Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Adjusting laser injections for fully
controlled faults
Franck Courbon1,2, Philippe Loubet-Moundi1,
Jacques Fournier3, Assia Tria3
1 GEMALTO, Security Labs, @ La Ciotat, France
2 Ecole des Mines de Saint-Etienne, CMP-GC/LSAS, @ Gardanne, France
3 CEA, CEA Tech Region, DPACA/LSAS, @ Gardanne, France,
Tuesday 15th April 2014
COSADE 2014
COSADE 2013 Fault Analysis Attack session
2 Adjusting laser injections for fully controlled faults
COSADE 2013 Fault Analysis Attack session
3 Adjusting laser injections for fully controlled faults
COSADE 2013 Fault Analysis Attack session
4 Adjusting laser injections for fully controlled faults
COSADE 2013 Fault Analysis Attack session
5 Adjusting laser injections for fully controlled faults
COSADE 2013 Fault Analysis Attack session
6 Adjusting laser injections for fully controlled faults
COSADE 2013 Fault Analysis Attack session
7 Adjusting laser injections for fully controlled faults
COSADE 2013 Fault Analysis Attack session
8 Adjusting laser injections for fully controlled faults
Fault Models in real life
9 Adjusting laser injections for fully controlled faults
Fault Models in real life
10 Adjusting laser injections for fully controlled faults
AGENDA
Trends and Motivations
Equipment & Technology
Results
Laser fault correlation with physical transistors implementation
Results summary and conclusion
11 Adjusting laser injections for fully controlled faults
Trends and Motivations
12 Adjusting laser injections for fully controlled faults
13 Adjusting laser injections for fully controlled faults
Optical Fault Injection trends
13 Adjusting laser injections for fully controlled faults
Skorobogatov
1200nm
~20µmx20µm (6T)
~10µm
CHES 2002
SRAM cell
size
Spot size
Techno
node
14 Adjusting laser injections for fully controlled faults
Optical Fault Injection trends
14 Adjusting laser injections for fully controlled faults
Roscian & Al.
250nm
9µmx4µm (5T)
~1µm
Skorobogatov
1200nm
~20µmx20µm (6T)
~10µm
CHES 2002 COSADE 2013
SRAM cell
size
Spot size
Techno
node
15 Adjusting laser injections for fully controlled faults
Optical Fault Injection trends
15 Adjusting laser injections for fully controlled faults
Roscian & Al.
250nm
9µmx4µm (5T)
~1µm
Skorobogatov
1200nm
~20µmx20µm (6T)
~10µm
CHES 2002 COSADE 2013 COSADE 2014
90nm
3µmx1.5µm (6T)
~1µm
SRAM cell
size
Spot size
Techno
node
16 Adjusting laser injections for fully controlled faults
Optical Fault Injection trends
16 Adjusting laser injections for fully controlled faults
Roscian & Al.
250nm
9µmx4µm (5T)
~1µm
Skorobogatov
1200nm
~20µmx20µm (6T)
~10µm
CHES 2002 COSADE 2013 COSADE 2014
90nm
3µmx1.5µm (6T)
~1µm
SRAM cell
size
Spot size
Techno
node
Standard Cell
(flip flop >20T)
3µmx9µm
Motivations
We target:
The synthesized logic of a recent technology chip
(90nm)
A gate with a large number of transistors (>20T)
A standard cell critical for security, flip flop gate
Key & data registers, internal coprocessor states
17 Adjusting laser injections for fully controlled faults
Motivations
We target:
The synthesized logic of a recent technology chip
(90nm)
A gate with a large number of transistors (>20T)
A standard cell critical for security, flip flop gate
Key & data registers, internal coprocessor states
Extented numbers of theoretical sensitivity
zones, complex simulation
18 Adjusting laser injections for fully controlled faults
Courtesy of Roscian & Al.
