Abstract
Obtaining a knowledge of internal structure of a Field Programmable Gate Array (FPGA), together with the vulnerable spots that can be targeted by a laser fault injection, can be a time-consuming task when done manually. In this chapter, we present an automated method to identify regions of interest in an FPGA, such as logic arrays and cells. Such method identifies circuits that are implemented in FPGA and helps the attacker to determine which fault models are achievable with a given laser fault injection equipment. The chapter follows a step-by-step methodology of evaluation, starting with the chip decapsulation and preparation, followed by the characterization of the laser pulse interaction with the silicon. Later it focuses on the automated profiling itself, with a case study on Virtex-5 FPGA.
This research was conducted when the authors “J. Breier”, “W. He” and “H. G. Ong” were with Temasek Laboratories, NTU.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
M. Agoyan, J.-M. Dutertre, A.-P. Mirbaha, D. Naccache, A.-L. Ribotta, A. Tria, Single-bit DFA using multiple-byte laser fault injection, in IEEE International Conference on Technologies for Homeland Security (HST), 2010 (IEEE, Piscataway, 2010), pp. 113–119
M. Alderighi, F. Casini, S. d’Angelo, M. Mancini, S. Pastore, G.R. Sechi, Evaluation of single event upset mitigation schemes for SRAM based FPGAs using the FLIPPER fault injection platform, in 22nd IEEE International Symposium on Defect and Fault-Tolerance in VLSI Systems, 2007. DFT’07 (IEEE, Piscataway, 2007), pp. 105–113
R.J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems (Wiley, Hoboken, 2010)
N. Bagheri, R. Ebrahimpour, N. Ghaedi, New differential fault analysis on present. EURASIP J. Adv. Signal Process. 2013(1), 145 (2013)
N. Bagheri, N. Ghaedi, S.K. Sanadhya, Differential fault analysis of SHA-3, in Progress in Cryptology–INDOCRYPT 2015 (Springer, Cham, 2015), pp. 253–269
J. Beutler, Visible light LVP on bulk silicon devices, in 41st International Symposium for Testing and Failure Analysis (November 1–5, 2015) (Asm, Novelty, 2015), pp. 1–8
A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J. Robshaw, Y. Seurin, C. Vikkelsoe, PRESENT: an ultra-lightweight block cipher, in Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems, CHES ‘07 (Springer, Berlin, 2007), pp. 450–466
D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)
J. Breier, D. Jap, Testing feasibility of back-side laser fault injection on a microcontroller, in Proceedings of the WESS’15: Workshop on Embedded Systems Security (ACM, New York, 2015), p. 5
S.P. Buchner, F. Miller, V. Pouget, D.P. McMorrow, Pulsed-laser testing for single-event effect investigations. IEEE Trans. Nucl. Sci. 60(3), 1852–1875 (2013)
G. Canivet, P. Maistri, R. Leveugle, J. Clédière, F. Valette, M. Renaudin, Glitch and laser fault attacks onto a secure AES implementation on a SRAM-based FPGA. J. Cryptol. 24(2), 247–268 (2011)
F. Courbon, P. Loubet-Moundi, J.J.A. Fournier, A. Tria, Adjusting laser injections for fully controlled faults, in International Workshop on Constructive Side-Channel Analysis and Secure Design (Springer, Cham, 2014), pp. 229–242
N.T. Courtois, K. Jackson, D. Ware, Fault-algebraic attacks on inner rounds of DES, in e-Smart’10 Proceedings: The Future of Digital Security Technologies (Strategies Telecom and Multimedia, Montreuil, 2010)
J.-M. Dutertre, A.-P. Mirbaha, D. Naccache, A. Triaz, Reproducible single-byte laser fault injection, in Conference on Ph.D. Research in Microelectronics and Electronics (PRIME), 2010 (IEEE, Piscataway, 2010), pp. 1–4
W. He, A. Otero, E. de la Torre, T. Riesgo, Customized and automated routing repair toolset towards side-channel analysis resistant dual rail logic. Microprocess. Microsyst. 38(8), 899–910 (2014)
