Investigation of timing constraints violation as a fault injection means

•ZUSSA Loïc, DUTERTRE Jean-Max,

•CLEDIERE Jessy, •ROBISSON Bruno,

•TRIA Assia

• Context • Timing constraints of synchronous digital IC • Timing constraints violation : - Overclocking

- Underpowering - Overheating

• Experimental proof : - Uniqueness of the injection mechanism

• Conclusion

2

Context

• Many of our daily used electronic devices embed cryptographic features,

• Often targeted by malicious attackers,

• In-depth understanding of attack means permit to : - protect properly these devices. - simplify security characterization.

3

Fault attacks against cryptographic system

4

K M C

0110010101100001 010110000110011

Fault attacks against cryptographic system

5

K M C

0110010101100001 010110000110011

110101000101101

Faulted ciphertext

Perturbation

Differential comparison

Common fault injection means • Clock stress • Power stress • Overheating • Laser beams • EM injections

6

Common fault injection means • Clock stress • Power stress • Overheating • Laser beams • EM injections

7

Same mechanism ? => Timing constraints violations.

Common fault injection means • Clock stress • Power stress • Overheating • Laser beams • EM injections

8

Same mechanism ? => Timing constraints violations.

This work : Experimental proof of the UNIQUENESS of the injection mechanism.

Experimental setup

• Injection experiments (10,000 different sets of data)

• Several injection means : clock, power supply, temperature,

• Target : hardware AES (Advenced Encryption Standard)

9

10

D Q D Q

Logic

clk

data 1 1 1 1

Dffi Dffi+1

Upstream Downstream

11

D Q D Q

Logic

clk

data 1 1 1 1

Dffi Dffi+1 DclkÆQ

DpMax

Tclk + Tskew - Gsu

data required time = Tclk + Tskew - Gsu data arrival time = DclkÆQ + DpMax

Upstream Downstream

12

D Q D Q

Logic

clk

data 1 1 1 1

Dffi Dffi+1 DclkÆQ

DpMax

Tclk + Tskew - Gsu

data required time = Tclk + Tskew - Gsu data arrival time = DclkÆQ + DpMax

Tclk > DclkÆQ + DpMax - Tskew +Gsu

Upstream Downstream

How to obtain a timing constraint violation ?

13

Tclk > DclkÆQ + DpMax - Tskew +Gsu

How to obtain a timing constraint violation ?

• Overclocking : (Frequency increasing)

14

Tclk < DclkÆQ + DpMax - Tskew +Gsu

Tclk > DclkÆQ + DpMax - Tskew +Gsu

How to obtain a timing constraint violation ?

• Overclocking : (Frequency increasing)

15

Tclk < DclkÆQ + DpMax - Tskew +Gsu

Tclk > DclkÆQ + DpMax - Tskew +Gsu

• Underpowering : (Increasing the propagation time)

• Overheating : (Increasing the propagation time)

Tclk < DclkÆQ + DpMax - Tskew +Gsu

16

Clk

Gset-up Ghold

Qupstream

Ddownstream

Qdownstream

DclkÆQ

logic glitches

DpMax

DclkÆQ

Timing constraint fulfilled

17

Gset-up Ghold

Setup time violation (i.e. timing constraint violation) : �� metastability (non-deterministic)

‘1’  OR  ‘0’  ?

DclkÆQ

Clk DclkÆQ

logic glitches

DpMax Qupstream

Ddownstream

Qdownstream

18

Gset-up Ghold

DclkÆQ

Clk DclkÆQ

logic glitches

DpMax

Timing constraint violation : Early latching (deterministic)

Qupstream

Ddownstream

Qdownstream

19

Clk

Gset-up Ghold

DclkÆQ

logic glitches

DpMax

DclkÆQ

Timing constraint fulfilled

Qupstream

Ddownstream

Qdownstream

20

Clk

Gset-up Ghold

DclkÆQ

logic glitches

DpMax

DclkÆQ

Perturbation

‘1’  OR  ‘0’  ?

Setup time violation (i.e. timing constraint violation) : �� metastability (non-deterministic)

Qupstream

Ddownstream

Qdownstream

21

Clk

Gset-up Ghold

DclkÆQ

logic glitches

DpMax

Perturbation

DclkÆQ

Timing constraint violation : Early latching (deterministic)

Qupstream

Ddownstream

Qdownstream

Planning

• Step by step overclocking stress until first fault: reference library generation.

10,000 trials with different plaintext and key. • Step by step underpowering stress: comparison with the

reference library. • Step by step overheating stress: comparison with the

reference library. 22

Target

• Algorithm : AES 128 bit (advanced encryption standard)

• Frequency : 100 MHz

• Power supply : 1.2V

• Platform : Spartan 3an

23

24

clock

trigger

Serial COM

AES

Clock generator

Serial COM

Overclocking (reference lib)

• Library generated : 10,000 x {Plaintext, Key, Correct Cipher, First Faulted Cipher, Round, bit, Critical time}

• > 90% single-bit faults. 25

26

Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993

� Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n°51 - Round 8

Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993

27

Clock generator

AES

Power supply

Underpowering • Voltage decreases => critical path increases.

28

Crit

ical

Tim

e (p

s)

Power supply (Volt)

Underpowering • Voltage decreases => critical path increases.

29

Metastability

Crit

ical

Tim

e (p

s)

Power supply (Volt)

Underpowering • Voltage decreases => critical path increases.

30

Metastability

Data dependence

Crit

ical

Tim

e (p

s)

Power supply (Volt)

Underpowering • Voltage decreases => critical path increases.

31

Metastability

The obtained faults over 10,000 trials by underpowering were

found identical to those from the reference library.

Data dependence

Crit

ical

Tim

e (p

s)

Power supply (Volt)

Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993

32

� Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n°51 - Round 8

� Underpowering results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical voltage : 1.03 V bit n°51 - Round 8

Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993

33

AES

Clock generator

Heating system

34

Overheating • Temperature increases => critical path increases.

Metastability

Data dependence

The obtained faults over 10 trials by overheating were found identical to those from the

reference library.

Crit

ical

Tim

e (p

s)

Temperature

35

Identical Faulted Cipher

text � Overheating results

First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical temperature : 129°C bit n°51 - Round 8

� Overclocking results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical time : 7.9 ns bit n°51 - Round 8

� Underpowering results First Faulted Cipher text : B7B70AD13572B7B288EA43C86A091993 Critical voltage : 1.03 V bit n°51 - Round 8

Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993

Plaintext : 57D2B485388BC6EC892217A34DBA548F Key : 5E7A68029190D63F8FEBD4E36982AEC0 Cipher text : B7B70AFC357202B2887F43C812091993

Injection experiments analysis

• Overclocking, Underpowering, Overheating. Identical faults : 100 % • Metastability (stress increased progressively) • Deterministic (same input => same first fault) • Data dependence

36

Experimental proof: • Overclocking, underpowering and overheating generate

identical faulted cipher text. • Fault injection due to timing constraints violations.

37

Perspectives: • Combined attacks feasible. • Improved counter-measure design.

• Work in progress: Tests with transient perturbations.

Questions?

38