Cryptography Reference
In-Depth Information
sensitivity to voltage that is too low and thus require the attacker to be able to tune the
voltage drop with fine steps. However, in [24] it is reported that the attack technique
is hindered neither by the different working clock frequency of the device, nor by the
etching technology employed to build it (except for the lower power consumption it
might result in).
A refinement of the aforementioned technique is represented by the injection of
well-timed power spikes or temporary brownouts on the supply line of a circuit. It
is possible to skip the execution of a single instruction of microprocessor code, by
carefully reducing the feeding voltage for the duration of a single clock cycle. The
possible causes for this misbehavior are related either to the lapse in power supply,
causing a failure in the storage of the results of an operation in the target register
during the write-back phase, or to a misinterpretation of the instruction during the
decode stage. The authors of [359] report a successful application of this technique
to eight-bit microprocessor, while a description of successful over-voltage spikes
that have been applied to depackaged Radio Frequency Identification tags in [186].
In order to inject a timed voltage lapse, the attacker needs a tunable precision power
supply and a custom circuit able to drop the feeding voltage under a certain threshold
by temporarily grounding the feeding line. This circuit is also supplied with the same
clock that drives the microprocessor and is thus able to correctly time the injection
of the glitch. The temporal precision of the fault injection is directly dependent on
the accuracy of the voltage drop in terms of both duration and synchronization with
the target device. This technique is more difficult to apply when the working clock
rate of the attacked circuit is higher, since dropping suddenly the feeding voltage
below the working threshold (and ideally to zero) is more difficult due to the mutual
induction of the feeding line.
Another viable option for an attacker is to tamper with the clock signal driving
the computing device. In particular, it is possible to shorten the length of a single
cycle by forcing a premature toggling of the clock signal. The reduction in the single
clock cycle length, according to the authors of [12], causes multiple errors involving
the corruption of a stored byte or multiple bytes during the computation.
The errors are transient and the device does not incur any damage; thus it is
possible to induce faults at will without leaving any evidence of tampering. In order
to be able to alter the clock duty cycle, the attacker needs to have direct control
over the clock line, which is the typical case when smart cards are targeted [12]. It
is also possible to cut the clock line and to connect a new clock line supplied by
the attacker, but no reports of this kind of attack are known at the moment. It is
impossible to attack chips that employ an on-die independent oscillator to generate
their own clock signal, since the attacker is not able to disconnect the clock line
from the circuit. The employed workbench in the attack mentioned in [12] involves
a modified smart card reader, which is able to shorten the duration of a specific clock
cycle by either anticipating the raising edge or delaying the falling edge, depending
on the kind of smart card. The modification is not trivial and involves a careful
choice of the delaying equipment, but it can be performed without any special tools,
except for the extra electronic components required for the modification and a proper
soldering station. Clock alteration techniques are hindered by the need to supply a
