Map-based analysis of IEMI fault injection into cryptographic devices

Fault injection based on intentional electromagnetic interference (IEMI) is attracting considerable attention in the field of physical attacks on cryptographic devices due to its non-contact and non-invasive nature. This paper explores the relations between injection intensity and fault occurrence during IEMI-based fault injection. The basic idea in this type of attack is to generate a map of the effect of such fault injection for different frequencies. Based on the maps generated for an evaluation board, we demonstrate how an injected EM wave propagates across the board depending on its intensity and frequency. We also demonstrate in detail the propagation of induced EM waves inside the target module (i.e., a cryptographic LSI chip) and other modules. Through a map generation experiment, we examine the conditions under which transient faults suitable for attacks are generated in the cryptographic module. In addition, we discuss a possible countermeasure against IEMI-based fault injection.

[1]  N. Homma,et al.  A fault model for conducted intentional electromagnetic interferences , 2012, 2012 IEEE International Symposium on Electromagnetic Compatibility.

[2]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[3]  T. Mizuki,et al.  Non-invasive EMI-based fault injection attack against cryptographic modules , 2011, 2011 IEEE International Symposium on Electromagnetic Compatibility.

[4]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[5]  Jean-Luc Danger,et al.  Efficient mapping of EM radiation associated with information leakage for cryptographic devices , 2012, 2012 IEEE International Symposium on Electromagnetic Compatibility.

[6]  Takeshi Sugawara,et al.  An on-chip glitchy-clock generator for testing fault injection attacks , 2011, Journal of Cryptographic Engineering.

[7]  Christophe Giraud,et al.  A Survey on Fault Attacks , 2004, CARDIS.

[8]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[9]  Jean-Luc Danger,et al.  Practical results of EM cartography on a FPGA-based RSA hardware implementation , 2011, 2011 IEEE International Symposium on Electromagnetic Compatibility.

[10]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[11]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[12]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[13]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[14]  Yang Li,et al.  On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting , 2011, CHES.

[15]  Junko Takahashi,et al.  Practical Fault Attack on a Cryptographic LSI with ISO/IEC 18033-3 Block Ciphers , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).