Skip to main content
Log in

Analysis of Dynamic Laser Injection and Quiescent Photon Emissions on an Embedded Processor

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Security is increasingly widespread in many embedded devices. As technology scales, fault attacks are seen as becoming more relevant to many embedded devices, revealing secrets utilized within the silicon. Despite numerous publications in fault injection, laser fault injection methodologies remain diverse with limited details on equipment and setups. A new laser fault injection methodology is proposed which combines quiescent photon emissions with backside dynamic laser pulse profiling in time and space. Empirical results illustrate the impact of the laser on multiple-instruction fault injections, and controlled instruction replacement faults. Unlike previous research, quiescent photon emissions combined with laser fault injection provides fine tuning of faulty instructions in addition to reverse engineering within each clock cycle. This research is critical for understanding how to design more secure and trustworthy hardware, including countermeasures to thwart attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

References

  1. Fleming B (2011) Microcontroller units in automobiles [automotive electronics]. IEEE Veh Technol Mag 6 (3):4–8

    Article  Google Scholar 

  2. Tajik S, Lohrke H, Ganji F, Seifert J, Boit C (2015) Laser fault attack on physically unclonable functions. In: 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp 85–96

  3. Moro N, Heydemann K, Encrenaz E, Robisson B (2014) Formal verification of a software countermeasure against instruction skip attacks. J Cryptogr Eng 4(3):145–156. https://doi.org/10.1007/s13389-014-0077-7

    Article  Google Scholar 

  4. Kumar SVD, Patranabis S, Breier J, Mukhopadhyay D, Bhasin S, Chattopadhyay A, Baksi A (2017) A practical fault attack on arx-like ciphers with a case study on ChaCha20. In: 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp 33–40

  5. Amin K, Gebotys C, Faraj M, Liao H (2019) Analysis of dynamic laser injection and quiescent photon emissions on an embedded processor. In: PAINE International Conference on Physical Assurance and Inspection of Electronics

  6. Skorobogatov SP, Anderson RJ (2003) Optical fault induction attacks. International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) 2523:2–12

    Article  Google Scholar 

  7. Darracq F, Beauchene T, Pouget V, Lapuyade H, Lewis D, Fouillat P, Touboul A (2002) Single-event sensitivity of a single SRAM cell. IEEE Trans Nucl Sci 49(3):1486–1490

    Article  Google Scholar 

  8. Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc IEEE 100(11):3056–3076

    Article  Google Scholar 

  9. Schellenberg F, Finkeldey M, Gerhardt N, Hofmann M, Moradi A, Paar C (2016) Large laser spots and fault sensitivity analysis. In: 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp 203–208

  10. Dutertre J, Beroulle V, Candelier P, De Castro S, Faber L, Flottes M, Gendrier P, Hély D, Leveugle R, Maistri P, Di Natale G, Papadimitriou A, Rouzeyre B (2018) Laser fault injection at the CMOS 28 nm technology node: an analysis of the fault model. In: 2018 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp 1–6

  11. Breier J, Jap D, Chen C-N (2015) Laser profiling for the back-side fault attacks: with a practical laser skip instruction attack on AES. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, ser. CPSS ’15. ACM, New York, pp 99–103. https://doi.org/10.1145/2732198.2732206

  12. Courbon F, Fournier JJA, Loubet-Moundi P, Tria A (2015) Combining image processing and laser fault injections for characterizing a hardware AES. IEEE Trans Comput-Aided Des Integr Circ Syst 34(6):928–936

    Article  Google Scholar 

  13. Korak T (2013) Investigation of parameters influencing the success of optical fault attacks. In: Foundations and Practice of Security - 6th International Symposium, FPS 2013, La Rochelle, France, October 21-22, 2013, Revised Selected Papers, pp. 140–157. [Online]. Available: https://doi.org/10.1007/978-3-319-05302-8_9

    Chapter  Google Scholar 

  14. Vasselle A, Thiebeauld H, Maouhoub Q, Morisset A, Ermeneux S (2017) Laser-induced fault injection on smartphone bypassing the secure boot. In: 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp 41–48

  15. Roscian C, Sarafianos A, Dutertre JM, Tria A (2013) Fault model analysis of laser-induced faults in SRAM memory cells. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp 89–98

  16. “PIC16F687 datasheet.” [Online]. Available: http://ww1.microchip.com/downloads/en/DeviceDoc/40001262F.pdf

  17. Faraj M, Gebotys C (2018) Quiescent photonics side channel analysis: low cost SRAM readout attack. In: Kangacrypt, Australian Workshop on Offensive Cryptography

  18. “Rohde & Schwarz, H field probe RS H 2.5-2.” [Online]. Available: https://scdn.rohde-schwarz.com/ur/pws/dl_downloads/dl_common_library/dl_brochures_and_datasheets/pdf_1/service_support_30/HZ-15_16_17_bro_en_5213-6687-12_v0100.pdf

  19. “PICmicro Mid-Range MCU Family Reference Manual - Microchip.” [Online]. Available: http://ww1.microchip.com/downloads/en/devicedoc/33023a.pdf

  20. Giraud C (2005) DFA on AES. In: Proceedings of the 4th International Conference on Advanced Encryption Standard, ser. AES’04. Bonn, Springer, pp 27–41. https://doi.org/10.1007/11506447_4

    Chapter  Google Scholar 

Download references

Acknowledgments

The authors would like to thank Prof. Donna Strickland for her valuable insights on various laser measurements.

Funding

This study was financially supported in part by grants from NSERC and XtremeEDA Corp.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Karim Amin.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Amin, K., Gebotys, C., Faraj, M. et al. Analysis of Dynamic Laser Injection and Quiescent Photon Emissions on an Embedded Processor. J Hardw Syst Secur 4, 55–67 (2020). https://doi.org/10.1007/s41635-020-00090-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-020-00090-1

Keywords

Navigation