Journal of Cryptology

, Volume 24, Issue 2, pp 247–268 | Cite as

Glitch and Laser Fault Attacks onto a Secure AES Implementation on a SRAM-Based FPGA

  • G. Canivet
  • P. Maistri
  • R. Leveugle
  • J. Clédière
  • F. Valette
  • M. RenaudinEmail author


Programmable devices are an interesting alternative when implementing embedded systems on a low-volume scale. In particular, the affordability and the versatility of SRAM-based FPGAs make them attractive with respect to ASIC implementations. FPGAs have thus been used extensively and successfully in many fields, such as implementing cryptographic accelerators. Hardware implementations, however, must be protected against malicious attacks, e.g. those based on fault injections. Protections have been usually evaluated on ASICs, but FPGAs can be vulnerable as well. This work presents thus fault injection attacks against a secured AES architecture implemented on a SRAM-based FPGA. The errors are injected during the computation by means of voltage glitches and laser attacks. To our knowledge, this is one of the first works dealing with dynamic laser fault injections. We show that fault attacks on SRAM-based FPGAs may behave differently with respect to attacks against ASIC, and they need therefore to be addressed by specific countermeasures, that are also discussed in this paper. In addition, we discuss the different effects obtained by the two types of attacks.

Key words

AES SRAM-based FPGA Power glitch Laser fault injections DDR 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    S.B. Örs, E. Oswald, B. Preneel, Power-analysis attacks on an FPGA—First experimental results, in Proceedings of the 13th International Conference on Field-Programmable Logic and Applications (2003), pp. 35–50 Google Scholar
  2. [2]
    K. Gandolfi, C. Mourtel, F. Olivier, Electromagnetic analysis: concrete results, in The Proceedings of Cryptographic Hardware and Embedded Systems (CHES 2001). Lecture Notes in Computer Science, vol. 2162 (Springer, Berlin, 2001), pp. 251–261 Google Scholar
  3. [3]
    D. Agrawal, B. Archambeault, J.R. Rao, P. Rohatgi, The EM Side-channel(s), in The Proceedings of Cryptographic Hardware and Embedded Systems (CHES 2002). Lecture Notes in Computer Science, vol. 2523 (Springer, Berlin, 2003), pp. 29–45 CrossRefGoogle Scholar
  4. [4]
    D. Carluccio, K. Lemke, C. Paar, Electromagnetic side channel analysis of a contactless smart card: First results, in The Workshop on RFID and Lightweight Crypto (RFIDSec05), Graz, Austria, July 13–15 (2005) Google Scholar
  5. [5]
    D. Boneh, R. DeMillo, R. Lipton, On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14, 101–119 (2001) CrossRefzbMATHMathSciNetGoogle Scholar
  6. [6]
    H. Bar El, H. Choukri, D. Naccache, M. Tunstall, C. Whelan, The sorcerer’s Apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006) CrossRefGoogle Scholar
  7. [7]
    G. Piret, J.-J. Quisquater, A differential fault attack technique against SPN structures, with application to the AES and Khazad, in Proc. Fifth Int’l Workshop Cryptographic Hardware and Embedded Systems (CHES ’03), vol. 2779 (2003), pp. 77–88 CrossRefGoogle Scholar
  8. [8]
    S.-M. Yen, S. Moon, J.-C. Ha, Hardware fault attack on RSA with CRT revisited, in Proceedings of the Information Security and Cryptology—ICISC 2002. Lecture Notes in Computer Science, vol. 2587 (Springer, Berlin, 2003), pp. 374–388 CrossRefGoogle Scholar
  9. [9]
    N. Selmane, S. Guilley, J.-L. Danger, Practical setup time violation attacks on AES, in Proceedings of the Seventh European Dependable Computing Conference (EDCC 2008), May (2008), pp. 91–96 CrossRefGoogle Scholar
  10. [10]
