Review of laser and EM fault injection attacks into microcontrollers
Microcontrollers storing valuable data or using security functions are vulnerable to fault injection attacks. Among the various types of faults, instruction skips induced at runtime proved to be effective against identification routines or encryption algorithms. Until recently, most research papers assessed a fault model that consists in a single instruction skip, i.e. the ability to prevent one chosen instruction in a program from being executed. This seminar reports experimental results that extend the complexity and versatility of the instruction-skip fault model. It shows how using laser or EM fault injection makes it possible to induce several consecutive instructions skips or to skip instructions from different parts of a program. It focuses on results obtained on custom test circuits and general purpose microcontrollers at different technology nodes. An analysis of the involved injection mechanisms is also provided.
Prof. Jean-Max Dutertre received the M.S. and Ph. D. degrees in microelectronics from the University of Science of Montpellier, France, in 1998 and 2002, respectively. He is head of the Secured Architectures and Systems (SAS) research department of Mines Saint-Etienne from Institut Mines-Télécom, which is part of a joint R&D team with the CEA Leti. His research interests are with hardware attack techniques and the design of the related counter-measures (either hardware or software). He has been studying fault injection attacks of secure integrated circuits for 15 years.