The continuous scaling of VLSI technology and the possibility to run circuits in subthreshold voltage range make it possible to implement standard cryptographic primitives within the very limited circuit and power budget of radio frequency identification (RFID) devices. However, such cryptographic implementations raise concerns regarding their vulnerability to both active and passive side-channel attacks. In particular, when focusing on RFID targeted designs, it is important to evaluate their resistance against low-cost physical attacks. A low-cost fault injection attack can be mounted, for example, by lowering the supply voltage of the chip with the goal of causing setup time violations. In this paper, we provide an in-depth characterization of a chip implementation of the AES cipher. The chip has been designed using a 65-nm low-power standard cell library and operates in a subthreshold voltage range. We first show that it is possible to inject faults (through lowering the supply voltage) compliant with the fault models required to perform attacks against the AES cipher. We then investigate the possibility of predicting, at design time, which parts of the chip are more likely to be sensitive to such fault injection attacks and produce the desirable (from the point of view of the attacker) faulty behavior. Identifying such sensitive logic signals allows us to suggest to the designer a tailored countermeasure strategy for thwarting these attacks, with a minimal impact on the circuit's performance.

A combined design-time/test-time study of the vulnerability of sub-threshold devices to low voltage fault attacks

BARENGHI, ALESSANDRO;
2014-01-01

Abstract

The continuous scaling of VLSI technology and the possibility to run circuits in subthreshold voltage range make it possible to implement standard cryptographic primitives within the very limited circuit and power budget of radio frequency identification (RFID) devices. However, such cryptographic implementations raise concerns regarding their vulnerability to both active and passive side-channel attacks. In particular, when focusing on RFID targeted designs, it is important to evaluate their resistance against low-cost physical attacks. A low-cost fault injection attack can be mounted, for example, by lowering the supply voltage of the chip with the goal of causing setup time violations. In this paper, we provide an in-depth characterization of a chip implementation of the AES cipher. The chip has been designed using a 65-nm low-power standard cell library and operates in a subthreshold voltage range. We first show that it is possible to inject faults (through lowering the supply voltage) compliant with the fault models required to perform attacks against the AES cipher. We then investigate the possibility of predicting, at design time, which parts of the chip are more likely to be sensitive to such fault injection attacks and produce the desirable (from the point of view of the attacker) faulty behavior. Identifying such sensitive logic signals allows us to suggest to the designer a tailored countermeasure strategy for thwarting these attacks, with a minimal impact on the circuit's performance.
2014
AES; design simulation; fault attacks; Setup time violation; Computer Science (miscellaneous);
File in questo prodotto:
File Dimensione Formato  
main.pdf

Accesso riservato

: Publisher’s version
Dimensione 1.89 MB
Formato Adobe PDF
1.89 MB Adobe PDF   Visualizza/Apri
A Combined Design Time-Test Time Study_11311-1003711_Barenghi.pdf

accesso aperto

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 481.16 kB
Formato Adobe PDF
481.16 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1003711
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 9
social impact