Cryptography Reference
In-Depth Information
Fig. 17.4
Experimental fault platform for attacks on AES in an ASIC
17.3.1.1 Experimental Setup
In this section, we present the first experimental setup used for an under-powering
fault injection attack demonstration [369]. The setup consists of standard commu-
nication with a smart card, except that the power generator supplies the card with
a nonnominal continuous voltage VCC and that an arbitrary waveform generator is
used to supply the clock signal. Figure
17.4
sketches the experimental setup. The
power supply and the waveform generator are controllable remotely, in such a way
that various values of VCC and various clock shapes can be tested successively.
In our experiments, the smart card was a 130 nm ASIC with an embedded AES
coprocessor (amongst others). The nominal voltage of the chip was 1.2 V. We observe
that the circuit remains functional for a VCC as low as 700 mV: at this low voltage,
the CPU, in charge of controlling the I/Os and of delegating encryption to the AES
module, crashes. However, the AES module starts to output erroneous results for a
voltage VCC of about 800 mV and less. In the following, we use the fact that the
smart card remains functional within the range [775-825] mV to explore the faults for
several chosen intermediate voltages. The power supply could deliver a voltage with
an accuracy of half a millivolt. Therefore, we conducted the following acquisitions:
•
The triples {message, key, ciphertext} were recorded for 20,000 encryptions at
each 100 values of VCC in steps of 0.5 mV.
•
In a view to simulate an attack, the key was kept at a constant value.
•
Conversely, to collect representative results, the input message was varied ran-
domly at each encryption.
As a result, the entire acquisition campaign consisted of two million encryptions.
17.3.1.2 Motivation for This Modus Operandi
In most fault attacks on cryptographic devices the fault model is stringent. An
attacker is expected to be able to inject “single” faults into “precise” words or rounds.
These constraints can be relaxed in some attack scenarios. For instance, in Piret and
Quisquater's differential fault analysis [324] adversary model, an attacker needs to
