centralized FISR

N Revision A

Incorporating Drivability Metrics into Optimal Energy Management Strategies for Hybrid Vehicles. Daniel Opila

FULLY SYNCHRONOUS DESIGN By Serge Mathieu

Optimal Start Time: Precool and Preheat

development of hybrid electric vehicles

( DOC No. HX8705-B-DS ) HX8705-B

Real-time Simulation of Electric Motors

CIPHERING & DECIPHERING UNITS

NASA Glenn Research Center Intelligent Power System Control Development for Deep Space Exploration

SWIRL MEASURING EQUIPMENT FOR DIRECT INJECTION DIESEL ENGINE

Analysis of Turbine Missile & Turbine-Generator Overspeed Protection System Failure Probability at NPPs: A case study from PSA perspective

CCHMP Comments on ConocoPhillips Incident Report For 10/22/10 Flaring Event

ULTRASONIC TESTING OF RAILWAY AXLES WITH PHASED ARRAY TECHNIQUE EXPERIENCES DURING OPERATION

Introduction to hmtechnology

Setup Tabs. Basic Setup: Advanced Setup:

Performed by: Institute of Transportation Studies University of California, Irvine. Sponsored by: California Air Resources Board

Selective Coordination

CHAPTER 7 CONCLUSION

TRAVEL CORDSET AND WALL STATION TEST REPORT

High-Throughput Asynchronous Pipelines for Fine-Grain Dynamic Datapaths Λ

Shared Learning. SL027/18 Selection of Suitable Circuit Protection. 18-Jun-18 / 1

Slippage Detection and Traction Control System

Generation of a pool of variable size symmetric keys through Image

100GE PCS Modeling. Oded Trainin, Hadas Yeger, Mark Gustlin. IEEE HSSG September 2007

Low Carbon Technology Project Workstream 8 Vehicle Dynamics and Traction control for Maximum Energy Recovery

Marwan Adas December 6, 2011

Trigger/Timing Logic Unit (TLU) for AIDA Beam-Test

Development: Server Vehicle Rendezvous

Grid Impact of Electric Vehicles with Secondary Control Reserve Capability

4100C BOSS AC Shovel Drive System Overview. WMEA Edmonton - June 2008

Design Specification. DDR2 UDIMM Enhanced Performance Profiles

International Journal of Advance Engineering and Research Development

Development and validation of design rules to improve integrated circuit immunity before manufacturing

FS2 Valves. Solenoid Powered to Close / Auto Reset Butterfly Valves

ST Motor Profiler (STM32 PMSM FOC SDK) Tips and Tricks

ALTERNATIVE BUNCH FILLING SCHEME FOR THE LHC - PART II (INJECTOR COMPLEX)

Fuzzy based STATCOM Controller for Grid connected wind Farms with Fixed Speed Induction Generators

Trip Wire. Category: Physics: Electricity & Magnetism. Type: Make & Take Rough Parts List:

54ACxxxx, 54ACTxxxx. Rad-hard advanced high-speed 5 V CMOS logic series. Features. Description

Research Article Remotely Powered and Reconfigured Quasi-Passive Reconfigurable Nodes for Optical Access Networks

Overview of Helicopter HUMS Research in DSTO Air Vehicles Division

Cleaning of Diesel Particle Filters

Recent enhancement to SI-ICE combustion models: Application to stratified combustion under large EGR rate and lean burn

37 th Gas-Lift Workshop Houston, Texas, USA February 3 7, 2014

AN EXTREMELY COMPACT, HIGH TORQUE CONTINUOUSLY VARIABLE POWER TRANSMISSION FOR LARGE HYBRID TERRAIN VEHICLES

Electricity concepts teacher backgrounder

Vector E-Mobility Engineering Day. Platform implementing V2G services Bidirectional Power Transfer using Edition 2.

Asynchronous slip-ring motor synchronized with permanent magnets

Test Infrastructure Design for Core-Based System-on-Chip Under Cycle-Accurate Thermal Constraints

Control System for a Diesel Generator and UPS

Dual-Rail Domino Logic Circuits with PVT Variations in VDSM Technology

Design and Analysis of 32 Bit Regular and Improved Square Root Carry Select Adder

NEW SERIES OF ETIBREAK EB2 IN VIEW OF SELECTIVITY

CHAPTER 1 INTRODUCTION

CMPEN 411 VLSI Digital Circuits Spring Lecture 20: Multiplier Design

SIZING AND TECHNO-ECONOMIC ANALYSIS OF A GRID CONNECTED PHOTOVOLTAIC SYSTEM WITH HYBRID STORAGE

Experience and History

Instruction Sheet Kit Number:

INSTITUTO SUPERIOR TÉCNICO. Architectures for Embedded Computing

Cascading. Complementary technical information

GT-Suite European User Conference

Minimizing Transmix With FuellCheck

Differential Pressure Switch

Transcription:

Investigation of timing constraints violation as a fault injection means ZUSSA Loïc, DUTERTRE Jean-Max, CLEDIERE Jessy, ROBISSON Bruno, TRIA Assia

Context Timing constraints of synchronous digital IC Timing constraints violation : - Overclocking - Underpowering - Overheating Experimental proof : - Uniqueness of the injection mechanism Conclusion 2

Context Many of our daily used electronic devices embed cryptographic features, Often targeted by malicious attackers, In-depth understanding of attack means permit to : - protect properly these devices. - simplify security characterization. 3

Fault attacks against cryptographic system M K 0110010101100001 010110000110011 C 4

Fault attacks against cryptographic system Perturbation M K 0110010101100001 010110000110011 C 110101000101101 Faulted ciphertext Differential comparison 5

