Athanasios Papadimitriou

A multiple fault injection methodology based on cone partitioning towards RTL modeling of laser attacks

Laser attacks, especially on circuits manufactured with recent deep submicron semiconductor technologies, pose a threat to secure integrated circuits due to the multiplicity of errors induced by a single attack. An efficient way to neutralize such effects is the design of appropriate countermeasures, according to the circuit implementation and characteristics. Therefore tools which allow the early evaluation of security implementations are necessary. Our efforts involve the development of an RTL fault injection approach more representative of laser attacks than random multi-bit fault injections and the utilization and evolution of state of the art emulation techniques to reduce the duration of the fault injection campaigns. This will ultimately lead to the design and validation of new countermeasures against laser attacks, on ASICs implementing cryptographic algorithms.

On error models for RTL security evaluations

Evaluating early at design time the level of security achieved with respect to fault-based hardware attacks requires understanding and accurately modeling the faults that can actually occur in a circuit under attack. Attacks with lasers can produce single or multiple-bit errors, while having a local impact in the circuit. This paper discusses several fault or error models that can be considered at design time and summarizes experimental results providing some insights into the consequences of the model chosen for evaluation.

Validation of RTL laser fault injection model with respect to layout information

In order for modern security implementations to be trusted, they need to be successfully evaluated against hardware fault attacks. Lasers are excellent means of introducing either single or multiple, yet very precise, faults into an IC. Modeling of laser attacks at RTL can significantly help in securing a design during early design stages. An RTL fault model based on functional relations analysis, to extract localization information early in the design flow, has been proposed in previous works. In order to validate the accuracy of such a model, this paper compares predictions with post-layout results. First the RTL laser fault model is applied on several designs. Then results are compared with the fault space derived from layout, showing that the RTL predictions cover a large percentage of localized attacks.

Analysis of laser-induced errors

Laser attacks are an effective threat against secure integrated circuits, due to their capability to inject very precise hardware faults. Evaluating the effect of such attacks from RTL descriptions provides designers a means to increase the security level of an IC, early in the design stage and without the need to perform multiple design re-spins. An RTL laser fault model that attempts to model the locality of laser attacks, early in the design flow, has already been proposed in our previous works. The current work presents detailed results on the validation of this model, with respect to layout information for multiple designs. Furthermore we perform a statistical analysis on the RTL predictions, in order to calculate the percentage of the fault space generated using only RTL information that actually corresponds to local faults according to layout information.

Laser-induced fault effects in security-dedicated circuits

Lasers have become one of the most efficient means to attack secure integrated systems. Actual faults or errors induced in the system depend on many parameters, including the circuit technology and the laser characteristics. Understanding the physical effects is mandatory to correctly evaluate during the design flow the potential consequences of a laser-based attack and implement efficient counter-measures. This paper presents results obtained within the LIESSE project, aiming at defining a comprehensive approach for designers. Outcomes include the definition of fault/error models at several levels of abstraction, specific CAD tools using these models and new counter-measures well-suited to thwart laser-based attacks. Actual measures on components manufactured in the new 28 nm FDSOI technology are also presented.

Comparison of RTL fault models for the robustness evaluation of aerospace FPGA devices

Confronted to more and more demanding standards in terms of safety and reliability, aerospace companies are investigating new methodologies to evaluate the robustness of their FPGA designs against energetic particles. In this paper, this evaluation is realized early in the design flow to avoid costly design re-spins. It permits to have a first evaluation of the RTL design robustness and of the design protections efficiency. To deal with the low accuracy of classical RTL fault models, we use a new RTL fault model taking into account the local effects of particles. We compare the fault model characteristics of different high level fault models (RTL) and low level fault models (layout) on a RTL design dedicated to the plane power supply control. These evaluations show that the new RTL fault model have best characteristics than the classical register fault model.

On the development of a new countermeasure based on a laser attack RTL fault model

Secure integrated circuits that implement cryptographic algorithms (e.g., AES) require protection against laser attacks. The goal of such attacks is to inject errors during the computation and then use these errors to retrieve the secret key. Laser attacks can produce single or multiple-bit errors, but have a local and usually transient impact in the circuit. In order to detect such attacks, countermeasures must take into account the circuit implementation. This paper proposes a countermeasure implemented at the Register Transfer Level (RTL) according to a previously proposed laser attack RTL fault model. Efficiency of the implemented countermeasure is evaluated on a case study in terms of area overhead, error detection rates at RTL and fault detection capabilities with respect to layout information.

On fault injections for early security evaluation vs. laser-based attacks

Circuits with security constraints must be protected against hardware attacks, including laser-based perturbations. Early evaluations at design time are required to avoid costly and time consuming modifications that might be required after actual laser attacks on the first prototypes. Such evaluations include fault injection compaigns from RTL descriptions. The accuracy of the results depends on the fault model used during the injections. This paper discusses the results obtained by emulation-based fault injections in two AES crypto-processors with three different fault models providing some insights into the consequences of the model chosen for evaluation.