Cryptography Reference
In-Depth Information
designer to recognize the possible threats to his secure implementation, depending
on the assumed skill set and budget of the attackers she will be put against.
16.2.1 High-Cost Fault Injection Techniques
A class of possible threats that cannot be ignored if the potential attackers have access
to a large budget (roughly above 3,000 euros and in general, up to millions of euros)
is the one represented by the fault injection methodologies that target the secure chip
by gaining direct access to the silicon die and by targeting the perturbation action
in a very precise fashion. These techniques, despite their leaving evident traces of
tampering, are very powerful due to the high spatial precision of the injected faults.
Another notable aspect is the fact that the attacker is able to gain a great deal of
knowledge regarding the implementation strategies of the secure chip under attack,
since he will be able to directly inspect it, and thus to localize sensitive parts, despite
any possible hardware obfuscation techniques.
The simplest of these techniques relies on strong and very precisely focused light
pulses to induce alterations in the behavior of one or more logic gates of a circuit.
In particular, the strong irradiation of a transistor may induce the formation of a
temporary conductive channel in the dielectric, akin to the one which is regularly
present which the transistor is correctly polarized. This, in turn, may lead a logic
circuit to switch state in a very precise and controlled manner. For instance it is
possible to flip-up or down at will an SRAM cell, by targeting one of its transistors
as reported in [377]. In order to obtain very precisely focused light pulses, the light
emitted from a camera flash is concentrated with the aid of a precision optical micro-
scope by applying it to the eyepiece after the device under attack has been carefully
placed on the slide holder. In order to avoid over-irradiation of the device, which
might lead to permanent damage to the circuit, care must be taken in selecting an
appropriate magnification level for the microscope lens. This requires only moderate
technical skill, since what is needed is to properly operate an optical microscope and
to design a synchronizing circuit to trigger the flashes. The main limitations of this
method are represented by the nonpolarized nature of the white light emitted by the
camera flash, which in turn implies that the light beam is not perfectly coherent. The
intrinsic scattering the light undergoes when it is focused through imperfect lenses
further spoils the focus of the beam, thus lowering the accuracy of this technique.
Moreover, it is no longer possible to hit a single SRAM cell with the current etching
technologies, since the width of the gate dielectric is now more than ten times smaller
than the shortest wavelength of the visible light. This technique has moderate time
accuracy, whose limit is represented by the synchronization of the flashlight with
the computing device. Since common flashlights are unable to emit a sequence of
flashes within a very short time frame, this technique cannot induce multiple faults
in a single run of an algorithm (see Table
16.1
).
The most straightforward refinement of this technique is to employ a laser beam
instead of a simple flashlight. The fault model induced in the chip is substantially
