Laser-Induced fault Effects in Security-dedicated circuitS – LIESSE

Many aspects of our current life rely on the exchange of data through electronic media. Powerful encryption algorithms guarantee the security, privacy and authentication of these exchanges. Nevertheless, those algorithms are implemented in electronic devices that may be the target of attacks despite their proven robustness. Several means of attacking integrated circuits are reported in the literature (for instance analysis of the computation time [1], of the correlation between the processed data and the current consumption [2][3], of electromagnetic emanation, of the noise caused by the emitted photons, etc.). Among them, laser illumination of the device has been reported to be one important and effective mean to perform attacks. The principle is to illuminate the circuit by mean of a laser and then to induce a faulty behavior. For instance, in so-called Differential Fault Analysis (DFA) [4], an attacker can deduce the secret key used in the crypto-algorithms by comparing the faulty result and the correct one. Other types of attacks exist, also based on fault injection but not requiring a differential analysis; the safe error attacks or clocks attacks are such examples. In all cases, the need for an initial perturbation, well-controlled in space and time, is similar thus the interest for the laser-based perturbations.
Several papers have been published on such attacks, but mainly from a theoretical perspective i.e. by assuming some characteristics of the errors due to the injected faults. For instance, if it is supposed that one is able to change the value of a given bit at a given moment, then it is shown that it is possible to derive the secret key used during an encryption. Conversely, relatively few studies have shown the actual possibility to inject such appropriate faults in a circuit (i.e. with the expected characteristics) and especially onto deep-submicron technology circuits (65 nm, 40nm and 22 nm technologies).
The main goals of this project are 1/ to study and model the effect of laser shots onto submicronic circuits and 2/ to provide efficient tools to circuit designers to prevent such laser attacks.
For that, a first sub-goal is to model the effect of laser shots onto deep submicron integrated circuits and to derive electrical and logico-temporal fault models that can be used in a design flow.
A second goal of this project is to develop tools helping the designers to validate their solutions against laser injections without neither actually having access to expensive laser equipment, nor to fabricate ICs. These tools will allow simulating the laser effects on the basis of the laser fault models developed within the project itself; the designers will thus benefit from the possibility to evaluate soon in the design flow the behavior of the systems with respect to the different parameters and variables highlighted during the experimentation campaigns. In order to accelerate the evaluation process, emulation will be taken into account: generic tools are already available at the partners and they will be refined and adapted to the results obtained during the project.
A third goal is to anticipate new attacks based on the effects on these advanced technologies and thus to propose counter-measures for near-future circuits.
A final objective of this project is the exploitation of the data collected during the experimental campaigns: the derived error models will be the basis for the definition of new attacks to secured cryptographic systems, potentially protected against the known threats. Countermeasures will be also suggested, in order to provide designers with a complete analysis toolbox for their designs, from the possible failure sources to the solutions to avoid them.