Abstract
Localized semi-invasive optical fault attacks are nowadays considered to be out of reach for attackers with a limited budget. For this reason, they typically receive lower attention and priority during the security analysis of low-cost devices. Indeed, an optical fault injection setup typically requires expensive equipment which includes at least a laser station, a microscope, and a programmable X-Y table, all of which can quickly add up to several thousand euros. Additionally, a careful handling of toxic chemicals in a protected environment is required to decapsulate the chips under test and gain direct access to the die surface. In this work, we present a low-cost fault injection setup which is capable of producing localized faults in modern 8-bit and 32-bit microcontrollers, does not require handling hazardous substances or wearing protective eyeware, and would set back an attacker only a couple hundred euros. Finally, we show that the type of faults which are obtained from such a low-cost setup can be exploited to successfully attack real-world cryptographic implementations, such that of the NSA’s Speck lightweight block cipher.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
This duration accounts also for the discharging effects inside the LED and various parasitics, i.e. the light is emitted for a much shorter time.
- 4.
The back focal length is \(0.73356-0.5=0.23356\) mm .
- 5.
- 6.
References
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. IACR Cryptol. ePrint Arch. 2004, 100 (2004)
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The Simon and speck families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404 (2013). https://eprint.iacr.org/2013/404/
Boit, C., Schlangen, R., Glowacki, A., Kindereit, U., Kiyan, T., Kerst, U., Lundquist, T., Kasapi, S., Suzuki, H.: Physical IC debug - backside approach and nanoscale challenge. Adv. Radio Sci. 6, 265–272 (2008)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). doi:10.1007/3-540-69053-0_4
Breier, J., Jap, D.: Testing feasibility of back-side laser fault injection on a microcontroller. In: Proceedings of the 10th Workshop on Embedded Systems Security, WESS 2015, Amsterdam, The Netherlands, 8 October 2015, p. 5 (2015)
Huang, A.B.: Hacking the PIC 18f1320 (2007). https://www.bunniestudios.com/blog/?page_id=40. Accessed 1 Dec 2016
Dehbaoui, A., Dutertre, J.-M., Robisson, B., Tria, A.: Electromagnetic transient faults injection on a hardware and a software implementations of AES. In: 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, Leuven, Belgium, 9 September 2012, pp. 7–15 (2012)
Hanft, F.: Entwicklung eines prototypen zur verhaltensanalyse von chipkarten bei fault injection attacks (2016). http://hanft.in/Dokumente/BachelorarbeitHanft.pdf. Accessed 26 Mar 2017
Huo, Y., Zhang, F., Feng, X., Wang, L.-P.: Improved differential fault attack on the block cipher speck. In: 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 28–34. IEEE (2015)
Neve, M., Peeters, E., Samyde, D., Quisquater, J.-J.: Memories: a survey of their secure uses in smart cards. In: 2nd International IEEE Security in Storage Workshop (SISW 2003), Information Assurance, The Storage Security Perspective, 31 October 2003, Washington, DC, USA, pp. 62–72 (2003)
O’Flynn, C., Chen, Z.D.: ChipWhisperer: an open-source platform for hardware embedded security research. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 243–260. Springer, Cham (2014). doi:10.1007/978-3-319-10175-0_17
Schmidt, J.-M., Hutter, M.: Optical and EM fault-attacks on CRT-based RSA: concrete results. In: Posch, K.C., Wolkerstorfer, J. (eds.) Austrian Workshop on Microelectronics - Austrochip 2007, Graz, Austria, 11 October, pp. 61–67. Verlag der Technischen Universität Graz, October 2007. ISBN 978-3-902465-87-0
Schmidt, J.-M., Hutter, M., Plos, T.: Optical fault attacks on AES: a threat in violet. In: Naccache, D., Oswald, E. (eds.) Fault Diagnosis and Tolerance in Cryptography - FDTC 2009, 6th International Workshop, Lausanne, Switzerland, 6 September 2009, pp. 13–22. IEEE-CS Press (2009)
Skorobogatov, S.P.: Semi-invasive attacks - a new approach to hardware security analysis. Ph.D. thesis, University of Cambridge (2005)
Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_2
Smith, Z.J., Chu, K., Espenson, A.R., Rahimzadeh, M., Gryshuk, A., Molinaro, M., Dwyre, D.M., Lane, S., Matthews, D., Wachsmann-Hogiu, S.: Cell-phone-based platform for biomedical device development and education applications. PLoS ONE 6(3), 1–11 (2011)
Van Woudenberg, J.G., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Tokyo, Japan, 29 September 2011, pp. 91–99 (2011)
Acknowledgements
We thank the anonymous reviewers for their valuable comments and suggestions. This work was performed while Oscar M. Guillen was a research assistant at the Chair of Security in Information Technology of the Technische Universität München.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix: Differential Fault Analysis of Speck
Appendix: Differential Fault Analysis of Speck
Speck is a family of block ciphers variable by different block and key sizes. The round function R(x, y) of Speck has a Feistel-like structure and is described by the following equation:
where \(\oplus \) denotes a bitwise XOR, \(+\) denotes an addition modulo \(2^{n}\), \(\ggg \alpha \) denotes the right circular shift with \(\alpha \) bits, \(\lll \beta \) denotes the left circular shift with \(\beta \) bits, x and y are the input n-bit words, and k is the round key.
The last round key \(k^{T-1}\) can be recovered by injecting random faults in the word \(y^{T-1}\) as proposed by Huo et al. in [9]. The fault propagates through the last round and the pairs of correct and faulty ciphertexts are collected. Then, a system of non linear equations on \(\mathbb {F}_2\) is constructed as a set of Differential Equations of Additions (DEAs). Finally, the system of DEAs is solved using a computer algebra system with the aid of Gröbner bases. According to [9], 5–8 pairs are needed on average to solve the system of DEAs, independently of the block size n.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Guillen, O.M., Gruber, M., De Santis, F. (2017). Low-Cost Setup for Localized Semi-invasive Optical Fault Injection Attacks. In: Guilley, S. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2017. Lecture Notes in Computer Science(), vol 10348. Springer, Cham. https://doi.org/10.1007/978-3-319-64647-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-64647-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64646-6
Online ISBN: 978-3-319-64647-3
eBook Packages: Computer ScienceComputer Science (R0)