Fault Injection Attack Emulation Framework for Early Evaluation of IC Designs
Article No.: 8, Pages 1 - 25
Abstract
Fault injection attack (FIA) has become a serious threat to the confidentiality and fault tolerance of integrated circuits (ICs). Circuit designers need an effective method to evaluate the countermeasures of the IC designs against the FIAs at the design stage. To address the need, this article, based on FPGA emulation, proposes an in-circuit early evaluation framework, in which FIAs are emulated with parameterized fault models. To mimic FIAs, an efficient scan approach is proposed to inject faults at any time at any circuit nodes, while both the time and area overhead of fault injection are reduced. After the circuit design under test (CUT) is submitted to the framework, the scan chains insertion, fault generation, and fault injection are executed automatically, and the evaluation result of the CUT is generated, making the evaluation a transparent process to the designers. Based on the framework, the confidentiality and fault-tolerance evaluations are demonstrated with an information-based evaluation approach. Experiment results on a set of ISCAS89 benchmark circuits show that on average, our approach reduces the area overhead by 41.08% compared with the full scan approach and by over 20.00% compared with existing approaches. The confidentiality evaluation experiments on AES-128 and DES-56 and the fault-tolerance evaluation experiments on two CNN circuits, a RISC-V core, a Cordic core, and the float point arithmetic units show the effectiveness of the proposed framework.
References
[1]
M. Al-Kuwaiti, N. Kyriakopoulos, and S. Hussein. 2009. A comparative analysis of network dependability, fault-tolerance, reliability, security, and survivability. IEEE Communications Surveys Tutorials 11, 2 (2009), 106–124.
[2]
Ting An, Lirida Alves de Barros Naviner, and Philippe Matherat. 2013. Evaluation of fault-tolerant composite field AES S-boxes under multiple transient faults. In 2013 IEEE 11th International New Circuits and Systems Conference (NEWCAS’13). 1–4.
[3]
J. Balasch, B. Gierlichs, and I. Verbauwhede. 2011. An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography. 105–114.
[4]
A. Barenghi, L. Breveglieri, I. Koren, and D. Naccache. 2012. Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures. Proceedings of the IEEE 100, 11 (Nov. 2012), 3056–3076.
[5]
F. Benevenuti and F. L. Kastensmidt. 2017. Evaluation of fault attack detection on SRAM-based FPGAs. In 2017 18th IEEE Latin American Test Symposium (LATS’17). 1–6.
[6]
C. Boit, C. Helfmeier, D. Nedospasov, and A. Fox. 2013. Ultra high precision circuit diagnosis through seebeck generation and charge monitoring. In Proceedings of the 20th IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA’13). 17–21.
[7]
K. Bousselam, G. Di Natale, M-L. Flottes, and B. Rouzeyre. 2010. Evaluation of concurrent error detection techniques on the advanced encryption standard. In 2010 IEEE 16th International On-Line Testing Symposium. 223–228. 1942-9401.
[8]
Rajat Subhra Chakraborty, Peter Schwabe, and Jon Solworth (Eds.). 2015. Security, Privacy, and Applied Cryptography Engineering: 5th International Conference, Proceedings (SPACE’15). Lecture Notes in Computer Science, Vol. 9354. Springer International Publishing, Cham.
[9]
Srimat T. Chakradhar, Arun Balakrishnan, and Vishwani D. Agrawal. 1995. An exact algorithm for selecting partial scan flip-flops. Journal of Electronic Testing 7, 1 (1995), 83–93.
[10]
Pierluigi Civera, Luca Macchiarulo, Maurizio Rebaudengo, M. Sonza Reorda, and Massimo Violante. 2002. An FPGA-based approach for speeding-up fault injection campaigns on safety-critical circuits. Journal of Electronic Testing 18, 3 (2002), 261–271.
[11]
cliffordwolf. PicoRV32 - A Size-Optimized RISC-V CPU. Retrieved March 3, 2019, from https://github.com/cliffordwolf/picorv32.
[12]
F. Courbon, J. J. A. Fournier, P. Loubet-Moundi, and A. Tria. 2015. Combining image processing and laser fault injections for characterizing a hardware AES. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 34, 6 (June 2015), 928–936.
