Simulation Fault-Injection & Software Fault-Tolerance Ed Carlisle.
EM Injection : Fault Model and Locality
Transcript of EM Injection : Fault Model and Locality
![Page 1: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/1.jpg)
EM INJECTION : FAULT MODEL AND LOCALITY S. Ordas𝟏 , L. Guillaume−Sage𝟏, P. 𝐌𝐚𝐮𝐫𝐢𝐧𝐞𝟏,𝟐
𝟏 LIRMM
𝟐 CEA-TECH
![Page 2: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/2.jpg)
STATE OF THE ART
J.J. Quisquater, D. Samyde : Eddy current for Magnetic Analysis with Active Sensor
2
J.-M. Schmidt, M. Hutter : Optical and EM Fault-Attacks on CRT-based RSA: Concrete Results
A. Alaeldine, T. Ordas, R. Perdriau, P. Maurine, M. Ramdani, L. Torres, M. Drissi Assessment of the Immunity of Unshielded Multicore Integrated Circuits to Near Field Injection
F. Poucheret, M. Lisart, L. Chusseau, B. Robisson, P. Maurine Local and Direct EM Injection of Power Into CMOS Integrated Circuits
P. Bayon, L. Bossuet, V. Fischer, F. Poucheret, B. Robisson, P. Maurine Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator
A. Dehbaoui, J-M. Dutertre, P. Orsatelli, P. Maurine, A. Tria Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system
A. Dehbaoui, J-M Dutertre, B. Robisson, A.Tria Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES
2002
2007
2009
2011
2012
2014 S. Ordas,L. Guillaume-Sage, K. Tobich, J-M. Dutertre, P. Maurine Evidence of a larger EM-induced fault model
![Page 3: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/3.jpg)
STATE OF THE ART
J.-M. Schmidt, M. Hutter : Optical and EM Fault-Attacks on CRT-based RSA: Concrete Results
3
A. Alaeldine, T. Ordas, R. Perdriau, P. Maurine, M. Ramdani, L. Torres, M. Drissi Assessment of the Immunity of Unshielded Multicore Integrated Circuits to Near Field Injection
F. Poucheret, M. Lisart, L. Chusseau, B. Robisson, P. Maurine Local and Direct EM Injection of Power Into CMOS Integrated Circuits
P. Bayon, L. Bossuet, V. Fischer, F. Poucheret, B. Robisson, P. Maurine Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator
A. Dehbaoui, J-M. Dutertre, P. Orsatelli, P. Maurine, A. Tria Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system
A. Dehbaoui, J-M Dutertre, B. Robisson, A.Tria Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES
EM injection allows disrupting the behavior of embedded memories 2002
2007
2009
2011
2012
2014 S. Ordas,L. Guillaume-Sage, K. Tobich, J-M. Dutertre, P. Maurine Evidence of a larger EM-induced fault model
![Page 4: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/4.jpg)
STATE OF THE ART
A. Alaeldine, T. Ordas, R. Perdriau, P. Maurine, M. Ramdani, L. Torres, M. Drissi Assessment of the Immunity of Unshielded Multicore Integrated Circuits to Near Field Injection
4
F. Poucheret, M. Lisart, L. Chusseau, B. Robisson, P. Maurine Local and Direct EM Injection of Power Into CMOS Integrated Circuits
P. Bayon, L. Bossuet, V. Fischer, F. Poucheret, B. Robisson, P. Maurine Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator
A. Dehbaoui, J-M. Dutertre, P. Orsatelli, P. Maurine, A. Tria Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system
A. Dehbaoui, J-M Dutertre, B. Robisson, A.Tria Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES
EM injection allows disrupting the behavior of embedded memories
EM injection allows disrupting the course of a RSA algorithm
2002
2007
2009
2011
2012
2014 S. Ordas,L. Guillaume-Sage, K. Tobich, J-M. Dutertre, P. Maurine Evidence of a larger EM-induced fault model
![Page 5: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/5.jpg)
STATE OF THE ART
F. Poucheret, M. Lisart, L. Chusseau, B. Robisson, P. Maurine Local and Direct EM Injection of Power Into CMOS Integrated Circuits
5
P. Bayon, L. Bossuet, V. Fischer, F. Poucheret, B. Robisson, P. Maurine Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator
A. Dehbaoui, J-M. Dutertre, P. Orsatelli, P. Maurine, A. Tria Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system
