Cryptography Reference
In-Depth Information
use such equipment is also low, since the tools are mainstream and delivered with
a detailed user manual. On the other hand, local attacks typically require a detailed
description of the employed test benches, which must be fully understood in order
to exploit their capabilities.
The counterpoint to this is that global attacks are less powerful than local attacks.
For instance, they are easier to detect. Indeed, one global sensor for the whole chip
can be enough to raise an alarm. For example, a razor approach [115] can be used to
monitor in real time (at every clock cycle) the speed of the device: should the clock
period be too short, the razor immediately identifies it. Alternatively, the clock can
be stabilized internally by dedicated logic [405]; such monitoring makes it possible
to detect an abnormal slowdown caused by any kind of global perturbation. Also,
sensors can be designed to test a device's internal temperature [258].
Another drawback of global attacks is that the location of fault injection in space
is unknown a priori. Critical zones can be targeted with local attacks, albeit with
knowledge of the layout or a reverse engineering of the device (e.g. by layout recon-
struction via tedious delayering [398] or by OBIC [378]). However, we note that
the most powerful fault attacks do not require an attacker to know the exact spatial
location of a fault; for instance, the so-called “Bellcore” attack on RSA [56] is able to
break an implementation of RSA operating in CRT mode regardless of the location
of the fault. The same remark applies to the attacks on the penultimate or antepenul-
timate rounds of the AES data path [324, 403] or key schedule [229, 394]. Now, if the
target is not a hardware but a software implementation, any “place” of the algorithm
can be perturbed with a global attack simply by knowing the exact “time” (in terms
of clock cycles) it is executed by the processor. Therefore, attacks on software benefit
from a very small advantage when compared to local fault injection techniques.
Regarding the accuracy of an attack, it can be tuned to meet the expected behavior
of a device. For instance, in both global and local cases, the stress can be permanent
or transient. Transient faults are less likely to be detected because of their brevity,
but, if coupled with the known timing of an algorithm, they can be applied at critical
instants. This would minimize the number of faults that produce results that cannot
be exploited.
We invite the reader's attention to the fact that, in some cases, local attacks cannot
be performed. One representative situation is where a microprocessor is well shielded
and protected by miscellaneous coatings. Another example is multi-chips assembled
in packed system-in-package (SiP), which become nonfunctional if separated. The
FPGAs are another example, where a focused stress tends to alter the configuration
(representing the large ratio in terms of surface usage) rather than the user logic
[79], which can be of interest but not in the context of differential fault analysis.
In contrast, global attacks selectively perturb the running logic without affecting the
steady configuration.
From a scientific point of view, an attractive feature of global faults is that they can
be readily modeled in theory and produced with accurate control in both emulation
and real hardware. This makes it possible to precisely define their behavior, with the
view to better fight them. Also, some local faults can be viewed as global faults on a
more confined area. This is notably expected to be so for low-cost electromagnetic