[13]
S. Di Carlo, P. Prinetto, D. Rolfo, and P. Trotta. 2014. A fault injection methodology and infrastructure for fast single event upsets emulation on Xilinx SRAM-based FPGAs. In 2014 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT’14). 159–164.
[14]
J. Dutertre, J. J. A. Fournier, A. Mirbaha, D. Naccache, J. Rigaud, B. Robisson, and A. Tria. 2011. Review of fault injection mechanisms and consequences on countermeasures design. In 2011 6th International Conference on Design Technology of Integrated Systems in Nanoscale Era (DTIS’11). 1–6.
[15]
M. A. Elmohr, H. Liao, and C. H. Gebotys. 2020. EM fault injection on ARM and RISC-V. In 2020 21st International Symposium on Quality Electronic Design (ISQED’20). 206–212.
[16]
N. F. Ghalaty, B. Yuce, M. Taha, and P. Schaumont. 2014. Differential fault intensity analysis. In 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography. 49–58.
[17]
Dennis R. E. Gnad, Fabian Oboril, and Mehdi B. Tahoori. 2017. Voltage drop-based fault attacks on FPGAs using valid bitstreams. In 2017 27th International Conference on Field Programmable Logic and Applications (FPL’17). IEEE, 1–7.
[18]
R. Gupta, R. Gupta, and M. A. Breuer. 1990. The Ballast methodology for structured partial scan design. IEEE Transactions on Computers 39, 4 (Apr. 1990), 538–544.
[19]
A. Janning, J. Heyszl, F. Stumpf, and G. Sigl. 2011. A cost-effective FPGA-based fault simulation environment. In 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography. 21–31.
[20]
C. H. Kim. 2010. Differential fault analysis against AES-192 and AES-256 with minimal faults. In 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography. 3–9.
[21]
C. H. Kim and J. Quisquater. 2007. Faults, injection methods, and fault attacks. IEEE Design Test of Computers 24, 6 (2007), 544–545.
[22]
Michael Kissner. 2019. Hacking neural networks: A short introduction. arXiv preprint arXiv:1911.07658 (2019).
[23]
J. Laurent, V. Beroulle, C. Deleuze, and F. Pebay-Peyroula. 2019. Fault injection on hidden registers in a RISC-V rocket processor and software countermeasures. In 2019 Design, Automation Test in Europe Conference Exhibition (DATE’19). 252–255.
[24]
R. Leveugle. 2007. Early analysis of fault-based attack effects in secure circuits. IEEE Transactions on Computers 56, 10 (Oct. 2007), 1431–1434.
[25]
R. Leveugle and M. Ben Jrad. 2010. A new methodology for accurate predictive robustness analysis of designs implemented in SRAM-based FPGAs. In 2010 17th IEEE International Conference on Electronics, Circuits and Systems. 1172–1175.
[26]
T. Li and Q. Liu. 2016. Cost effective partial scan for hardware emulation. In 2016 IEEE 24th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM’16). 131–134.
[27]
T. Li and Q. Liu. 2018. A low cost partial scan approach based on balanced sequential graph transformation. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 37, 5 (2018), 1109–1113.
[28]
Yang Li, Shigeto Gomisawa, Kazuo Sakiyama, and Kazuo Ohta. 2010. An information theoretic perspective on the differential fault analysis against AES.IACR Cryptology ePrint Archives 2010 (2010), 32.
[29]
Q. Liu, B. Ning, and P. Deng. 2019. Information theory-based quantitative evaluation method for countermeasures against fault injection attacks. IEEE Access 7 (2019), 141920–141928.
[30]
J. M. Mogollon, H. Guzmán-Miranda, J. Nápoles, J. Barrientos, and M. A. Aguirre. 2011. FTUNSHADES2: A novel platform for early evaluation of robustness against SEE. In 2011 12th European Conference on Radiation and Its Effects on Components and Systems. 169–174.
[31]
N. Moro, A. Dehbaoui, K. Heydemann, B. Robisson, and E. Encrenaz. 2013. Electromagnetic fault injection: Towards a fault model on a 32-bit microcontroller. In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography. 77–88.
