Optical Fault Masking Attacks

This paper introduces some new types of optical fault attacks called fault masking attacks. These attacks are aimed at disrupting of the normal memory operation through preventing changes of the memory contents. The technique was demonstrated on an EEPROM and Flash memory inside PIC microcontrollers. Then it was improved with a backside approach and tested on a PIC and MSP430microcontrollers. These attacks can be used for the partial reverse engineering of semiconductor chips by spotting the areas of activity in reprogrammable non-volatile memory. This can assist in data analysis and other types of fault injection attacks later, thereby saving the time otherwise required for exhaustive search. Practical limits for optical fault masking attacks in terms of sample preparation, operating conditions and chip technology are discussed, together with possible countermeasures.

[1]  Sergei P. Skorobogatov Optically Enhanced Position-Locked Power Analysis , 2006, CHES.

[2]  Lionel Torres,et al.  Added Redundancy Explicit Authentication at the Block Level for Parallelized Encryption and Integrity Checking on Processor-Memory Buses , 2007 .

[3]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[4]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[5]  Tao Zhang,et al.  HIDE: an infrastructure for efficiently protecting information leakage on the address bus , 2004, ASPLOS XI.

[6]  Michael Hutter,et al.  Optical Fault Attacks on AES: A Threat in Violet , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[7]  J. Brewer,et al.  Nonvolatile semiconductor memory technology : a comprehensive guide to understanding and to using NVSM devices , 1998 .

[8]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[9]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[10]  William D. Brown,et al.  Nonvolatile Semiconductor Memory Technology , 1997 .

[11]  Ross J. Anderson,et al.  On a new way to read data from memory , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[12]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[13]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .