Pascal Moitrel

Practical evaluation of fault countermeasures on asynchronous DES crypto processor

This paper presents practical results on the evaluation of fault countermeasures implemented in an asynchronous DES coprocessor. The theory underlying the countermeasures was previously published in IOLTS 2005. For the first time this work reports a practical evaluation of fault countermeasures applied on asynchronous DES ASICs. Two DES crypto processors were fabricated using the 130 nm STmicroelectronics CMOS process; one as a reference and one hardened using a specific technique. This work enables us to compare the resistance of both circuits against fault injection and to validate the proposed countermeasures. The practical set-up of the fault injection, using a laser, is presented and the test campaign described. The practical results prove the efficiency of the method. The techniques can be applied to protect logic blocks in any applications

Experimental evaluation of protections against laser-induced faults and consequences on fault modeling

Lasers can be used by hackers to situations to inject faults in circuits and induce security flaws. On-line detection mechanisms are classically proposed to counter such attacks, and are often based on error detecting codes. However, the efficiency of such schemes has not been precisely validated against real attack conditions. This paper presents results showing that, with a given type of laser, a classical protection technique can leave open doors to an attacker. The results give also insights into the fault models to be taken into account when designing a secured circuit.

Case study of a fault attack on asynchronous DES crypto-processors

This paper proposes a practical fault attack on two asynchronous DES crypto-processors, a reference version and a hardened version, using round reduction. Because of their specific architecture, asynchronous circuits have a very specific behavior in the presence of faults. Previous works show that they are an interesting alternative to design robust systems. However, this paper demonstrates that there are weaknesses left, and that we are able both to identify and exploit them. The effect of the fault is to reduce the number of rounds by corrupting the multi-rail round counter protected by alarm cells. The fault injection mean is a laser. A description of the fault injection process is presented, followed by how the results can be used to retrieve the key. Weaknesses are theoretically identified and analyzed. Finally, possible counter-measures are described.