voltage glitches using an on-chip voltmeter Loc ZUSSA Jean-Max - - PowerPoint PPT Presentation

voltage glitches using an on chip voltmeter
SMART_READER_LITE
LIVE PREVIEW

voltage glitches using an on-chip voltmeter Loc ZUSSA Jean-Max - - PowerPoint PPT Presentation

Oct 10, 2022 271 likes •743 views

Analysis of a fault injection mechanism related to voltage glitches using an on-chip voltmeter Loc ZUSSA Jean-Max DUTERTRE Jessy CLEDIERE Bruno ROBISSON Thesis subject Cryptanalysis of secure circuits by physical fault

slide-1
SLIDE 1

Analysis of a fault injection mechanism related to voltage glitches using an on-chip voltmeter

  • Loïc ZUSSA
  • Jean-Max DUTERTRE
  • Jessy CLEDIERE
  • Bruno ROBISSON
slide-2
SLIDE 2

“Cryptanalysis ¡of secure circuits by physical fault injections”

  • Analysis of fault injection mechanisms related to non-invasive physical

disturbances

2

Thesis subject In this presentation

  • Analysis of fault injection mechanism related to voltage glitches
  • Injection temporal resolution improving
slide-3
SLIDE 3

3

D Q

clk data

n n

Dffi

vdd : core voltage

D

Dffi+1

Q

Under-powering a synchronous circuit make its calculation time longer If the calculation time is longer than the clock period => faults are injected

DFFs sample data which are not up-to-date

The longest calculation time is called the critical time

Previous work

slide-4
SLIDE 4

4

Static under-powering leads to timing constraint violation by increasing the calculation times of all the calculation rounds

Identical faults injected on an AES using overclocking and underpowering

Previous work

Note : Underpowering the circuit make the calculation times longer A fault is injected in the most critical one due to timing constraint violation

slide-5
SLIDE 5

5

Transient under-powering also leads to timing constraint violation by increasing the calculation time of a specific round

Identical faults injected on an AES using clock and negative voltage glitches

Previous work

Note : Most of the time a fault is injected in the targeted round due to timing constraint violation Low temporal accuracy due to signal filtering

?

slide-6
SLIDE 6

6

Transient over-powering also leads to FAULTS injection But it seems inconsistent with timing constraint violation

Motivations

?

On-chip Voltmeter :

  • To observe the voltage inside the circuit
  • To understand the fault injection mechanism related to positive

voltage glitches “Sensing nanosecond-scale voltage attacks and natural transients in FPGAs”

  • FPGA 2013

ZICK Kenneth M. ; SRIVASTAV, Meeta ; ZHANG, Wei

slide-7
SLIDE 7
  • Voltmeter

Principle and implementation

  • Internal disturbances observation

Fault injection characterization

  • Internal disturbances shaping

Fault injection improvement

  • Conclusion

7

Agenda

slide-8
SLIDE 8

8

CLK

1,2 Volt = core voltage : vdd

delay

A delay-meter

Propagation times increase when the core voltage decreases Measuring a propagation time is equivalent to measuring the core voltage

slide-9
SLIDE 9

9

CLK

1,0 Volt = core voltage : vdd

delay Propagation times increase when the core voltage decreases Measuring a propagation time is equivalent to measuring the core voltage

A delay-meter

slide-10
SLIDE 10

10

CLK

1,2 Volt = core voltage : vdd

∆d delay

Time to digital converter

The time-to-digital converter measures a phase distance between two signals delay + 1 * ∆d ¡< clock period

slide-11
SLIDE 11

11

CLK

1,2 Volt = core voltage : vdd

∆d delay The time-to-digital converter measures a phase distance between two signals delay + 2 * ∆d ¡< clock period ∆d