A. Dehbaoui, J-M Dutertre, B. Robisson, A.Tria Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES
EM injection allows disrupting the behavior of embedded memories
EM injection allows disrupting the course of a RSA algorithm
Harmonic EM Injection modifies the propagation delays of logical paths
2002
2007
2009
2011
2012
2014 S. Ordas,L. Guillaume-Sage, K. Tobich, J-M. Dutertre, P. Maurine Evidence of a larger EM-induced fault model
![Page 6: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/6.jpg)
STATE OF THE ART
P. Bayon, L. Bossuet, V. Fischer, F. Poucheret, B. Robisson, P. Maurine Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator
6 STATE OF THE ART
6
A. Dehbaoui, J-M. Dutertre, P. Orsatelli, P. Maurine, A. Tria Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system
A. Dehbaoui, J-M Dutertre, B. Robisson, A.Tria Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES
EM injection allows disrupting the behavior of embedded memories
EM injection allows disrupting the course of a RSA algorithm
Harmonic EM Injection modifies the propagation delays of logical paths
Harmonic EM Injection modifies the oscillating Frequency of an internal clock generator
2002
2007
2009
2011
2012
2014 S. Ordas,L. Guillaume-Sage, K. Tobich, J-M. Dutertre, P. Maurine Evidence of a larger EM-induced fault model
![Page 7: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/7.jpg)
STATE OF THE ART 7
A. Dehbaoui, J-M. Dutertre, P. Orsatelli, P. Maurine, A. Tria Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system
A. Dehbaoui, J-M Dutertre, B. Robisson, A.Tria Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES
EM injection allows disrupting the behavior of embedded memories
EM injection allows disrupting the course of a RSA algorithm
Harmonic EM Injection modifies the propagation delays of logical paths
Harmonic EM Injection modifies the oscillating Frequency of an internal clock generator
2002
2007
2009
2011
2012
Harmonic EM Injection modifies the behavior or RO based TRNG (phase locking)
2014 S. Ordas,L. Guillaume-Sage, K. Tobich, J-M. Dutertre, P. Maurine Evidence of a larger EM-induced fault model
![Page 8: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/8.jpg)
STATE OF THE ART
EM injection allows disrupting the behavior of embedded memories
EM injection allows disrupting the course of a RSA algorithm
Harmonic EM Injection modifies the propagation delays of logical paths
Harmonic EM Injection modifies the oscillating Frequency of an internal clock generator
2002
2007
2009
2011
2012
Harmonic EM Injection modifies the behavior or RO based TRNG (phase locking)
EM pulse Injection produces timing faults during the course of hardware cryptographic modules
EM pulse Injection produces timing faults during the course of hardware and software …
2014 S. Ordas,L. Guillaume-Sage, K. Tobich, J-M. Dutertre, P. Maurine Evidence of a larger EM-induced fault model
8
![Page 9: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/9.jpg)
STATE OF THE ART
EM injection allows disrupting the behavior of embedded memories
EM injection allows disrupting the course of a RSA algorithm
Harmonic EM Injection modifies the propagation delays of logical paths
Harmonic EM Injection modifies the oscillating Frequency of an internal clock generator
2002
2007
2009
2011
2012
Harmonic EM Injection modifies the behavior or RO based TRNG (phase locking)
EM pulse Injection produces timing faults during the course of hardware cryptographic modules
EM pulse Injection produces timing faults during the course of hardware and software …
9
2014 EM pulse Injection produces bitsets and bitresets
![Page 10: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/10.jpg)
CONCLUSION OF OUR PREVIOUS PAPER
1. Polarity of EM injection is important
2. EM injection has a local effect
3. EM injection induce bitsets and bitresets
4. Pulse must have a high voltage to produce bitset and
bitreset
What kind of faults appears on an operating
circuit?