F.L. Kastensmidt, L. Tambara, D.V. Bobrovsky, A.A. Pechenkin, A.Y. Nikiforov, Laser testing methodology for diagnosing diverse soft errors in a nanoscale SRAM-based FPGA. IEEE Trans. Nucl. Sci. 61(6), 3130–3137 (2014)
P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Annual International Cryptology Conference (Springer, Berlin, 1999), pp. 388–397
H. Lohrke, P. Scholz, C. Boit, S. Tajik, J.-P. Seifert, Automated detection of fault sensitive locations for reconfiguration attacks on programmable logic, in Proceedings of the 42nd International Symposium for Testing and Failure Analysis (ASM, Washington, 2016), pp. 1–6
A. Moradi, V. Immler, Early propagation and imbalanced routing, how to diminish in FPGAS, in Cryptographic Hardware and Embedded Systems–CHES 2014 (Springer, Berlin, 2014), pp. 598–615
J.C.H. Phang, D.S.H. Chan, M. Palaniappan, J.M. Chin, B. Davis, M. Bruce, J. Wilcox, G. Gilfeather, C.M. Chua, L.S. Koh, H.Y. Ng, S.H. Tan, A review of laser induced techniques for microelectronic failure analysis, in Proceedings of the 11th International Symposium on the Physical and Failure Analysis of Integrated Circuits. IPFA 2004, July (2004), pp. 255–261
V. Pouget, A. Douin, D. Lewis, P. Fouillat, G. Foucard, P. Peronnard, V. Maingot, J. Ferron, L. Anghel, R. Leveugle, R. Velazco, Tools and methodology development for pulsed laser fault injection in SRAM-based FPGAs, in 8th LATW’07, (IEEE Computer Society, Piscataway, 2007)
C. Roscian, J.-M. Dutertre, A. Tria, Frontside laser fault injection on cryptosystems-application to the AES’last round, in IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2013 (IEEE, Piscataway, 2013), pp. 119–124
C. Roscian, A. Sarafianos, J.-M. Dutertre, A. Tria, Fault model analysis of laser-induced faults in SRAM memory cells, in Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2013 (IEEE, Piscataway, 2013), pp. 89–98
N. Selmane, S. Bhasin, S. Guilley, T. Graba, J.-L. Danger, WDDL is protected against setup time violation attacks, in Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2009 (IEEE, Piscataway, 2009), pp. 73–83
B. Selmke, S. Brummer, J. Heyszl, G. Sigl, Precise laser fault injections into 90 nm and 45 nm SRAM-cells, in International Conference on Smart Card Research and Advanced Applications (Springer, Cham, 2015), pp. 193–205
P. Swierczynski, G.T. Becker, A. Moradi, C. Paar, Bitstream fault injections (BIFI) – automated fault attacks against SRAM-based FPGAS. IEEE Trans. Comput. PP(99), 1–14 (2017)
S. Tajik, H. Lohrke, F. Ganji, J.P. Seifert, C. Boit, Laser fault attack on physically unclonable functions, in 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), September (2015), pp. 85–96
M. Tunstall, D. Mukhopadhyay, S. Ali, Differential fault analysis of the advanced encryption standard using a single fault, in IFIP International Workshop on Information Security Theory and Practices (Springer, Berlin, 2011), pp. 224–233
K. Wu, R. Karri, G. Kuznetsov, M. Goessel, Low cost concurrent error detection for the advanced encryption standard, in Proceedings 2004 International Test Conference, ITC 2004 (IEEE, Piscataway, 2004), pp. 1242–1248
F. Zhang, S. Guo, X. Zhao, T. Wang, J. Yang, F.-X. Standaert, D. Gu, A framework for the analysis and evaluation of algebraic fault attacks on lightweight block ciphers. IEEE Trans. Inf. Forensics Secur. 11(5), 1039–1054 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Breier, J. et al. (2019). Automated Profiling Method for Laser Fault Injection in FPGAs. In: Breier, J., Hou, X., Bhasin, S. (eds) Automated Methods in Cryptographic Fault Analysis. Springer, Cham. https://doi.org/10.1007/978-3-030-11333-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-11333-9_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11332-2
Online ISBN: 978-3-030-11333-9
eBook Packages: EngineeringEngineering (R0)