research-article

Frontside Versus Backside Laser Injection: A Comparative Study

Authors:

Stephan De Castro,

Jean-Max Dutertre,

Bruno Rouzeyre,

Giorgio Di Natale,

Marie-Lise FlottesAuthors Info & Claims

ACM Journal on Emerging Technologies in Computing Systems (JETC), Volume 13, Issue 1

Article No.: 7, Pages 1 - 15

https://doi.org/10.1145/2845999

Published: 30 November 2016 Publication History

Abstract

The development of cryptographic devices was followed by the development of so-called implementation attacks, which are intended to retrieve secret information exploiting the hardware itself. Among these attacks, fault attacks can be used to disturb the circuit while performing a computation to retrieve the secret. Among possible means of injecting a fault, laser beams have proven to be accurate and powerful. The laser can be used to illuminate the circuit either from its frontside (i.e., where metal interconnections are first encountered) or from the backside (i.e., through the substrate). Historically, frontside injection was preferred because it does not require the die to be thinned. Nevertheless, due to the increasing integration of metal layers in modern technologies, frontside injections do not allow targeting of any desired location. Indeed, metal lines act as mirrors, and they reflect and refract most of the energy provided by the laser beam. Conversely, backside injections, although more difficult to set up, allow an increase of the resolution of the target location and remove the drawbacks of the frontside technique. This article compares experimental results from frontside and backside fault injections. The effectiveness of the two techniques is measured in terms of exploitable errors on an AES circuit (i.e., errors that can be used to extract the value of the secret key used during the encryption process). We will show, conversely to what is generally assumed, that frontside injection can provide even better results compared to backside injection, especially for low-cost beams with a large laser spot.

References

[1]

AES. 2001. Federal Information Processing Standards Publication 197. Retrieved October 26, 2016, from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

[2]

S. S. Ali and D. Mukhopadhyay. 2011. A differential fault analysis on AES key schedule using single fault. In Proceedings of the 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’11). 35--42.

Digital Library

[3]

Subidh Ali, Debdeep Mukhopadhyay, and Michael Tunstall. 2010. Differential Fault Analysis of AES Using a Single Multiple-Byte Fault. Retrieved October 26, 2016, from https://eprint.iacr.org/2010/636.pdf.

[4]

Eli Biham and Adi Shamir. 1997. Differential fault analysis of secret key cryptosystems. In Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’97). 513--525. http://dl.acm.org/citation.cfm?id=646762.706179

Digital Library

[5]

Johannes Blomer and Jean-Pierre Seifert. 2003. Fault based cryptanalysis of the Advanced Encryption Standard (AES). In Financial Cryptography. Lecture Notes in Computer Science, Vol. 2742. Springer, 162--181.

[6]

Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults. In Advances in Cryptology—EUROCRYPT’97. Lecture Notes in Computer Science, Vol. 1233. Springer, 37--51.

Digital Library

[7]

V. A. Carreno, G. Choi, R. K. Iyer, and Langley Research Center. 1990. Analog-Digital Simulation of Transient-Induced Logic Errors and Upset Susceptibility of an Advanced Control System. National Aeronautics and Space Administration, Office of Management, Scientific and Technical Information Division. http://books.google.fr/books?id=5WaXdXV4wnMC.

[8]

Chen Chien-Ning and Yen Sung-Ming. 2003. Differential fault analysis on AES key schedule and some countermeasures. In Information Security and Privacy. Lecture Notes in Computer Science, Vol. 2727. Springer, 118--129.

Digital Library

[9]

Hamid Choukri and Michael Tunstall. 2005. Round reduction using faults. In Proceedings of the 2nd International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’05). 13--24.

[10]

F. Courbon, P. Loubet-Moundi, J. J. A. Fournier, and A. Tria. 2014. Increasing the efficiency of laser fault injections using fast gate level reverse engineering. In Proceedings of the 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST’14). 60--63.

[11]

Pierre Dusart, Gilles Letourneux, and Olivier Vivolo. 2003. Differential fault analysis on A.E.S. In Applied Cryptography and Network Security. Lecture Notes in Computer Science, Vol. 2846. Springer, 293--306.

