Séminaire sécurité des systèmes électroniques embarqués

Accueil     Présentation     Archives

Jean-Max Dutertre


A 45 minutes introduction to the practice and theory of laser fault injection

Laser illumination was first used by researchers from the radiation community as a tool to emulate single event effects induced by radioactive particles [1,2]. Then, S. Skorobogatov et al. identified laser illumination as an effective technique to conduct fault attacks in 2002 [3]. Since then, laser-fault injection became a well-studied fault injection tool [4-8]. It makes it possible to inject faults with high accuracy and to meet the requirements of the most restrictive attack schemes. This talk will describe the mechanism at the root cause of fault injection. It will also report experimental results obtained when attacking devices designed in a wide range of CMOS technologies: from the ancient 350nm to the modern 28nm. To succeed fault attacks rely heavily on the various properties of the injected faults (such as the number of faulted bits or byte, timing, repeatability, fault distribution, etc.) what is called a fault-model. Some of these fault-models will be introduced and discussed: the bit-set/reset or bit-flip fault-model of memory cells and the instruction skip fault-model of microcontrollers.

[1] D. Habing. The use of lasers to simulate radiation-induced transients in semiconductor devices and circuits. Nuclear Science, IEEE Transactions on, 12(5):91 100, Oct 1965.
[2] S. Buchner, F. Miller, V. Pouget, and D. McMorrow. Pulsed-laser testing for single-event effects investigations. Nuclear Science, IEEE Transactions on, 60(3):1852 1875, June 2013.
[3] S. P. Skorobogatov and R. J. Anderson. Optical fault induction attacks. In 4th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 02, pages 2 12, London, UK, UK, 2002. Springer-Verlag.
[4] A.-P. Mirbaha. Study of the vulnerability of cryptographic circuits by laser fault injection. PhD thesis, Ecole Nationale Supérieure des Mines de Saint-Etienne, 2011.
[5] C. Roscian. Cryptanalyse physique de circuits cryptographiques à l aide de sources LASER. PhD thesis, Ecole doctoral SIS, october 2013.
[6] A. Sarafianos. Injection de fautes par impulsion laser dans les circuits sécurisés. PhD thesis, ED SIS, September 2013.
[7] M. Lacruche. Caractérisation sécuritaire de circuits basse-consommation face aux attaques par laser. PhD thesis, Université Aix-Marseille, 2016.
[8] C. Champeix. Durcissement de circuits intégrés sécurisés contre l injection de fautes par impulsions laser courtes. PhD thesis, 2016.