Abstract
In the realm of fault injection (FI), electromagnetic fault injection (EMFI) attacks have garnered significant attention, particularly for their effectiveness against embedded systems with minimal setup. These attacks exploit vulnerabilities with ease, underscoring the importance of comprehensively understanding EMFI. Recent studies have highlighted the impact of EMFI on phase-locked loops (PLLs), uncovering specific clock glitches that induce faults. However, these studies lack a detailed explanation of how these glitches translate into a specific fault model. Addressing this gap, our research investigates the physical fault model of synchronous clock glitches (SCGs), a clock glitch injection mechanism likely to arise from EMFI interactions within the clock network. Through an integrated approach combining experimental and simulation techniques, we critically analyze the adequacy of existing fault models, such as the Timing Fault Model and the Sampling Fault Model, in explaining SCGs. Our findings reveal specific failure modes in D flip-flops (DFFs), contributing to a deeper understanding of EMFI effects and aiding in the development of more robust defensive strategies against such attacks.
References
7 Series FPGAs Clocking Resources. https://docs.xilinx.com/v/u/en-US/ug472_7Series_Clocking
Eldo Platform. https://eda.sw.siemens.com/en-US/ic/eldo/
Agoyan, M., Dutertre, J.-M., Naccache, D., Robisson, B., Tria, A.: When clocks fail: on critical paths and clock faults. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 182–193. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12510-2_13
Chen, D., et al.: A comprehensive approach to modeling, characterizing and optimizing for metastability in FPGAs. In: Proceedings of the 18th Annual ACM/SIGDA International Symposium on Field Programmable Gate Arrays (FPGA), pp. 167–176 (2010)
Claudepierre, L., Besnier, P.: Microcontroller sensitivity to fault-injection induced by near-field electromagnetic interference. In: APEMC - Asia-Pacific International Symposium on Electromagnetic Compatibility, Sapporo, Japan, pp. 1–4 (2019)
Claudepierre, L., Péneau, P.-Y., Hardy, D., Rohou, E.: TRAITOR: a low-cost evaluation platform for multifault injection. In: Meng, W., Li, L. (eds.) ASSS 2021: Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems, Virtual Event, Hong Kong, pp. 51–56. ACM (2021)
Dehbaoui, A., Dutertre, J.-M., Robisson, B., Tria, A.: Electromagnetic transient faults injection on a hardware and a software implementations of AES. In: Bertoni, G., Gierlichs, B., (eds.) Workshop on Fault Diagnosis and Tolerance in Cryptography, Leuven, Belgium, pp. 7–15. IEEE Computer Society (2012)
Dumont, M., Lisart, M., Maurine, P.: Electromagnetic fault injection: how faults occur. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2019, Atlanta, GA, USA, pp. 9–16. IEEE (2019)
Dumont, M., Lisart, M., Maurine, P.: Modeling and simulating electromagnetic fault injection. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 40(4), 680–693 (2021)
Gicquel, A., Hardy, D., Heydemann, K., Rohou, E.: SAMVA: static analysis for multi-fault attack paths determination. In: Kavun, E.B., Pehl, M. (eds.) COSADE 2023. LNCS, vol. 13979, pp. 3–22. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-29497-6_1
Giechaskiel, I., Rasmussen, K.B., Eguro, K.: Leaky wires: information leakage and covert communication between FPGA long wires. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018, pp. 15–27. Association for Computing Machinery, New York (2018)
Khuat, V., Danger, J.-L., Dutertre, J.-M.: Laser fault injection in a 32-bit microcontroller: from the flash interface to the execution pipeline. In: 18th Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2021, Milan, Italy, pp. 74–85. IEEE (2021)
Liao, H., Gebotys, C.H.: Methodology for EM fault injection: charge-based fault model. In: Teich, J., Fummi, F. (eds.) Design, Automation & Test in Europe Conference & Exhibition, DATE 2019, Florence, Italy, pp. 256–259. IEEE (2019)
Maurine, P.: Techniques for EM fault injection: equipments and experimental results. In: Bertoni, G., Gierlichs, B. (eds.) Workshop on Fault Diagnosis and Tolerance in Cryptography, Leuven, Belgium, pp. 3–4. IEEE Computer Society (2012)
Nabhan, R., Dutertre, J.-M., Rigaud, J.-B., Danger, J.-L., Sauvage, L.: Highlighting two EM fault models while analyzing a digital sensor limitations. In: 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1–2 (2023)
Ordas, S., Guillaume-Sage, L., Maurine, P.: Electromagnetic fault injection: the curse of flip-flops. J. Cryptogr. Eng. 7(3), 183–197 (2017)
Péneau, P.-Y., Claudepierre, L., Hardy, D., Rohou, E.: NOP-oriented programming: should we care? In: IEEE European Symposium on Security and Privacy Workshops, EuroS &P Workshops 2020, Genoa, Italy, pp. 694–703. IEEE (2020)
Roscian, C., Dutertre, J.-M., Tria, A.: Frontside laser fault injection on cryptosystems - application to the AES’ last round -. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 119–124 (2013)
Selmane, N., Guilley, S., Danger, J.-L.: Practical setup time violation attacks on AES. In: Seventh European Dependable Computing Conference, EDCC-7 2008, Kaunas, Lithuania, pp. 91–96. IEEE Computer Society (2008)
Timmers, N., Spruyt, A., Witteman, M.: Controlling PC on ARM using fault injection. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2016, Santa Barbara, CA, USA, pp. 25–35. IEEE Computer Society (2016)
Tollec, S., Asavoae, M., Couroussé, D., Heydemann, K., Jan, M.: Exploration of fault effects on formal RISC-V microarchitecture models. In: Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2022, Virtual Event/Italy, pp. 73–83. IEEE (2022)
Trouchkine, T., Bouffard, G., Clédière, J.: Fault injection characterization on modern CPUs. In: Laurent, M., Giannetsos, T. (eds.) WISTP 2019. LNCS, vol. 12024, pp. 123–138. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41702-4_8
Trouchkine, T., Bouffard, G., Clédière, J.: EM fault model characterization on SoCs: from different architectures to the same fault model. In: 18th Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2021, Milan, Italy, pp. 31–38. IEEE (2021)
Trouchkine, T., Bukasa, S.K., Escouteloup, M., Lashermes, R., Bouffard, G.: Electromagnetic fault injection against a complex CPU, toward new micro-architectural fault models. J. Cryptogr. Eng. 11(4), 353–367 (2021)
Yuan, S.-Y., Wu, Y.-L., Perdriau, R., Liao, S.-S., Ho, H.-P.:. Electromagnetic interference analysis using an embedded phase-lock loop. In: Asia-Pacific Symposium on Electromagnetic Compatibility, pp. 189–192 (2012)
Yuce, B., Schaumont, P., Witteman, M.: Fault attacks on secure embedded software: threats, design, and evaluation. J. Hardw. Syst. Secur. 2(2), 111–130 (2018)
Zhang, M., Li, H., Liu, Q.: Deep exploration on fault model of electromagnetic pulse attack. IEEE Trans. Nanotechnol. 21, 598–605 (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Marotta, A., Lashermes, R., Bouffard, G., Sentieys, O., Dafali, R. (2024). Characterizing and Modeling Synchronous Clock-Glitch Fault Injection. In: Wacquez, R., Homma, N. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2024. Lecture Notes in Computer Science, vol 14595. Springer, Cham. https://doi.org/10.1007/978-3-031-57543-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-57543-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57542-6
Online ISBN: 978-3-031-57543-3
eBook Packages: Computer ScienceComputer Science (R0)