An on-chip glitchy-clock generator for testing fault injection attacks

This paper presents a glitchy-clock generator integrated in FPGA for evaluating fault injection attacks and their countermeasures on cryptographic modules. The proposed generator exploits clock management capabilities, which are common in modern FPGAs, to generate clock signal with temporal voltage spike. The shape and timing of the glitchy-clock cycle are configurable at run time. The proposed generator can be embedded in a single FPGA without any external instrument (e.g., a pulse generator and a variable power supply). Such integration enables reliable and reproducible fault injection experiments. In this paper, we examine the characteristics of the proposed generator through experiments on Side-channel Attack Standard Evaluation Board (SASEBO). The result shows that the timing of the glitches can be controlled at the step of about 0.17 ns. We also demonstrate its application to the safe-error attack against an RSA processor.

[1]  Sylvain Guilley,et al.  Silicon-level Solutions to Counteract Passive and Active Attacks , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[2]  Akashi Satoh,et al.  Systematic design of high-radix Montgomery multipliers for RSA processors , 2008, 2008 IEEE International Conference on Computer Design.

[3]  A. Satoh,et al.  An on-chip glitchy-clock generator and its application to safe-error attack , 2011 .

[4]  Jean-Jacques Quisquater,et al.  Faults, Injection Methods, and Fault Attacks , 2007, IEEE Design & Test of Computers.

[5]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[6]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[7]  Junko Takahashi,et al.  Practical Fault Attack on a Cryptographic LSI with ISO/IEC 18033-3 Block Ciphers , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[8]  Adi Shamir,et al.  Comparative Power Analysis of Modular Exponentiation Algorithms , 2010, IEEE Transactions on Computers.

[9]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[10]  Akashi Satoh,et al.  Systematic Design of RSA Processors Based on High-Radix Montgomery Multipliers , 2011, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[11]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[12]  Benoit Feix,et al.  Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[13]  Christophe Clavier,et al.  Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis , 2007 .

[14]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[15]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[16]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[17]  Christophe Clavier,et al.  Secret External Encodings Do Not Prevent Transient Fault Analysis , 2007, CHES.