Papers
Topics
Authors
Recent
Search
2000 character limit reached

On the Effect of Clock Frequency on Voltage and Electromagnetic Fault Injection

Published 20 Oct 2023 in cs.CR | (2310.13389v1)

Abstract: We investigate the influence of clock frequency on the success rate of a fault injection attack. In particular, we examine the success rate of voltage and electromagnetic fault attacks for varying clock frequencies. Using three different tests that cover different components of a System-on-Chip, we perform fault injection while its CPU operates at different clock frequencies. Our results show that the attack's success rate increases with an increase in clock frequency for both voltage and EM fault injection attacks. As the technology advances push the clock frequency further, these results can help assess the impact of fault injection attacks more accurately and develop appropriate countermeasures to address them.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (28)
  1. “Low cost attacks on tamper resistant devices” In International Workshop on Security Protocols, 1997, pp. 125–136 Springer
  2. “Fault attacks on RSA with CRT: Concrete results and practical countermeasures” In International Workshop on Cryptographic Hardware and Embedded Systems, 2002, pp. 260–275 Springer
  3. Josep Balasch, Benedikt Gierlichs and Ingrid Verbauwhede “An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs” In 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, 2011, pp. 105–114 IEEE
  4. “The sorcerer’s apprentice guide to fault attacks” In Proceedings of the IEEE 94.2 IEEE, 2006, pp. 370–382
  5. “Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures” In Proceedings of the IEEE 100.11, 2012, pp. 3056–3076
  6. “Contactless electromagnetic active attack on ring oscillator based true random number generator” In International Workshop on Constructive Side-Channel Analysis and Secure Design, 2012, pp. 151–166 Springer
  7. Ingrid Biehl, Bernd Meyer and Volker Müller “Differential fault attacks on elliptic curve cryptosystems” In Annual International Cryptology Conference, 2000, pp. 131–146 Springer
  8. “Differential fault analysis of secret key cryptosystems” In Annual international cryptology conference, 1997, pp. 513–525 Springer
  9. Dan Boneh, Richard A DeMillo and Richard J Lipton “On the importance of checking cryptographic protocols for faults” In International conference on the theory and applications of cryptographic techniques, 1997, pp. 37–51 Springer
  10. Claudio Bozzato, Riccardo Focardi and Francesco Palmarini “Shaping the Glitch: Optimizing Voltage Fault Injection Attacks” In IACR Transactions on Cryptographic Hardware and Embedded Systems 2019, 2019, pp. 199–224
  11. “BADFET: Defeating Modern Secure Boot Using Second-Order Pulsed Electromagnetic Fault Injection” In 11th {normal-{\{{USENIX}normal-}\}} Workshop on Offensive Technologies ({normal-{\{{WOOT}normal-}\}} 17), 2017
  12. “Electromagnetic transient faults injection on a hardware and a software implementations of AES” In 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, 2012, pp. 7–15 IEEE
  13. Mathieu Dumont, Mathieu Lisart and Philippe Maurine “Electromagnetic Fault Injection : How Faults Occur” In 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2019, pp. 9–16 DOI: 10.1109/FDTC.2019.00010
  14. Mahmoud A. Elmohr, Haohao Liao and Catherine H. Gebotys “EM Fault Injection on ARM and RISC-V” In 2020 21st International Symposium on Quality Electronic Design (ISQED), 2020, pp. 206–212 DOI: 10.1109/ISQED48828.2020.9137051
  15. Christophe Giraud “DFA on AES” In International Conference on Advanced Encryption Standard, 2004, pp. 27–41 Springer
  16. “Methodology for EM Fault Injection: Charge-based Fault Model” In 2019 Design, Automation Test in Europe Conference Exhibition (DATE), 2019, pp. 256–259 DOI: 10.23919/DATE.2019.8715150
  17. “Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller” In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, 2013, pp. 77–88 IEEE
  18. “Evidence of a larger EM-induced fault model” In International Conference on Smart Card Research and Advanced Applications, 2014, pp. 245–259 Springer
  19. Riscure “Inspector Fault Injection” [Online; Accessed October 20, 2023], https://getquote.riscure.com/en/inspector-fault-injection.html, 2020
  20. “High precision fault injections on the instruction cache of ARMv7-M architectures” In 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2015, pp. 62–67 IEEE
  21. SiFive “FE310-G000 Datasheet” [Online; Accessed: October 20, 2023], https://sifive.cdn.prismic.io/sifive%2Ffeb6f967-ff96-418f-9af4-a7f3b7fd1dfc_fe310-g000-ds.pdf, 2017
  22. SiFive “FE310-G000 Manual” [Online; Accessed: October 20, 2023], https://static.dev.sifive.com/FE310-G000.pdf, 2019
  23. SiFive “HiFive1 Schematics” [Online; Accessed: October 20, 2023], https://sifive.cdn.prismic.io/sifive%2F080cdef9-4631-4c9b-b8f5-7937fbdec8a4_hifive1-a01-schematics.pdf, 2016
  24. Sergei P Skorobogatov and Ross J Anderson “Optical fault induction attacks” In International workshop on cryptographic hardware and embedded systems, 2002, pp. 2–12 Springer
  25. “Escalating Privileges in Linux Using Voltage Fault Injection” In 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2017, pp. 1–8
  26. N. Timmers, A. Spruyt and M. Witteman “Controlling PC on ARM Using Fault Injection” In 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2016, pp. 25–35
  27. “Laser-induced fault injection on smartphone bypassing the secure boot” In IEEE Transactions on Computers IEEE, 2018
  28. “Power supply glitch induced faults on FPGA: An in-depth analysis of the injection mechanism” In 2013 IEEE 19th International On-Line Testing Symposium (IOLTS), 2013, pp. 110–115 IEEE
Citations (4)
View on Semantic Scholar