[32]
R. Nyberg, J. Nolles, J. Heyszl, D. Rabe, and G. Sigl. 2014. Closing the gap between speed and configurability of multi-bit fault emulation environments for security and safety-critical designs. In 2014 17th Euromicro Conference on Digital System Design (DSD’14). 114–121.
[33]
A. Papadimitriou, D. Hély, V. Beroulle, P. Maistri, and R. Leveugle. 2014. A multiple fault injection methodology based on cone partitioning towards RTL modeling of laser attacks. In 2014 Design, Automation Test in Europe Conference Exhibition (DATE’14). 1–4.
[34]
Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z. Berkay Celik, and Ananthram Swami. 2016. The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy (EuroS P’16). 372–387.
[35]
F. Pournaghdali, A. Rajabzadeh, and M. Ahmadi. 2013. VHDLSFI: A simulation-based multi-bit fault injection for dependability analysis. In International eConference on Computer and Knowledge Engineering (ICCKE’13). IEEE, 354–360.
[36]
K. Sakiyama, Y. Li, M. Iwamoto, and K. Ohta. 2012. Information-theoretic approach to optimal differential fault analysis. IEEE Transactions on Information Forensics and Security 7, 1 (2012), 109–120.
[37]
E. Sanchez, L. Sterpone, and A. Ullah. 2014. Effective emulation of permanent faults in ASICs through dynamically reconfigurable FPGAs. In 2014 24th International Conference on Field Programmable Logic and Applications (FPL’14). 1–6.
[38]
Falk Schellenberg, Markus Finkeldey, Nils Gerhardt, Martin Hofmann, Amir Moradi, and Christof Paar. 2016. Large laser spots and fault sensitivity analysis. In 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST’16). IEEE, 203–208.
[39]
Song Xu, Qiang Liu, Tao Li, and Hongxiang Fan. 2016. IC security evaluation against fault injection attack based on FPGA emulation. In 2016 International Conference on Field-Programmable Technology (FPT’16). 285–288.
[40]
P. Vanhauwaert, R. Leveugle, and P. Roche. 2006. A flexible SoPC-based fault injection environment. In 2006 IEEE Design and Diagnostics of Electronic Circuits and Systems. 190–195.
[41]
Y. Xie, H. Chen, Y. Xie, C. Mao, and B. Li. 2018. An automated FPGA-based fault injection platform for granularly-pipelined fault tolerant CORDIC. In 2018 International Conference on Field-Programmable Technology (FPT’18). 370–373.
Index Terms
- Fault Injection Attack Emulation Framework for Early Evaluation of IC Designs
Recommendations
Side-channel leakage from sensor-based countermeasures against fault injection attack
AbstractIn laser fault injection, an attacker injects laser to a chip implementing cryptography and exploits a fault to attack the cryptography. A promising approach to counteract fault injection attack is to detect an attempt of fault ...
Fault Injection and Dependability Evaluation of Fault-Tolerant Systems
The authors describe a dependability evaluation method based on fault injection that establishes the link between the experimental evaluation of the fault tolerance process and the fault occurrence process. The main characteristics of a fault injection ...
Fault Injection Attack on A5/3
ISPA '11: Proceedings of the 2011 IEEE Ninth International Symposium on Parallel and Distributed Processing with ApplicationsIn this paper, we propose a fault injection attack on A5/3 used in GSM. This attack is based on the fault assumption in [9]. That is, it is assumed that we can decrease the number of rounds in block cipher KASUMI of A5/3 by injecting some faults. With ...
Comments
Information & Contributors
Information
Published In
January 2022
230 pages
Copyright © 2021 Association for Computing Machinery.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 15 October 2021
Accepted: 01 August 2021
Revised: 01 July 2021
Received: 01 March 2021
Published in TODAES Volume 27, Issue 1
Check for updates
Author Tags
Qualifiers
- Research-article
- Refereed
Funding Sources
- National Natural Science Foundation of China
- Tianjin Municipal Transportation Science and Technology Development Plan
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 184Total Downloads
- Downloads (Last 12 months)51
- Downloads (Last 6 weeks)10
Reflects downloads up to 26 Jul 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format