    S. Bhasin, J.-L. Danger, S. Guilley, N. Selmane, Security evaluation of different AES implementations against practical setup time violation attacks in FPGAs, in Proc. of the IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2009) (IEEE CS, Los Alamitos, 2009), pp. 15–21 CrossRefGoogle Scholar
  11. [11]
    N. Selmane, S. Bhasin, S. Guilley, T. Graba, J.-L. Danger, WDDL is protected against setup time violation attacks, in Proceedings of the 6th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009) (IEEE Computer Society, Los Alamitos, 2009), pp. 73–83 CrossRefGoogle Scholar
  12. [12]
    S.P. Skorobogatov, R.J. Anderson, Optical fault induction attacks, in Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop. Lecture Notes in Computer Science, vol. 2523 (Springer, Berlin, 2003), pp. 2–12 CrossRefGoogle Scholar
  13. [13]
    J.-M. Schmidt, M. Hutter, Optical and EM fault-attacks on CRT-based RSA: concrete results, in The Proceedings of the Austrochip 2007 (Springer, Berlin, 2007), pp. 61–67. ISBN:978-3-902465-87-0 Google Scholar
  14. [14]
    D.H. Habing, The use of lasers to simulate radiation-induced transients in semiconductor devices and circuits. IEEE Trans. Nucl. Sci. 39, 1647–1653 (1992) CrossRefGoogle Scholar
  15. [15]
    V. Maingot, J.B. Ferron, R. Leveugle, V. Pouget, A. Douin, Configuration errors analysis in SRAM-based FPGAs: software tool and practical results. Microelectron. Reliab. 47(9–11), 1836–1840 (2007) Google Scholar
  16. [16]
    G. Canivet, J. Clédière, J.B. Ferron, F. Valette, M. Renaudin, R. Leveugle, Detailed analyses of single laser shot effects in the configuration of a Virtex-II FPGA, in International On-Line Testing Symposium (IOLTS’08) (2008), pp. 289–294 CrossRefGoogle Scholar
  17. [17]
    V. Pouget, A. Douin, G. Foucard, P. Peronnard, D. Lewis, P. Fouillat, R. Velazco, Dynamic testing of an SRAM-based FPGA by time-resolved laser fault injection, in International On-Line Testing Symposium (IOLTS’08) (2008), pp. 295–201 CrossRefGoogle Scholar
  18. [18]
    National Institute of Standards and Technology (NIST), FIPS-197: Advanced Encryption Standard, Nov. 2001 Google Scholar
  19. [19]
    K. Wu, R. Karri, Idle cycles based concurrent error detection of rc6 encryption, in Proceedings of the 16th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT ’01) (2001), pp. 200–205 Google Scholar
  20. [20]
    P. Maistri, R. Leveugle, Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans. Comput. 57(11), 1528–1539 (2008) CrossRefMathSciNetGoogle Scholar
  21. [21]
    N. Pramstaller, S. Mangard, S. Dominikus, J. Wolkerstorfer, Efficient AES implementations on ASICs and FPGAs, in Proceedings of the Fourth International Conference on the Advanced Encryption Standard (AES ’04) (Springer, Berlin, 2004), pp. 98–112 Google Scholar
  22. [22]
    Xilinx, Virtex-II Platform FPGAs: Functional Description, Data Sheet DS031, module 2 of 4, November 5, 2007 Google Scholar
  23. [23]
    G. Canivet, R. Leveugle, J. Clédière, F. Valette, M. Renaudin, Characterization of effective laser spots during attacks in the configuration of a Virtex-II FPGA, in VLSI Test Symposium (VTS’09) (Springer, Berlin, 2009), pp. 327–332 Google Scholar
  24. [24]
    G. Di Natale, M. Doulcier, M.-L. Flottes, B. Rouzeyre, A reliable architecture for parallel implementations of the advanced encryption standard. J. Electron. Test. 25(4–5) (2009) Google Scholar

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  • G. Canivet
    • 1
    • 2
  • P. Maistri
    • 1
  • R. Leveugle
    • 1
  • J. Clédière
    • 2
  • F. Valette
    • 3
  • M. Renaudin
    • 4
    Email author
  1. 1.TIMA Laboratory (Grenoble INP, UJF, CNRS)GrenobleFrance
  2. 2.CESTI/CEA-LETIMinatecGrenoble Cedex 9France
  3. 3.DGA/CELARBruz CedexFrance
  4. 4.TiempoMontbonnot Saint MartinFrance

Personalised recommendations