10
![Page 11: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/11.jpg)
TIMING FAULTS MODEL
Data D1
CLK
LOGIC CLK
Q1 D2 Q2
CLK
Timing constraint :
TCLK→𝑄1+ T𝑄1→𝐷2
< TCLK − Tskew − TSetup
EM Injection induces Setup time constraint violations
11
T𝑄1→𝐷2
TCLK→𝑄1
![Page 12: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/12.jpg)
EM Injection Platform: overview
3-axes vision system 3-axes positioning system Oscilloscope Pulse generator Hand made injection probes a laptop
12
![Page 13: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/13.jpg)
HAND MADE INJECTION PROBES 13
Concentrate the magnetic flux on a reduced
area of the IC surface using concentric field
lines
Directionnal Directionnal
Magnetic flux is spread over a large
surface
![Page 14: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/14.jpg)
EXPERIMENTATION ON AN OPERATING CIRCUIT
Fpga Xilinx Spartan 3
Vdd= 1.2V
Frequency : 100MHz (generated by DCM)
Cartography step : 200µm
Vpulse = 44V << 110V
Hand made probe
100 shoots per position
FSM + Registers
DCM
RS232
AES
To evaluate if some areas of the system are more sensitive to EM pulsed than others
14
![Page 15: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/15.jpg)
LOCALITY OF THE EM INJECTION
AES
FSM + Registers
RS232
DCM
AES
FSM + Registers
RS232
DCM
AES
FSM + Register
RS232
DCM
bad ciphering
bad ciphering
no-response
Crescent injector
flathead injector
15
![Page 16: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/16.jpg)
LOCALITY OF EACH BYTE FAULTED
Byte n°1 Byte n°2 Byte n°3 Byte n°4
Byte n°5 Byte n°6 Byte n°7 Byte n°8
Byte n°9 Byte n°10 Byte n°11 Byte n°12
Byte n°16 Byte n°15 Byte n°14 Byte n°13
16
AES
![Page 17: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/17.jpg)
EXPERIMENTATION ON AN OPERATING CIRCUIT
Fpga Xilinx Spartan 3
Vdd= 1,2V
Frequency : 100MHz (generated by DCM)
Vpulse = 44V << 110V
Hand made probe
Moment of the injection varies for covering all the ciphering
FSM + Registers
DCM
RS232
AES
To evaluate if some moments of the AES calculus are more sensitive to EM pulsed than others
EM probe
17
![Page 18: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/18.jpg)
LOCALIZATION IN TIME OF THE FAULTS
tpulse (ns)
EM in
ject
ion
n°
…
4 to 8 faulted bytes 12 to 16 faulted bytes 2 to 3 faulted bytes
10ns
10ns
10ns
6ns
6ns
Frequency dependence?
18
𝐹𝐶𝐿𝐾 = 100𝑀𝐻𝑧 𝑇𝐶𝐿𝐾 = 10ns
![Page 19: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/19.jpg)
FREQUENCY DEPENDENCE? P
rob
abili
ty (
%)
of
a fa
ult
ed
re
spo
nse
Frequency CLK =25MHz
Frequency CLK =50MHz
Frequency CLK =100MHz
40ns
20ns
10ns
6ns
6ns
6ns
tpulse (ns)
tpulse (ns)
tpulse (ns)
34ns
14ns
4ns
No frequency dependence Faults are not timing faults
19
𝑇𝐶𝐿𝐾 = 40ns
𝑇𝐶𝐿𝐾 = 20ns
𝑇𝐶𝐿𝐾 = 10ns
![Page 20: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/20.jpg)
EXPERIMENT VALIDATION ON MICRO-CONTROLLER
Experiment realized on an AES hardware
Frequency of the CLK : 120MHz P
rob
abili
ty t
o o
bse
rve
a f
ault
ed
re
spo
nse
tpulse (ns)
Vpulse = 120V Vpulse = 160V Vpulse = 190V
8th round
9th round
10th round
8.3ns
2.9ns 4.25ns
20
![Page 21: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/21.jpg)
XXXXXX XXXXXXXXXXXXX
OPERATING CIRCUIT
CK
XXXXXXXXXXXXX D
ts ts+thold ts-tsetup
Data D1
CLK
LOGIC CLK
Q1 D2 Q2
CLK
D
21
: Stability window
: Processing window
![Page 22: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/22.jpg)
FAULT MODEL
Sampling faults Disrupt an input signal of the DFF (CLK, Data ,Reset, Set)
Disrupt during the stability window (tsetup+thold around rising clock edges)
22
XXXXXX XXXXXXXXXXXXX
CK
XXXXXXXXXXXXX D D
ts ts+thold ts-tsetup
EM susceptibility
+ +
: Bitset or bitreset produced
: Sampling fault produced
𝑉𝐻𝑖𝑔ℎ
𝑉𝐿𝑜𝑤
𝐻𝑖𝑔ℎ
𝐿𝑜𝑤
EM power
: Stability window
: Processing window
![Page 23: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/23.jpg)
CONCLUSION 23
1. EM injection has a local effect
2. EM injection may induces bitsets and bitresets
3. EM injection do not produce timing faults
4. EM injection easily disrupts the switching of DFF
5. Define a fault model for EM Injection (the sampling
fault model)
![Page 24: EM Injection : Fault Model and Locality](https://reader030.fdocuments.in/reader030/viewer/2022012013/61587765cbf8f30a780c3d66/html5/thumbnails/24.jpg)
Thank you for your attention
Questions?