Time to digital converter

slide-12
SLIDE 12

12

CLK

1,2 Volt = core voltage : vdd

∆d ∆d ∆d delay

Time to digital converter

The time-to-digital converter measures a phase difference between two signals delay + 3 * ∆d ¡> clock period

slide-13
SLIDE 13

13

CLK

1,2 Volt = core voltage : vdd

∆d ∆d ∆d delay

When undergoing a glitch injection

delay + 2 * ∆d ¡< clock period delay + 3 * ∆d ¡> clock period

code ¡= ¡‘1110’

slide-14
SLIDE 14

14

CLK

1,0 Volt = core voltage : vdd

delay + 1 * ∆d ¡< clock period delay + 2 * ∆d ¡> clock period ∆d ∆d ∆d

code ¡= ¡‘1100’

delay

When undergoing a glitch injection

slide-15
SLIDE 15

15

D Q

CLK

1 1

D Q

1

D Q

1

D Q

1

vdd

Library : voltage <> code

binary code

voltage variations

from 0,7V to 2,5V step 0,05V

0,5 volt

voltage

0,7 volt

2 ¡“linear” ¡zones ¡=> ¡resolution ~ 0,07V 1 ¡“blind” ¡zone

slide-16
SLIDE 16

16

4 voltmeters implemented :

different delays due to within-die process variations

Only ¡one ¡“linear” ¡zones ¡ => resolution improving No ¡“blind” ¡zone

binary code voltage

Library : voltage <> code

slide-17
SLIDE 17

17

spartan 3A FSM Voltmeter 1 1 Shift Register 200 MHz

core voltage

nominal voltage

x4

Acquisition setup

slide-18
SLIDE 18

18

spartan 3A FSM Voltmeter 1 1 1 Shift Register 200 MHz ??? Volt Known injected glitch

x4

Acquisition setup

slide-19
SLIDE 19

19

spartan 3A FSM RS-232 Voltmeter 1 1 1 Shift Register 200 MHz ??? Volt Computer Library Code Voltage Waveform Known injected glitch View of the effective disturbance

x4

Acquisition setup

slide-20
SLIDE 20

20

Pulse generator variables : 1. DC offset (Volts) 2. Amplitude (Volts) 3. Width (ns) 4. Delay (ns)

voltage time

4 2 3 1

Glitches injection setup

slide-21
SLIDE 21

amplitude : -14V width : 400ns

21

Expectation : Filtered signal due to the input capacitances

Negative voltage glitch : what I expected

400 ns

slide-22
SLIDE 22

amplitude : -14V width : 400ns

22

Observation : 2 sets of damping

  • scillations

Effective disturbances are due to the rising/falling edges

  • f the injected voltage

400 ns

Negative voltage glitch : what it is !

0,4 Volt

slide-23
SLIDE 23

amplitude : +14V width : 400ns

23

Observation : Positive glitches injection also produce negative disturbances due to the rising/falling edges of the injected voltage Fault injection mechanism could also be related to timing constraint violation ?

400 ns

Glitches injection setup Positive voltage glitch

slide-24
SLIDE 24

24

spartan 3A

AES 110ns 330ns

Glitches injection setup Fault injection target

Target AES 128bit - 100MHz Fault injection synchronization

Trig signal 330 ns before the AES calculation

slide-25
SLIDE 25

25

spartan 3A trigger

AES 110ns 330ns

Glitch generator Injected glitch Amplitude (Volts) Width (ns) Variables DC offset from 1,4 to 1,1 Volts Delay from 170 to 330 ns

Glitches injection setup Fault injection protocol

AES 128bit : 11 rounds - 100MHz

slide-26
SLIDE 26

26

FPGA : spartan 3A

AES 110ns 330ns

expected cipher text

AES delay DC offset

Glitches injection setup Fault injection protocol

AES 128bit : 11 rounds - 100MHz DC offset from 1,4 to 1,1 Volts Delay from 170 to 330 ns trigger Glitch generator

slide-27
SLIDE 27

27

FPGA : spartan 3A

AES AES delay DC offset 110ns 330ns

Fault injection protocol

AES 128bit : 11 rounds - 100MHz DC offset from 1,4 to 1,1 Volts Delay from 170 to 330 ns trigger Glitch generator

expected cipher text

slide-28
SLIDE 28

28

FPGA : spartan 3A

AES AES delay DC offset 110ns 330ns

Fault injection protocol

AES 128bit : 11 rounds - 100MHz DC offset from 1,4 to 1,1 Volts Delay from 170 to 330 ns trigger Glitch generator

unexpected cipher text

slide-29
SLIDE 29

29

FPGA : spartan 3A

AES 110ns 330ns

expected cipher text

AES delay DC offset

Glitches injection setup Fault injection protocol

AES 128bit : 11 rounds - 100MHz DC offset from 1,4 to 1,1 Volts Delay from 170 to 330 ns trigger Glitch generator