Common fault injection means Clock stress Power stress Overheating Laser beams EM injections 6

Common fault injection means Clock stress Power stress Overheating Laser beams EM injections Same mechanism? => Timing constraints violations. 7

Common fault injection means Clock stress Power stress Overheating Laser beams EM injections Same mechanism? => Timing constraints violations. This work : Experimental proof of the UNIQUENESS of the injection mechanism. 8

Experimental setup Injection experiments (10,000 different sets of data) Several injection means : clock, power supply, temperature, Target : hardware AES (Advenced Encryption Standard) 9

Upstream Downstream data 1 1 Logic D Q D Q 1 1 Dff i Dff i+1 clk 10

Upstream Downstream data 1 1 clk Logic D Q D D Q pmax Dff i Dff i+1 Dclk Q 1 1 T clk + T skew - su data arrival time = D clk Q + D pmax data required time = T clk + T skew - su 11

Upstream Downstream data 1 1 clk Logic D Q D D Q pmax Dff i Dff i+1 Dclk Q 1 1 T clk + T skew - su data arrival time = D clk Q + D pmax data required time = T clk + T skew - su T clk > D clk Q + D pmax - T skew + su 12

T clk > D clk Q + D pmax - T skew + su How to obtain a timing constraint violation? 13

T clk > D clk Q + D pmax - T skew + su How to obtain a timing constraint violation? T clk < D clk Q + D pmax - T skew + su Overclocking : (Frequency increasing) 14

T clk > D clk Q + D pmax - T skew + su How to obtain a timing constraint violation? T clk < D clk Q + D pmax - T skew + su Overclocking : (Frequency increasing) T clk < D clk Q + D pmax - T skew + su Underpowering : (Increasing the propagation time) Overheating : (Increasing the propagation time) 15

set-up hold Clk D clk Q Q upstream D pmax D downstream logic glitches D clk Q Q downstream 16 Timing constraint fulfilled

set-up hold Clk Dclk Q Q upstream D pmax D downstream Q downstream logic glitches D clk Q 1 OR 0? 17 Setup time violation (i.e. timing constraint violation) : metastability (non-deterministic)

set-up hold Clk Dclk Q Q upstream D pmax D downstream logic glitches D clk Q Q downstream 18 Timing constraint violation : Early latching (deterministic)

set-up hold Clk D clk Q Q upstream D pmax D downstream logic glitches D clk Q Q downstream 19 Timing constraint fulfilled

Perturbation set-up hold Clk D clk Q Q upstream D pmax D downstream Q downstream logic glitches D clk Q 1 OR 0? 20 Setup time violation (i.e. timing constraint violation) : metastability (non-deterministic)

Perturbation set-up hold Clk D clk Q Q upstream D pmax D downstream logic glitches D clk Q Q downstream 21 Timing constraint violation : Early latching (deterministic)

Planning Step by step overclocking stress until first fault: reference library generation. 10,000 trials with different plaintext and key. Step by step underpowering stress: comparison with the reference library. Step by step overheating stress: comparison with the reference library. 22

Target Algorithm : AES 128 bit (advanced encryption standard) Frequency : 100 MHz Power supply : 1.2V Platform : Spartan 3an 23

Serial COM trigger AES Clock generator Serial COM clock 24

Overclocking (reference lib) Library generated : 10,000 x {Plaintext, Key, Correct Cipher, First Faulted Cipher, Round, bit, Critical time} 25 > 90% single-bit faults.

Plaintext : Key : Cipher text : 57D2B485388BC6EC892217A34DBA548F 5E7A68029190D63F8FEBD4E36982AEC0 B7B70AFC357202B2887F43C812091993 Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n 51 - Round 8 26

Power supply Clock generator AES 27

Underpowering Voltage decreases => critical path increases. Critical Time (ps) 28 Power supply (Volt)

Underpowering Voltage decreases => critical path increases. Critical Time (ps) Metastability 29 Power supply (Volt)

Underpowering Voltage decreases => critical path increases. Critical Time (ps) Metastability Data dependence 30 Power supply (Volt)

Underpowering Voltage decreases => critical path increases. Critical Time (ps) The obtained faults over 10,000 trials by underpowering were found identical to those from the reference library. Metastability Data dependence 31 Power supply (Volt)

Plaintext : Key : Cipher text : 57D2B485388BC6EC892217A34DBA548F 5E7A68029190D63F8FEBD4E36982AEC0 B7B70AFC357202B2887F43C812091993 Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n 51 - Round 8 Underpowering results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical voltage : 1.03 V bit n 51 - Round 8 32

Heating system Clock generator AES 33

Overheating Temperature increases => critical path increases. Critical Time (ps) Data dependence Metastability The obtained faults over 10 trials by overheating were found identical to those from the reference library. 34 Temperature

Plaintext : Key : Cipher text : 57D2B485388BC6EC892217A34DBA548F 5E7A68029190D63F8FEBD4E36982AEC0 B7B70AFC357202B2887F43C812091993 Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n 51 - Round 8 Underpowering results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical voltage : 1.03 V bit n 51 - Round 8 Overheating results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Identical Faulted Cipher text Critical temperature : 129 C bit n 51 - Round 8 35

Injection experiments analysis Overclocking, Underpowering, Overheating. Identical faults : 100 % Metastability (stress increased progressively) Deterministic (same input => same first fault) Data dependence 36

Experimental proof: Overclocking, underpowering and overheating generate identical faulted cipher text. Fault injection due to timing constraints violations. Perspectives: Combined attacks feasible. Improved counter-measure design. Work in progress: Tests with transient perturbations. 37

38 Questions?

2024 © autodocbox.com Privacy Policy | Terms of Service | Feedback