Combining Image Processing and Laser Fault Injections for Characterizing a Hardware AES

Nowadays, the security level of secure integrated circuits makes simple attacks less efficient. The combination of invasive approaches and fault attacks can be seen as more and more pertinent to retrieve secrets from integrated circuits. This paper includes a practical methodology and its application. We first describe how to retrieve the physical areas of interest for the attack. Then, we perform a deep fault injection characterization of the area of found. For the former, a methodology based on circuit preparation, scanning electron microscope acquisitions, image registration and processing is given allowing to perform a controlled and localized laser fault attack with a state-of-the-art injection platform. The laser fault injection presented here allows the attacker to perform a “bit-set,” a “bit-reset” or a full register “reset”. Controlling the value stored in a flip-flop is critical for security. To illustrate this methodology, an encryption algorithm is targeted. We see that efficient methods that take advantage of the comparison between faulty and correct cipher texts, such as differential fault analysis or “safe error”, are particularly relevant with the proposed methodology. The overall methodology can efficiently be used to speed up an attack and to improve the test coverage.

[1]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[2]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[3]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[4]  J. P. Lewis Fast Normalized Cross-Correlation , 2010 .

[5]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[6]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[7]  A. Johnston Charge generation and collection in p-n junctions excited with pulsed infrared lasers , 1993 .

[8]  Dick James,et al.  The State-of-the-Art in IC Reverse Engineering , 2009, CHES.

[9]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[10]  Kenneth W. Martin,et al.  Digital Integrated Circuit Design , 1999 .

[11]  Hubert Kaeslin,et al.  Digital Integrated Circuit Design: From VLSI Architectures to CMOS Fabrication , 2008 .

[12]  Beatrice Fraboni,et al.  Layout reconstruction of complex silicon chips , 1993 .

[13]  Régis Leveugle,et al.  Experimental Evaluation of Protections Against Laser-induced Faults and Consequences on Fault Modeling , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[14]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[15]  Jean-Max Dutertre,et al.  Electrical modeling of the photoelectric effect induced by a pulsed laser applied to an SRAM cell , 2013, Microelectron. Reliab..

[16]  Jean-Max Dutertre,et al.  Frontside laser fault injection on cryptosystems - Application to the AES' last round - , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[17]  Sergey Ablameyko,et al.  Recognition of integrated circuit images in reverse engineering , 1998, Proceedings. Fourteenth International Conference on Pattern Recognition (Cat. No.98EX170).

[18]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[19]  Romualdas Navickas,et al.  Reverse engineering of CMOS integrated circuits , 2008 .

[20]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[21]  Adrian Thillard,et al.  On the Need of Randomness in Fault Attack Countermeasures - Application to AES , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[22]  Amine Dehbaoui,et al.  Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.