slide-30
SLIDE 30

30

FPGA : spartan 3A

AES AES delay DC offset 110ns 330ns

Fault injection protocol

AES 128bit : 11 rounds - 100MHz DC offset from 1,4 to 1,1 Volts Delay from 170 to 330 ns trigger Glitch generator

expected cipher text

slide-31
SLIDE 31

31

FPGA : spartan 3A

AES AES delay DC offset 110ns 330ns

Fault injection protocol

AES 128bit : 11 rounds - 100MHz DC offset from 1,4 to 1,1 Volts Delay from 170 to 330 ns trigger Glitch generator

unexpected cipher text

slide-32
SLIDE 32

32

delay DC offset faulted round

Negative voltage glitch characterization

amplitude : -14V width : 400ns

AES delay DC offset

slide-33
SLIDE 33

33

amplitude : -14V width : 400ns

AES delay DC offset

Observation : R3 ¡wasn’t ¡faulted The negative disturbance is too large Faults were injected in R2 or R4 first

?

Negative voltage glitch characterization

slide-34
SLIDE 34

34

amplitude : +14V width : 400ns

AES delay DC offset

Observation : R3 ¡was ¡faulted ¡BUT ¡R6 ¡wasn’t ¡!

Positive voltage glitch characterization

?

slide-35
SLIDE 35

35

Same injected faults Same fault injection mechanism (-14V | 400ns) (+14V | 400ns)

Injected faults comparison

Different temporal accuracy

slide-36
SLIDE 36

36

Positive voltage glitches - Fault injection mechanism

Effective disturbances are damping oscillations due to the rising and falling edges of the injected glitch For different plaintexts and keys of the AES, positive and negative voltage glitches induced exactly the same faults Negative and positive glitches share the same fault injection mechanism : timing constraint violation Due to their different shape, positive and negative voltage glitches have slightly different temporal accuracy

slide-37
SLIDE 37

amplitude : -14V width : 100ns

37

Observation : Positive oscillations due to the rising edge negative oscillations due to the falling edge Only one significant negative spike COMPENSATE

100 ns

Offsetting

slide-38
SLIDE 38

amplitude : +8V width : 50ns

38

Observation : Negative oscillations due to the rising edge and due to the falling edge are More efficient glitch injection SYNCHRONIZED

50 ns

Addition

slide-39
SLIDE 39

39

(-14V | 100ns) : compensation (+8V | 50ns) : synchronization Same injected faults Same temporal accuracy

Injected faults comparison

? ?

slide-40
SLIDE 40

amplitude : -22V width : 10ns

40

Observation : Negative oscillation due to the falling edge is by the positive

  • scillation due to the

rising edge More accurate glitch injection SHORTEN

10 ns

Sharping

slide-41
SLIDE 41

amplitude : -22V width : 10ns

41

Observation : Negative oscillation due to the falling edge is by the positive

  • scillation due to the

rising edge More accurate glitch injection SHARPED

!

Two significant oscillations

  • unexpected faults can

be ¡injected…

Sharping

slide-42
SLIDE 42

42

(-22V | 10ns) : sharping

Injected faults comparison

Same injected faults Very good temporal accuracy

slide-43
SLIDE 43

43

~90 ns ~90 ns

(-22V | 10ns) : sharping

Injected faults comparison

Same injected faults Very good temporal accuracy

slide-44
SLIDE 44

44

time injected voltage

  • A short glitch to shorten the

first oscillation

  • A long glitch to compensate the

remaining oscillations

core voltage

Fault injection mechanism

slide-45
SLIDE 45

45

Fault injection mechanism & glitch shaping

Effective disturbances are damping oscillations due to the rising and falling edges of the injected glitch Negative and positive glitches share the same fault injection mechanism : timing constraint violation Damping oscillations due to the rising and falling edges of one or several injected glitches can ¡be ¡“superimposed” ¡to shape the effective disturbance

slide-46
SLIDE 46

ZUSSA Loïc

PhD Student

Secure integrated circuits and physical fault injections

zussa@emse.fr +33 (0)4.42.61.67.12 880 route de Mimet 13541 Gardanne - FRANCE Presentation available on loic.zussa.fr/publications