Amine Dehbaoui

Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES

This paper considers the use of electromagnetic pulses (EMP) to inject transient faults into the calculations of a hardware and a software AES. A pulse generator and a 500 um-diameter magnetic coil were used to inject the localized EMP disturbances without any physical contact with the target. EMP injections were performed against a software AES running on a CPU, and a hardware AES (with and without countermeasure) embedded in a FPGA. The purpose of this work was twofold: (a) reporting actual faults injection induced by EMPs in our targets and describing their main properties, (b) explaining the coupling mechanism between the antenna used to produce the EMP and the targeted circuit, which causes the faults. The obtained results revealed a localized effect of the EMP since the injected faults were found dependent on the spatial position of the antenna on top of the circuits surface. The assumption that EMP faults are related to the violation of the targets timing constraints was also studied and ascertained thanks to the use of a countermeasure based on monitoring such timing violations.

Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller

Injection of transient faults as a way to attack cryptographic implementations has been largely studied in the last decade. Several attacks that use electromagnetic fault injection against hardware or software architectures have already been presented. On micro controllers, electromagnetic fault injection has mostly been seen as a way to skip assembly instructions or subroutine calls. However, to the best of our knowledge, no precise study about the impact of an electromagnetic glitch fault injection on a micro controller has been proposed yet. The aim of this paper is twofold: providing a more in-depth study of the effects of electromagnetic glitch fault injection on a state-of-the-art micro controller and building an associated register-transfer level fault model.

Efficiency of a glitch detector against electromagnetic fault injection

The use of electromagnetic glitches has recently emerged as an effective fault injection technique for the purpose of conducting physical attacks against integrated circuits. First research works have shown that electromagnetic faults are induced by timing constraint violations and that they are also located in the vicinity of the injection probe. This paper reports the study of the efficiency of a glitch detector against EM injection. This detector was originally designed to detect any attempt of inducing timing violations by means of clock or power glitches. Because electromagnetic disturbances are more local than global, the use of a single detector proved to be inefficient. Our subsequent investigation of the use of several detectors to obtain a full fault detection coverage is reported, it also provides further insights into the properties of electromagnetic injection and into the key role played by the injection probe.

Electromagnetic glitch on the AES round counter

This article presents a Round Addition Analysis on a software implementation of the Advanced Encryption Standard (aes) algorithm. The round keys are computed on-the-fly during each encryption. A non-invasive transient fault injection is achieved on the aes round counter. The attack is performed by injecting a very short electromagnetic glitch on a 32-bit microcontroller based on the arm Cortex-M3 processor. Using this experimental setup, we are able to disrupt the round counter increment at the end of the penultimate round and execute one additional round. This faulty execution enables us to recover the encryption key with only two pairs of corresponding correct and faulty ciphertexts.

Experimental evaluation of two software countermeasures against fault attacks

Injection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection with glitches or electromagnetic pulses could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller. We provide some necessary conditions for an efficient implementation of those countermeasure schemes in practice. We also evaluate their efficiency and highlight their limitations. To the best of our knowledge, no experimental evaluation of the security of such instruction-level countermeasure schemes has been published yet.

Enhancing Electromagnetic Analysis Using Magnitude Squared Incoherence

This paper demonstrates that magnitude squared incoherence (MSI) analysis is efficient to localize hot spots, i.e., points at which focused electromagnetic (EM) analyses can be applied with success. It is also demonstrated that MSI may be applied to enhance differential EM analyses (DEMA) based on difference of means (DoM).

A GALS pipeline DES architecture to increase robustness against DPA and DEMA attacks

Side channels attacks (SCA) are very effective and low cost methods to extract secret information from supposedly secure cryptosystems. Differential Power Analysis (DPA) and Differential Electromagnetic Analysis (DEMA) are among the most cited attack types. The traditional synchronous design flow used to create such systems favors the leakage of information that enables attackers to draw correlations between data processes and circuit power consumption or electromagnetic radiations. By using well known analysis techniques these correlations may allow that an attacker retrieve secret cryptographic keys. In recent years, several countermeasures against SCA have been proposed. Globally Asynchronous Locally Synchronous (GALS) and fully asynchronous design methods appear as alternatives to design tamper resistant cryptosystems. However, according to previous works they use to achieve this with significant area, throughput, latency and power penalties. This paper proposes a new GALS pipeline architecture for the Data Encryption Standard (DES) that explores the trade-off between circuit area and robustness. Robustness is enhanced by replicating the DES hardware structure in asynchronously communicating module instances, coupled with self-varying operating frequencies. Designs prototyped on FPGAs using the proposed technique and submitted to DEMA attacks presented promising robustness against attacks and throughput superior to previously reported results.

Investigation of near-field pulsed EMI at IC level

This article describes the use of a near-field electromagnetic pulse EMP injection technique in order to perform a hardware cryptanalysis of the AES algorithm. This characterization technique is based on the fact that conductors, such as the rails of a Power Distribution Network PDN which is one of the primary EMI risk factors, act as antennas for the radiated EMP energy. This energy induces high electrical currents in the PDN responsible for the violation of the integrated circuits timing constraints. This modification of the chips behavior is then exploited in order to recover the AES key by using cryptanalysis techniques based on Differential Fault Analysis (DFA).