Inducing Local Timing Fault Through EM Injection

Electromagnetic fault injection (EMFI) is an efficient class of physical attacks that can compromise the immunity of secure cryptographic algorithms. Despite successful EMFI attacks, the effects of electromagnetic injection (EM) on a processor are not well understood. This paper presents a bottom-up analysis of EMFI effects on a RISC microprocessor. We study these effects at three levels: at the wire-level, at the chip-network level, and at the gate-level considering parameters such as EM-injection location and timing. We conclude that EMFI induces local timing errors implying current timing attack detection and prevention techniques can be adapted to overcome EMFI.

[1]  Amine Dehbaoui,et al.  Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[2]  Wei He,et al.  An electromagnetic fault injection sensor using Hogge phase-detector , 2017, 2017 18th International Symposium on Quality Electronic Design (ISQED).

[3]  Bilgiday Yuce,et al.  Employing dual-complementary flip-flops to detect EMFI attacks , 2017, 2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST).

[4]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[5]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[6]  Jean-Luc Danger,et al.  PLL to the rescue: A novel EM fault countermeasure , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[7]  Jean-Max Dutertre,et al.  Efficiency of a glitch detector against electromagnetic fault injection , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[8]  Jean-Max Dutertre,et al.  Evidence of a Larger EM-Induced Fault Model , 2014, CARDIS.

[9]  David Naccache,et al.  When Clocks Fail: On Critical Paths and Clock Faults , 2010, CARDIS.

[10]  Yu-ichi Hayashi,et al.  EM Attack Is Non-invasive? - Design Methodology and Validity Verification of EM Attack Sensor , 2014, CHES.

[11]  Sergei P. Skorobogatov Local heating attacks on Flash memory devices , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[12]  Nahid Farhady Ghalaty,et al.  A Configurable and Lightweight Timing Monitor for Fault Attack Detection , 2016, 2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[13]  Karine Heydemann,et al.  Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[14]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[15]  Michael Hutter,et al.  Optical and EM Fault-Attacks on CRT-based RSA : Concrete Results , 2007 .

[16]  B. Robisson,et al.  Investigation of timing constraints violation as a fault injection means , 2012 .