[12]

J.-M. Dutertre, S. de Castro, A. Sarafianos, N. Boher, B. Rouzeyre, M. Lisart, J. Damiens, P. Candelier, M.-L. Flottes, and G. Di Natale. 2014. Laser attacks on integrated circuits: From CMOS to FD-SOI. In Proceedings of the 2014 9th IEEE International Conference on Design Technology of Integrated Systems in Nanoscale Era (DTIS’14). 1--6.

[13]

Christophe Giraud. 2003. DFA on AES. In Advanced Encryption Standard—AES. Lecture Notes in Computer Science, Vol. 3373. Springer, 27--41.

Digital Library

[14]

D. H. Habing. 1965. The use of lasers to simulate radiation-induced transients in semiconductor devices and circuits. IEEE Transactions on Nuclear Science 12, 5, 91--100.

[15]

Chong Hee Kim and Jean-Jacques Quisquater. 2008. New differential fault analysis on AES key schedule: Two faults are enough. In Smart Card Research and Advanced Applications. Lecture Notes in Computer Science, Vol. 5189. Springer-Verlag, 48--60.

Digital Library

[16]

David R. Martinez, Robert A. Bond, and M. Michael Vai (Eds.). 2008. High Performance Embedded Computing Handbook: A Systems Perspective. CRC Press, Boca Raton, FL. http://opac.inria.fr/record=b1127184.

Digital Library

[17]

Amir-Pasha Mirbaha. 2011. Etude de la Vulnrabilit Des Circuits Cryptographiques l’injection de Fautes Par Laser. Ph.D. Dissertation. Microlectronique Saint-Etienne, EMSE.

[18]

E. D. Palik. 1991. Handbook of Optical Constants of Solids II. Academic Press, Cambridge, MA. http://books.google.fr/books?id=d4_kRYYS0H8C.

[19]

Jea Hoon Park, Sang Jae Moon, Doo Ho Choi, You Sung Kang, and Jae Cheol Ha. 2011. Differential fault analysis for round-reduced AES by fault injection. ETRI Journal 33, 3, 434--442.

[20]

Gilles Piret and Jean Jacques Quisquater. 2003. A differential fault attack technique against SPN structures, with application to the AES and Khazad. In Cryptographic Hardware and Embedded Systems—CHES 2003. Lecture Notes in Computer Science, Vol. 2779. Springer, 77--88.

[21]

Vincent Pouget. 2000. Simulation Experimentale Par Impulsions Laser Ultra-Courtes Des Effets Des Radiations Ionisantes Sur Les Circuits Intgrs. Ph.D. Dissertation. Bordeaux 1.

[22]

Bruno Robisson and Pascal Manet. 2007. Differential behavioral analysis. In Cryptographic Hardware and Embedded Systems—CHES 2007. Lecture Notes in Computer Science, Vol. 4727. Springer, 413--426. http://hal-emse.ccsd.cnrs.fr/emse-00481468

Digital Library

[23]

C. Roscian, J.-M. Dutertre, and A. Tria. 2013. Frontside laser fault injection on cryptosystems—application to the AES’ last round. In Proceedings of the 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST’13). 119--124.

[24]

P. Schmid. 1981. Optical absorption in heavily doped silicon. Physical Review B, 10, 5531--5536.

[25]

Sergei P. Skorobogatov and Ross J. Anderson. 2003. Optical fault induction attacks. In Cryptographic Hardware and Embedded Systems—CHES 2002. Lecture Notes in Computer Science, Vol. 2523. Springer, 2--12. http://dl.acm.org/citation.cfm?id=648255.752727

Digital Library

[26]

C. Tarnovsky. 2008. How to Reverse-Engineer a Satellite TV Smart Card. Retrieved October 26, 2016, from https://www.youtube.com/watch?v=tnY7UVyaFiQ.

[27]

F. Wang and V. D. Agrawal. 2008. Single event upset: An embedded tutorial. In Proceedings of the 21st International Conference on VLSI Design (VLSID’08). 429--434.

