Post on 02-May-2018
Investigation of timing constraints violation as a fault injection means
•ZUSSA Loïc, DUTERTRE Jean-Max,
•CLEDIERE Jessy, •ROBISSON Bruno,
•TRIA Assia
• Context • Timing constraints of synchronous digital IC • Timing constraints violation : - Overclocking
- Underpowering - Overheating
• Experimental proof : - Uniqueness of the injection mechanism
• Conclusion
2
Context
• Many of our daily used electronic devices embed cryptographic features,
• Often targeted by malicious attackers,
• In-depth understanding of attack means permit to : - protect properly these devices. - simplify security characterization.
3
Fault attacks against cryptographic system
4
K M C
0110010101100001 010110000110011
Fault attacks against cryptographic system
5
K M C
0110010101100001 010110000110011
110101000101101
Faulted ciphertext
Perturbation
Differential comparison
Common fault injection means • Clock stress • Power stress • Overheating • Laser beams • EM injections
6
Common fault injection means • Clock stress • Power stress • Overheating • Laser beams • EM injections
7
Same mechanism ? => Timing constraints violations.
Common fault injection means • Clock stress • Power stress • Overheating • Laser beams • EM injections
8
Same mechanism ? => Timing constraints violations.
This work : Experimental proof of the UNIQUENESS of the injection mechanism.
Experimental setup
• Injection experiments (10,000 different sets of data)
• Several injection means : clock, power supply, temperature,
• Target : hardware AES (Advenced Encryption Standard)
9
10
D Q D Q
Logic
clk
data 1 1 1 1
Dffi Dffi+1
Upstream Downstream
11
D Q D Q
Logic
clk
data 1 1 1 1
Dffi Dffi+1 DclkÆQ
DpMax
Tclk + Tskew - Gsu
data required time = Tclk + Tskew - Gsu data arrival time = DclkÆQ + DpMax
Upstream Downstream
12
D Q D Q
Logic
clk
data 1 1 1 1
Dffi Dffi+1 DclkÆQ
DpMax
Tclk + Tskew - Gsu
data required time = Tclk + Tskew - Gsu data arrival time = DclkÆQ + DpMax
Tclk > DclkÆQ + DpMax - Tskew +Gsu
Upstream Downstream
How to obtain a timing constraint violation ?
13
Tclk > DclkÆQ + DpMax - Tskew +Gsu
How to obtain a timing constraint violation ?
• Overclocking : (Frequency increasing)
14
Tclk < DclkÆQ + DpMax - Tskew +Gsu
Tclk > DclkÆQ + DpMax - Tskew +Gsu
How to obtain a timing constraint violation ?
• Overclocking : (Frequency increasing)
15
Tclk < DclkÆQ + DpMax - Tskew +Gsu
Tclk > DclkÆQ + DpMax - Tskew +Gsu
• Underpowering : (Increasing the propagation time)
• Overheating : (Increasing the propagation time)
Tclk < DclkÆQ + DpMax - Tskew +Gsu
16
Clk
Gset-up Ghold
Qupstream
Ddownstream
Qdownstream
DclkÆQ
logic glitches
DpMax
DclkÆQ
Timing constraint fulfilled
17
Gset-up Ghold
Setup time violation (i.e. timing constraint violation) : �� metastability (non-deterministic)
‘1’ OR ‘0’ ?
DclkÆQ
Clk DclkÆQ
logic glitches
DpMax Qupstream
Ddownstream
Qdownstream
18
Gset-up Ghold
DclkÆQ
Clk DclkÆQ
logic glitches
DpMax
Timing constraint violation : Early latching (deterministic)
Qupstream
Ddownstream
Qdownstream
19
Clk
Gset-up Ghold
DclkÆQ
logic glitches
DpMax
DclkÆQ
Timing constraint fulfilled
Qupstream
Ddownstream
Qdownstream
20
Clk
Gset-up Ghold
DclkÆQ
logic glitches
DpMax
DclkÆQ
Perturbation
‘1’ OR ‘0’ ?
Setup time violation (i.e. timing constraint violation) : �� metastability (non-deterministic)
Qupstream
Ddownstream
Qdownstream
21
Clk
Gset-up Ghold
DclkÆQ
logic glitches
DpMax
Perturbation
DclkÆQ
Timing constraint violation : Early latching (deterministic)
Qupstream
Ddownstream
Qdownstream
Planning
• Step by step overclocking stress until first fault: reference library generation.
10,000 trials with different plaintext and key. • Step by step underpowering stress: comparison with the
reference library. • Step by step overheating stress: comparison with the
reference library. 22
Target
• Algorithm : AES 128 bit (advanced encryption standard)
• Frequency : 100 MHz
• Power supply : 1.2V
• Platform : Spartan 3an
23
24
clock
trigger
Serial COM
AES
Clock generator
Serial COM
Overclocking (reference lib)
• Library generated : 10,000 x {Plaintext, Key, Correct Cipher, First Faulted Cipher, Round, bit, Critical time}
• > 90% single-bit faults. 25
26
Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993
� Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n°51 - Round 8
Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993
27
Clock generator
AES
Power supply
Underpowering • Voltage decreases => critical path increases.
28
Crit
ical
Tim
e (p
s)
Power supply (Volt)
Underpowering • Voltage decreases => critical path increases.
29
Metastability
Crit
ical
Tim
e (p
s)
Power supply (Volt)
Underpowering • Voltage decreases => critical path increases.
30
Metastability
Data dependence
Crit
ical
Tim
e (p
s)
Power supply (Volt)
Underpowering • Voltage decreases => critical path increases.
31
Metastability
The obtained faults over 10,000 trials by underpowering were
found identical to those from the reference library.
Data dependence
Crit
ical
Tim
e (p
s)
Power supply (Volt)
Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993
32
� Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n°51 - Round 8
� Underpowering results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical voltage : 1.03 V bit n°51 - Round 8
Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993
33
AES
Clock generator
Heating system
34
Overheating • Temperature increases => critical path increases.
Metastability
Data dependence
The obtained faults over 10 trials by overheating were found identical to those from the
reference library.
Crit
ical
Tim
e (p
s)
Temperature
35
Identical Faulted Cipher
text � Overheating results
First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical temperature : 129°C bit n°51 - Round 8
� Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n°51 - Round 8
� Underpowering results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical voltage : 1.03 V bit n°51 - Round 8
Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993
Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993
Injection experiments analysis
• Overclocking, Underpowering, Overheating. Identical faults : 100 % • Metastability (stress increased progressively) • Deterministic (same input => same first fault) • Data dependence
36
Experimental proof: • Overclocking, underpowering and overheating generate
identical faulted cipher text. • Fault injection due to timing constraints violations.
37
Perspectives: • Combined attacks feasible. • Improved counter-measure design.
• Work in progress: Tests with transient perturbations.
Questions?
38