The security of cryptographic processors is endangered by optical fault injection attacks. Transistors hit by a pulse of photons causes them to conduct transiently, thereby introducing transient logic errors, such as register value modifications, memory dumping and so on. Attackers can make use of this abnormal behaviour and extract secure information that the devices try to protect. This paper presents a simulation methodology to evaluate the security of cryptographic processors against optical fault injection attacks at design time. This simulation methodology involves exhaustively scanning the layout, incorporating the exposed cells into a circuit simulator and examining the response of the circuit in detail. Simulation performed on a test chip demonstrates that optical fault injection could harm the security of the cryptographic processors in various ways. Experiments conducted on the same test chip spot the same vulnerabilities, thus indicating the validity of the proposed simulation methodology.
References
-
-
1)
-
Fournier, J., Moore, S., Li, H., Mullins, R., Taylor, G.: `Security evaluation of asynchronous circuits', Proc. of Cryptographic Hardware and Embedded Systems - CHES2003, 2003, p. 137–151.
-
2)
-
J.P. Kreskovsky ,
H.L. Grubin
.
(1986)
Numerical simulation of charge collection in two- and three-dimensional silicon diodes – a comparison.
-
3)
-
J-J. Quisquater ,
D. Samyde
.
ElectroMagnetic Analysis (EMA): Measures and counter-measures for smart cards.
E-smart
,
200 -
210
-
4)
-
D.G. Abraham ,
G.M. Dolan ,
G.P. Double ,
J.V. Stevens
.
(1991)
Transaction security system.
-
5)
-
G3Card Consortium. 3rd generation smart card project. http://www.g3card.org/..
-
6)
-
S. Selberherr
.
(1984)
Analysis and Simulation of Semiconductor Devices.
-
7)
-
Anderson, R., Kuhn, M.: `Tamper resistance - a cautionary note', 2nd USENIX Workship on Electronic Commerce Proceedings, 1996, p. 1–11.
-
8)
-
K. Mayaram ,
J.H. Chern ,
P. Yang
.
(1993)
Algorithms for transient threedimensional mixed-level circuit and device simulation.
-
9)
-
D. Binder ,
E.C. Smith ,
A.B. Holman
.
(1975)
Satellite anomalies from galactic cosmic rays.
-
10)
-
Kocher, P., Jaffe, J., Jun, B.: `Differential power analysis', Proc. 19th International Advances in Cryptology Conference – CRYPTO '99,, 1999, p. 388–397.
-
11)
-
S. Buchner
.
(1987)
Laser simulation of single-event upsets.
-
12)
-
P.E. Dodd ,
F.W. Sexton ,
G.L. Hash ,
M.R. Shaneyfelt ,
B.L. Draper ,
A.J. Farino ,
R.S. Flores
.
(1996)
Impact of technology trends on SEU in CMOS SRAMS.
-
13)
-
L.W. Massengill
.
(1993)
SEU modeling and prediction techniques.
-
14)
-
E.M. Buturla ,
P.E. Cottrell ,
B.M. Grossman ,
K.A. Salsburg
.
(1981)
Finite-element analysis of semiconductor devices: The fielday program.
-
15)
-
L.C. Wagner
.
(1999)
Failure Analysis of Integrated Circuits: Tools and Techniques.
-
16)
-
Kocher, P.: `Cryptanalysis of Diffe-Hellman, RSA, DSS, and other cryptosystems using timing attacks', Proc. 15th International Advances in Cryptology Conference – CRYPTO '95,, 1995, p. 171–183.
-
17)
-
M.S. Lundstrom
.
(1990)
Fundamentals of Carrier Transport.
-
18)
-
A.H. Johnston
.
(1993)
Charge generation and collection in .
-
19)
-
Nikiforov, A.Y., Chumakov, A.I., Skorobogatov, P.K.: `CMOS IC's transient radiation effects investigations, models verification and parameter extraction with the test structures laser simulation tests', Proc. of the 1996 IEEE International Conference on Microelectronic Test Structures, 1996, p. 253–258.
-
20)
-
J.G. Rollins ,
J. Choma
.
(1988)
Mixed-mode pisces-spice coupled circuit and device solver.
-
21)
-
Philips Semiconductors Leads Industry with Smart Card Security Benchmark. Product news from philips semiconductors. http://www.semiconductors.philips.com/news/content/file_354.html, October, 1998..
-
22)
-
D. McMorrow ,
J.S. Melinger ,
S. Buchner
.
(2000)
Application of a pulsed laser for evaluation and optimization of SEU-Hard designs.
-
23)
-
Skorobogatov, S., Anderson, R.: `Optical fault induction attacks', Proc. of Cryptographic Hardware and Embedded Systems - CHES2002, 2002, p. 2–12.
-
24)
-
G.C. Messenger
.
(1982)
Collection of charge on junction nodes from ion tracks.
-
25)
-
C.W. Gwyn ,
D.L. Scharfetter ,
J.L. Wirth
.
(1967)
The analysis of radiation effects in semiconductor junction devices.
-
26)
-
P.E. Dodd ,
L.W. Massengill
.
(2003)
Basic mechanisms and modeling of single-event upset in digital microelectronics.
-
27)
-
The free dictionary encyclopedia: Harvard architecture. http://encyclopedia.thefreedictionary.com/harvard\%20architecture..
http://iet.metastore.ingenta.com/content/journals/10.1049/ip-ifs_20055021
Related content
content/journals/10.1049/ip-ifs_20055021
pub_keyword,iet_inspecKeyword,pub_concept
6
6