Equipment and technology
19 Adjusting laser injections for fully controlled faults
Flexible laser platform
Wavelength: 1064nm
Spot size: About 1µm
Energy : Dozens of nJ
Backside approach
50x objective
3-Axis stage with submicrometer resolution
20 Adjusting laser injections for fully controlled faults
Device under test and scenario
Techno node: 90nm
Open sample Write/read register
8 bits
“Static” perturbation of registers No timing considerations
After a global chip scanning with a large spot size and scan step, the register area is found
Laser parameters are adapted to get a maximum of generated photo-current and a single gate effect
Experiments performed on a restricted area
1µm step
Adjusting laser injections for fully controlled faults 21
1. Load data register
2. Perform laser shot
3. Read back register value
30µm
38µm
Results
22 Adjusting laser injections for fully controlled faults
Blue: ‘0’ to ‘1’ sensitive position, bit-set area
Orange: ‘1’ to ‘0’ sensitive position, bit-reset area
Gray: No effect
Forcing bits vs. laser spot location
23 Adjusting laser injections for fully controlled faults
Init at ‘‘0000 0000’’ Init at ‘‘1111 1111’’ Both mapping
30µm
38µm
Blue: ‘0’ to ‘1’ sensitive position, bit-set
Orange: ‘1’ to ‘0’ sensitive position, bit-reset
Gray: No effect
One shot over one position forces a bit to one distinct value
Forcing bits vs. laser spot location
24 Adjusting laser injections for fully controlled faults
Init at ‘‘0000 0000’’ Init at ‘‘1111 1111’’ Both mapping
30µm
38µm
Blue: ‘0’ to ‘1’ sensitive position
Orange: ‘1’ to ‘0’ sensitive position
Gray: No effect
Register initialized at ‘00001111’
Forcing bits by laser energy level
25 Adjusting laser injections for fully controlled faults
32nJ
Blue: ‘0’ to ‘1’ sensitive position
Orange: ‘1’ to ‘0’ sensitive position
Gray: No effect
Register initialized at ‘00001111’
Forcing bits by laser energy level
26 Adjusting laser injections for fully controlled faults
32nJ 13nJ
Blue: ‘0’ to ‘1’ sensitive position
Orange: ‘1’ to ‘0’ sensitive position
Gray: No effect
Register initialized at ‘00001111’
Forcing bits by laser energy level
27 Adjusting laser injections for fully controlled faults
32nJ 13nJ 10nJ
Blue: ‘0’ to ‘1’ sensitive position
Orange: ‘1’ to ‘0’ sensitive position
Gray: No effect
Register initialized at ‘00001111’
With a fine tuned energy, only ‘1’ to ‘0’ transitions are possible
Targeting the zone with this energy leads to clear the register
Forcing bits by laser energy level
28 Adjusting laser injections for fully controlled faults
32nJ 13nJ 10nJ
Laser fault correlation with physical
transistors implementation
29 Adjusting laser injections for fully controlled faults
As the laser effects are linked to the underlying hardware
implementation
Invasive approach to retrieve transistors/gate location
We get the transistors’ wells location
Getting physical transistors implementation
30 Adjusting laser injections for fully controlled faults
HF
PMOS and NMOS columns are highlighted
p-wells are larger than n-wells
Gate and spot area are also given
Highlighting laser and physical parameters
31
N P P N N P P N N P P N N P
Adjusting laser injections for fully controlled faults
We overlay the fault mapping and the SEM image
‘1 to 0’ transitions are present over NMOS transistors
‘0 to 1’ transitions are present over PMOS transistors
Fault correlation with transistors implementation
32 Adjusting laser injections for fully controlled faults
N P P N N P P N N P P N N P
PMOS/NMOS laser sensitivity difference
Gates orientation
Half of the bits have their bit-set sensitive part on the left of the bit-reset
sensitive part
More information can be obtained…
33 Adjusting laser injections for fully controlled faults
Conclusion & Future work
34 Adjusting laser injections for fully controlled faults
Conclusion
By adjusting laser location or energy level we can control with a
100% success rate bit values in a - 90nm - register
Our results shown a direct dependancy between fault model
injection and gate implementation
Single bit set and single bit reset must be considered for any
attack
35 Adjusting laser injections for fully controlled faults
Fault Models in real life
36 Adjusting laser injections for fully controlled faults
Fault Models in real life
37 Adjusting laser injections for fully controlled faults
Next step
How to find registers over the chip?
Poster paper to appear in the proceedings of HOST 2014:
“Increasing the efficiency of laser fault injections using fast
gate level reverse engineering”
by Franck Courbon, Philippe Loubet-Moundi, Jacques Fournier and Assia Tria
38 Adjusting laser injections for fully controlled faults
39
Thank you for your attention