Cryptography Reference
In-Depth Information
at which we are running, the error patterns are few and characterized by one, which
is dominant as far as the occurrence frequency goes.
16.3.6 Effects of the Errors on the Computation
After fully characterizing the errors induced by our fault injection technique, the last
part of this study sums up the possible effects on the computation caused by such
errors. Albeit they originate from the same cause, i.e. faulty
load
operations, we
may distinguish between two different effects of the faults depending on whether the
load is related to an instruction fetch or to a data load. In the latter case a data load
error occurs, while in the former case an instruction substitution may occur. For the
sake of clarity, we will deal separately with the two outcomes in order to distinguish
between their possible effects on the computation of cryptographic primitives.
16.3.6.1 Data Load Errors
Data-related errors are representable as transient changes in the value of a
t
-bit wide
variable
c
during an execution. In particular they are single-bit flip-downs placed
in a fixed position within the microprocessor word. The faulty value
c
equals the
correct one
c
minus a power of 2, 2
ε
, where
ε
is the position of the fault. Possible
values of
ε
are expressed in the form
ε
=
kw
+
i
with
w
equal to the word length,
t
i
is dependent on the single
chip instance under examination, and fixed for each sample. These changes in the
loaded value are very precise in the way they cause the alterations and therefore may
easily leak sensitive information.
∈{
0
,...,
w
−
1
}
and
k
∈{
0
,...,
w
}
.Thevalueof
ε
16.3.6.2 Instruction Substitution Errors
Bit flipping during an instruction fetch may alter either the opcode or the arguments of
the instructions, depending on which bit is affected by the flip-down. In particular, the
affected instructions will be transformed into ones having binary encoding, differing
only by a flip-down of the faulty bit. In the case of the ARM architecture, this may
result in either a substitution of one kind of instruction with another or in a reversal
of the triggering condition of a conditional instruction.
An example of a possible instruction substitution through a single-bit flip-down
as follows:
AND R1,R1,#0x42 @ Fault Free
EOR R1,R1,#0x42 @ Faulty
