This paper presents a standard-cell-based semi-automatic design methodology of a new conceptual countermeasure against electromagnetic (EM) analysis and fault-injection attacks. The countermeasure namely EM attack sensor utilizes LC oscillators which detect variations in the EM field around a cryptographic LSI caused by a micro probe brought near the LSI. A dual-coil sensor architecture with an LUT-programming-based digital calibration can prevent a variety of microprobe-based EM attacks that cannot be thwarted by conventional countermeasures. All components of the sensor core are semiautomatically designed by standard EDA tools with a fully-digital standard cell library and hence minimum design cost. This sensor can be therefore scaled together with the cryptographic LSI to be protected. The sensor prototype is designed based on the proposed methodology together with a 128bit-key composite AES processor in 0.18µm CMOS with overheads of only 2respectively. The validity against a variety of EM attack scenarios has been verified successfully.
In this paper, we present an efficient countermeasure against fault sensitivity analysis (FSA) based on configurable delay blocks (CDBs). FSA is a new type of fault attack, which exploits the relationship between fault sensitivity (FS) and secret information. Previous studies reported that it could break cryptographic modules equipped with conventional countermeasures against differential fault analysis (DFA), such as redundancy calculation, masked AND-OR, and wave dynamic differential logic. The proposed countermeasure can thwart both DFA and FSA attacks based on setup time violation faults. The proposed ideas are to use a CDB as a time base for detection and to combine the technique with Li's countermeasure concept that removes the dependency between FSs and secret data. The postmanufacture configuration of the CDBs allows minimization of the overhead in operating frequency that comes from manufacture variability. In this paper, we also present an implementation of the proposed countermeasure in application-specified integrated circuit, and describe its configuration method. We then investigate the hardware overhead of the proposed countermeasure for an advanced encryption standard processor and demonstrate its validity through an experiment.Index Terms-Advanced encryption standard (AES), application-specified integrated circuit (ASIC) implementation, fault sensitivity analysis (FSA), side-channel analysis.
True random number generators (TRNGs) based on ring oscillators (ROs) are employed in many devices because they can be constructed with a simple circuit structure. Many systems are affected if an RO-based TRNG is attacked, and its security is degraded. Conventional attacks against RO-based TRNGs reduce randomness using direct physical access to the target device and/or modification/invasion of the device or the equipment on which it is implemented. However, depending on the physical location of the device and its tamper resistance measures, directly accessing the device or operating/modifying the implementation may not be easy. This study introduces a noninvasive attack against RO-based TRNGs. In this attack, we intentionally induce sinusoidal electromagnetic waves in a TRNG and estimate the change in its randomness under this interference by observing the signal leaked from the TRNG from a distance. We also consider countermeasures against noninvasive attacks on TRNGs.
Electromagnetic-fault injection (EM-FI) setups are appealing since they can be made at a low cost, achieve relatively high spatial resolutions, and avoid the need of tampering with the PCB or packaging of the target. In this paper we first sketch the importance of understanding the pulse characteristics of a pulse injection setup in order to successfully mount an attack. We then look into the different components that make up an EM-pulse setup and demonstrate their impact on the pulse shape. The different components are then assembled to form an EM-pulse injection setup. The effectiveness of the setup and how different design decisions impact the outcome of a fault injection campaign are demonstrated on a 32-bit ARM microcontroller.
To develop countermeasures against fault attacks, it is important to model an attacker's ability. The instruction skip model is a well-studied practical model for fault attacks on software. Contrastingly, few studies have investigated the instruction replacement model, which is a generalization of the instruction skip model, because replacing an instruction with a desired one is considered difficult. Some previous studies have reported successful instruction replacements; however, those studies concluded that such instruction replacements are not practical attacks because the outcomes of the replacements are uncontrollable. This paper proposes the concept of a controllable instruction replacement technique that uses the laser irradiation of flash memory. The feasibility of the proposed technique is demonstrated experimentally using a smartcard-type ARM SC100 microcontroller. Then, practical cryptosystem attacks that exploit the proposed technique are investigated. The targeted cryptosystems employ the AES with software-based anti-fault countermeasures. We demonstrate that an existing anti-instruction-skip countermeasure can be circumvented by replacing a critical instruction, e.g., a branch instruction to detect fault occurrence.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.