Abstract
Programmable devices are an interesting alternative when implementing embedded systems on a low-volume scale. In particular, the affordability and the versatility of SRAM-based FPGAs make them attractive with respect to ASIC implementations. FPGAs have thus been used extensively and successfully in many fields, such as implementing cryptographic accelerators. Hardware implementations, however, must be protected against malicious attacks, e.g. those based on fault injections. Protections have been usually evaluated on ASICs, but FPGAs can be vulnerable as well. This work presents thus fault injection attacks against a secured AES architecture implemented on a SRAM-based FPGA. The errors are injected during the computation by means of voltage glitches and laser attacks. To our knowledge, this is one of the first works dealing with dynamic laser fault injections. We show that fault attacks on SRAM-based FPGAs may behave differently with respect to attacks against ASIC, and they need therefore to be addressed by specific countermeasures, that are also discussed in this paper. In addition, we discuss the different effects obtained by the two types of attacks.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
S.B. Örs, E. Oswald, B. Preneel, Power-analysis attacks on an FPGA—First experimental results, in Proceedings of the 13th International Conference on Field-Programmable Logic and Applications (2003), pp. 35–50
K. Gandolfi, C. Mourtel, F. Olivier, Electromagnetic analysis: concrete results, in The Proceedings of Cryptographic Hardware and Embedded Systems (CHES 2001). Lecture Notes in Computer Science, vol. 2162 (Springer, Berlin, 2001), pp. 251–261
D. Agrawal, B. Archambeault, J.R. Rao, P. Rohatgi, The EM Side-channel(s), in The Proceedings of Cryptographic Hardware and Embedded Systems (CHES 2002). Lecture Notes in Computer Science, vol. 2523 (Springer, Berlin, 2003), pp. 29–45
D. Carluccio, K. Lemke, C. Paar, Electromagnetic side channel analysis of a contactless smart card: First results, in The Workshop on RFID and Lightweight Crypto (RFIDSec05), Graz, Austria, July 13–15 (2005)
D. Boneh, R. DeMillo, R. Lipton, On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14, 101–119 (2001)
H. Bar El, H. Choukri, D. Naccache, M. Tunstall, C. Whelan, The sorcerer’s Apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)
G. Piret, J.-J. Quisquater, A differential fault attack technique against SPN structures, with application to the AES and Khazad, in Proc. Fifth Int’l Workshop Cryptographic Hardware and Embedded Systems (CHES ’03), vol. 2779 (2003), pp. 77–88
S.-M. Yen, S. Moon, J.-C. Ha, Hardware fault attack on RSA with CRT revisited, in Proceedings of the Information Security and Cryptology—ICISC 2002. Lecture Notes in Computer Science, vol. 2587 (Springer, Berlin, 2003), pp. 374–388
N. Selmane, S. Guilley, J.-L. Danger, Practical setup time violation attacks on AES, in Proceedings of the Seventh European Dependable Computing Conference (EDCC 2008), May (2008), pp. 91–96
S. Bhasin, J.-L. Danger, S. Guilley, N. Selmane, Security evaluation of different AES implementations against practical setup time violation attacks in FPGAs, in Proc. of the IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2009) (IEEE CS, Los Alamitos, 2009), pp. 15–21
N. Selmane, S. Bhasin, S. Guilley, T. Graba, J.-L. Danger, WDDL is protected against setup time violation attacks, in Proceedings of the 6th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009) (IEEE Computer Society, Los Alamitos, 2009), pp. 73–83
S.P. Skorobogatov, R.J. Anderson, Optical fault induction attacks, in Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop. Lecture Notes in Computer Science, vol. 2523 (Springer, Berlin, 2003), pp. 2–12
J.-M. Schmidt, M. Hutter, Optical and EM fault-attacks on CRT-based RSA: concrete results, in The Proceedings of the Austrochip 2007 (Springer, Berlin, 2007), pp. 61–67. ISBN:978-3-902465-87-0
D.H. Habing, The use of lasers to simulate radiation-induced transients in semiconductor devices and circuits. IEEE Trans. Nucl. Sci. 39, 1647–1653 (1992)
V. Maingot, J.B. Ferron, R. Leveugle, V. Pouget, A. Douin, Configuration errors analysis in SRAM-based FPGAs: software tool and practical results. Microelectron. Reliab. 47(9–11), 1836–1840 (2007)
G. Canivet, J. Clédière, J.B. Ferron, F. Valette, M. Renaudin, R. Leveugle, Detailed analyses of single laser shot effects in the configuration of a Virtex-II FPGA, in International On-Line Testing Symposium (IOLTS’08) (2008), pp. 289–294
V. Pouget, A. Douin, G. Foucard, P. Peronnard, D. Lewis, P. Fouillat, R. Velazco, Dynamic testing of an SRAM-based FPGA by time-resolved laser fault injection, in International On-Line Testing Symposium (IOLTS’08) (2008), pp. 295–201
National Institute of Standards and Technology (NIST), FIPS-197: Advanced Encryption Standard, Nov. 2001
K. Wu, R. Karri, Idle cycles based concurrent error detection of rc6 encryption, in Proceedings of the 16th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT ’01) (2001), pp. 200–205
P. Maistri, R. Leveugle, Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans. Comput. 57(11), 1528–1539 (2008)
N. Pramstaller, S. Mangard, S. Dominikus, J. Wolkerstorfer, Efficient AES implementations on ASICs and FPGAs, in Proceedings of the Fourth International Conference on the Advanced Encryption Standard (AES ’04) (Springer, Berlin, 2004), pp. 98–112
Xilinx, Virtex-II Platform FPGAs: Functional Description, Data Sheet DS031, module 2 of 4, November 5, 2007
G. Canivet, R. Leveugle, J. Clédière, F. Valette, M. Renaudin, Characterization of effective laser spots during attacks in the configuration of a Virtex-II FPGA, in VLSI Test Symposium (VTS’09) (Springer, Berlin, 2009), pp. 327–332
G. Di Natale, M. Doulcier, M.-L. Flottes, B. Rouzeyre, A reliable architecture for parallel implementations of the advanced encryption standard. J. Electron. Test. 25(4–5) (2009)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Canivet, G., Maistri, P., Leveugle, R. et al. Glitch and Laser Fault Attacks onto a Secure AES Implementation on a SRAM-Based FPGA. J Cryptol 24, 247–268 (2011). https://doi.org/10.1007/s00145-010-9083-9
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-010-9083-9