Cryptography Reference
In-Depth Information
code detecting up to eight erroneous outputs has to be considered if the SB3, SB4,
or SB5 is selected.
Furthermore, the type of fault against which to protect the circuit has also to be
considered. For instance, if a laser beam is used to attack the circuit, it is very likely
that the injected fault will not be a single bit-flip fault, as considered above, but
a multiple fault due to the width of the laser beam. Such experiments as the ones
described above have to be performed for deriving the error profile and selecting the
appropriate error detection code.
In contrast to code-based protection schemes, time redundancy-based solutions
are more robust against injected faults in the sense that their error detection capability
does not depend on the error profile (as long as the duration of the fault does not
span over the double computation).
6.6 Conclusion
This chapter presented a study on mechanisms deployed for detecting fault-based
attacks on devices implementing the Advanced Encryption Standard. Fault-based
attacks were discussed with respect to their requirements in terms of error multiplicity
(spatial and temporal characteristics). We analyzed more precisely some error detec-
tion schemes based on information redundancy, with respect to their cost and error
detection capability.
We also studied the correlation between the effect of a physical fault (modeled as a
bit flip) and the error profile at the output of the circuit. It turns out that the error profile
strongly depends on the implementation style. For some particular implementations,
most of the faults result in only one or two erroneous output bits, while there is
no internal fault affecting all the output bits, thus justifying the use of simple and
inexpensive codes. On the other hand, some other designs optimized in terms of area
and/or speed lead to far less favorable error profiles, thus requiring more expensive
coding styles. As a consequence, the circuit synthesis and the choice of the protection
scheme must be performed conjunctly in order to reduce the overall circuit cost.
Something to further investigate would be the outcome of correlating the fault
model with a physical effect induced by the attack technique. For instance, it is very
likely that a voltage glitch attack will produce a multiple fault at the logic level,
while a laser-based attack will produce a more localized fault. Therefore the type of
detection mechanism has to be customized according to the fault attack, which the
designer wants to prevent.
Another thing to check is the conditions under which the detection method does,
or does not, enable backdoors for other types of attacks. For instance, information
redundancy-based solutions tend to increase the correlation of the circuit power
consumption, with the processed data increasing the side-channel leakage.