Summary

  • The paper demonstrates that increased clock frequency significantly raises the success rate of voltage and electromagnetic fault injection attacks on SoCs.
  • The research used assembly-level test loops on the FE310-G000 chip to analyze fault scenarios at different clock speeds.
  • Experimental results reveal timing and charge-based vulnerabilities that inform enhanced countermeasure designs for secure SoCs.

Summary of "On the Effect of Clock Frequency on Voltage and Electromagnetic Fault Injection"

The paper "On the Effect of Clock Frequency on Voltage and Electromagnetic Fault Injection" (2310.13389) presents an experimental analysis of how clock frequency influences the success rate of Voltage Fault Injection (VFI) and Electromagnetic Fault Injection (EMFI) attacks on System-on-Chip (SoC) architectures. Using SiFive's HiFive1 development board with the FE310-G000 chip, the research explores fault injection at varying clock frequencies, contributing novel insights into the susceptibility of these systems under physical attack vectors.

Background and Methodology

Fault injection attacks have long been utilized to compromise cryptographic implementations and other security mechanisms in devices such as embedded systems and smart cards. By altering the intended behavior through physical means, attackers can bypass security measures. This paper examines how these attacks succeed with varying clock frequencies on multi-core SoCs, which can operate at different speeds due to external or internal configurations. The introduction of PLL mechanisms and boot flow characteristics in SoCs raised the question of whether the success rate of FI attacks depends on these operational conditions.

Three test applications were developed to capture the effects of faults across different SoC components: register-based loop, memory-based loop, and unrolled loop. Each test aims to investigate different fault scenarios by modifying instructions or data during execution. The tests were implemented in assembly to control execution precisely and avoid compiler optimizations. VFI and EMFI were conducted using a Glitch Generator and EMFI Transient Probe, respectively, with experiments analyzing fault induction across slow, medium, and high clock frequencies.

Experimental Results

Voltage Fault Injection (VFI)

VFI experiments demonstrated that the success rate significantly increases at higher clock frequencies. At 240MHz, numerous successful faults were induced by lowering the glitch voltage while keeping the glitch duration short. Dropping the input voltage temporarily introduced timing constraint violations, more pronounced at higher frequencies due to decreased clock periods.

Observation of Successful Faults: For all clock frequencies:

  • Branch Skipping: Occurred when tests unexpectedly continued due to skipped conditional checks.
  • Instruction Manipulation: Modifications in immediate values or operations, altering program behavior.

For detailed results, see Figures 6-8.

Electromagnetic Fault Injection (EMFI)

EMFI analysis highlighted that successful faults were isolated to higher frequencies, supporting a charge-based fault model over a purely timing-based one. Optimal position scans showed successful induction near SPI flash memory communication points, indicating susceptibility to external instruction retrieval processes. Attempts at lower frequencies were predominantly ineffective, emphasizing frequency-dependent vulnerability (Figures 3-5).

Discussion

The results illustrate that increasing operating frequency enhances susceptibility to fault injections, both for VFI and EMFI. This aligns with prior studies indicating that higher frequencies reduce clock periods, facilitating timing violations that drive fault occurrences. In practice, stronger glitches necessary at lower frequencies often result in system resets, corroborating the increased inducibility observed at higher rates.

The charge-based fault model appears more applicable to EMFI results, where fault induction coincides with frequency increases. This suggests a more nuanced understanding of faults that incorporate both timing constraints and physical charge disruptions as factors in FI attacks.

Conclusion

The research successfully demonstrates clock frequency's influence on FI attack success rates within modern SoCs. Higher clock frequencies exacerbate vulnerability due to faster operational cycles that facilitate timing and charge-based VA/EMFI attacks. These findings underscore the necessity for robust countermeasures that consider varying operating conditions in SoC design, helping safeguard devices against evolving fault attack methodologies.

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up