Cryptography Reference
In-Depth Information
Table 16.1 Summary of high-cost fault injection techniques: all methods require a detailed knowl-
edge of specific implementation aspects
Technique
Accuracy [space] Accuracy [time] Technical skill Permanent modifications
Light pulses
Moderate
Moderate
Moderate
Possibly
Laser beams
High
High
High
Possibly
Focused ion beams Complete
Complete
Very high
Yes
the same as the one obtained through a concentrated light beam [379], except for
the fact that the laser beam turns out to be more efficient in inducing one (or more)
faults per irradiation, with higher accuracy in space. Laser beam attacks allow also
the irradiation of the back of the silicon die (i.e. the side where the chip is not
etched). This can be achieved using near infra-red (NIR) lasers, since pure silicon
has a transmittance of around 50 % for wavelengths between 1
m. This
technique allows the attacker to successfully hit also parts of the circuit on the bottom
layers, although with less precision since the silicon substrate scatters the beam
while it is traveling through it. However, the irradiation energy must be carefully
calibrated since it is quite likely that an improper setting will permanently burn the
chip. The commercial fault injection workstations [344] are composed of a laser
emitter together with a proper focusing lens and a placement pad endowed with
stepper motors in order to achieve very precise targeting of the beam. The technical
skills required to properly operate a laser injection workbench are very specific and
specific training must be followed by anyone willing to attempt such attacks. The
limitation of this fault injection technique is the fact that it is impossible to achieve
sub-wavelength precision in the irradiated zone. This limits the minimum number
of gates hit by the irradiation depending on the etching technology and the laser
wavelength. The time accuracy is higher than the one based on flashes, since the
laser emitter needs less time to recharge; it is thus possible to inject multiple faults
within the same execution of a cryptographic algorithm.
The most accurate and powerful fault injection technique employs Focused Ion
Beam (FIB) microsurgery. A FIB enables an attacker to arbitrarily modify the struc-
ture of a circuit, in order to reconstruct missing buses, cut existing wires, mill through
layers and rebuild them. Usually FIB workstations are employed to debug and patch
chip prototypes, or to reverse engineer an unknown design by adding probing wires
to parts of the circuit that are not commonly accessible. For instance, the successful
reconstruction of a whole read bus for a portion of a chip Flash memory containing
a cryptographic key, without any damage to its contents [398]. Current FIBs are able
to operate with precision up to 2.5 nm, i.e. less than a tenth of the gate width of the
smallest transistor that can currently be etched. FIB workstations are very expen-
sive to run and require a strong technical and scientific background in order to be
properly operated. Usually their use is limited to extremely well-equipped reverse
engineering laboratories. The only limitation of the FIB technology is represented by
the diameter of the atoms whose ions are used as a scalpel. Currently, due to physical
properties (in particular due to its low melting point), the most common choice for
µ
m and 5
µ
 
Search WWH ::




Custom Search