Digital Library

Cited By

Lima RViera RDutertre JRibotta APommies MBertrand A(2022)Target Preparation Methodology for Semi-Invasive Attacks on Microcontrollers2022 IEEE Physical Assurance and Inspection of Electronics (PAINE)10.1109/PAINE56030.2022.10014827(1-7)Online publication date: 25-Oct-2022
https://doi.org/10.1109/PAINE56030.2022.10014827
Botero UWilson RLu HRahman MMallaiyan MGanji FAsadizanjani NTehranipoor MWoodard DForte D(2021)Hardware Trust and Assurance through Reverse Engineering: A Tutorial and Outlook from Image Analysis and Machine Learning PerspectivesACM Journal on Emerging Technologies in Computing Systems10.1145/346495917:4(1-53)Online publication date: 30-Jun-2021
https://dl.acm.org/doi/10.1145/3464959
Pomeranz IKundu S(2020)Reduced Fault Coverage as a Target for Design Scaffolding Security2020 IEEE 26th International Symposium on On-Line Testing and Robust System Design (IOLTS)10.1109/IOLTS50870.2020.9159706(1-6)Online publication date: Jul-2020
https://doi.org/10.1109/IOLTS50870.2020.9159706

Index Terms

Frontside Versus Backside Laser Injection: A Comparative Study
1. Hardware
  1. Very large scale integration design
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures

Recommendations

Fabrication of micro-optical elements in quartz by laser induced backside wet etching

Micro-optical elements in quartz with continuous profiles were fabricated by laser induced backside wet etching, where the quartz plate is in contact with an organic solution, that strongly absorbs UV laser light. The absorption of the laser light by ...
Transparent thin thermoplastic biochip by injection-moulding and laser transmission welding

Recently microfluidic devices have emerged as a viable technology for the miniaturization of high throughput tools for analytical tasks related to structural biology such as screening of crystallization conditions and structural analysis. This work ...
Fabrication of the monolithic polymer–metal microstructure by the backside exposure and electroforming technology
HARMST, High Aspect Ratio Micro Structure Technology Workshop, Gyenogju, Korea, 10-13 Jnue 2005 (This is the second of two issues)

Monolithic polymer–metal microstructures can be fabricated on the silicon or glass substrate using two kinds of photoresists and electroforming technologies for the inkjet and microfluidic application. However, it suffers from the high shrinkage problem ...

Comments

Information & Contributors

Information

Published In

cover image ACM Journal on Emerging Technologies in Computing Systems

ACM Journal on Emerging Technologies in Computing Systems Volume 13, Issue 1

Special Issue on Secure and Trustworthy Computing

January 2017

208 pages

ISSN:1550-4832

EISSN:1550-4840

DOI:10.1145/2917757

Editor:
Yuan Xie
University of California, Santa Barbara, USA

Issue’s Table of Contents

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 30 November 2016

Accepted: 01 September 2016

Revised: 01 June 2016

Received: 01 December 2014

Published in JETC Volume 13, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

ANR LIESSE

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
215
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)0

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lima RViera RDutertre JRibotta APommies MBertrand A(2022)Target Preparation Methodology for Semi-Invasive Attacks on Microcontrollers2022 IEEE Physical Assurance and Inspection of Electronics (PAINE)10.1109/PAINE56030.2022.10014827(1-7)Online publication date: 25-Oct-2022
https://doi.org/10.1109/PAINE56030.2022.10014827
Botero UWilson RLu HRahman MMallaiyan MGanji FAsadizanjani NTehranipoor MWoodard DForte D(2021)Hardware Trust and Assurance through Reverse Engineering: A Tutorial and Outlook from Image Analysis and Machine Learning PerspectivesACM Journal on Emerging Technologies in Computing Systems10.1145/346495917:4(1-53)Online publication date: 30-Jun-2021
https://dl.acm.org/doi/10.1145/3464959
Pomeranz IKundu S(2020)Reduced Fault Coverage as a Target for Design Scaffolding Security2020 IEEE 26th International Symposium on On-Line Testing and Robust System Design (IOLTS)10.1109/IOLTS50870.2020.9159706(1-6)Online publication date: Jul-2020
https://doi.org/10.1109/IOLTS50870.2020.9159706

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents