Journal of Cryptographic Engineering

, Volume 1, Issue 1, pp 71–77 | Cite as

Synchronization method for SCA and fault attacks

  • Sergei SkorobogatovEmail author
Regular Paper


This paper shows how effectiveness of side-channel and fault attacks can be improved for devices running from internal clock sources. Due to frequency instability of internally clocked chips, attacking them was always a great challenge. A significant improvement was achieved by using a frequency injection locking technique via the power supply line of a chip. As a result, the analysis of a semiconductor chip can be accomplished with less effort and in shorter time. Successful synchronization was demonstrated on a secure microcontroller and a secure FPGA. This paper presents research into limits for synchronization and discusses possible countermeasures against frequency injection attacks.


Side-channel attacks Hardware security Frequency injection locking Power analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO’99, Santa Barbara, USA. LNCS, vol. 1666, pp. 388–397. Springer-Verlag (1999)Google Scholar
  2. 2.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic analysis (EMA): measures and counter-measures for smard cards. In: Smart Card Programming and Security (E-smart 2001), Cannes, France. LNCS, vol. 2140, pp. 200–210. Springer-Verlag (2001)Google Scholar
  3. 3.
    Messerges, T., Dabbish, E., Sloan, R.: Investigations of Power Analysis Attacks on Smartcards. In: USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA (1999)Google Scholar
  4. 4.
    Mangard S., Oswald E., Popp T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New York (2007)zbMATHGoogle Scholar
  5. 5.
    Sauvage, L., Guilley, S., Mathieu, Y.: Electromagnetic radiations of FPGAs: high spatial resolution cartography and attack of a cryptographic module. ACM Trans. Reconfigurable Technol. Syst. (TRETS), 2(1) (2009)Google Scholar
  6. 6.
    Real, D., Canovas, C., Clediere, J., Drissi, M.: Defeating classical hardware countermesures: a new processing for side channel analysis. DATE2008, pp. 1274–1279 (2008)Google Scholar
  7. 7.
    Kafi, M., Guilley, S., Marcello, S., Naccache, D.: Deconvolving protected signals. ARES2009, pp. 687–694 (2009)Google Scholar
  8. 8.
    Ferrigno J., Hlava M.: When AES blinks: introducing optical side channel. IET Inf. Secur. 2(3), 94–98 (2008)CrossRefGoogle Scholar
  9. 9.
    Skorobogatov, S.: Using optical emission analysis for estimating contribution to power analysis. In: 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC-2009), pp. 111–119, Lausanne, Switzerland. IEEE-CS Press (2009)Google Scholar
  10. 10.
    Markettos, A.T., Moore, S.W.: The frequency injection attack on ring-oscillator-based true random number generators. In: Cryptographic Hardware and Embedded Systems Workshop (CHES-2009), Lausanne, Switzerland. LNCS, vol. 5747, pp. 317–331. Springer (2009)Google Scholar
  11. 11.
    Kommerling. O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA (1999)Google Scholar
  12. 12.
    RC Oscillator. Electronics-Tutorials. Accessed 21 Jan 2011
  13. 13.
    CMOS Oscillators. Fairchild Semiconductor. . Accessed 21 Jan 2011
  14. 14.
    Adler R.: A study of locking phenomena in oscillators. Proc. IRE Waves Electrons 34, 351–357 (1946)Google Scholar
  15. 15.
    Razavi, B.: A study of injection pulling and locking in oscillators. In: IEEE Custom Integrated Circuits Conference, pp. 305–312 (2003)Google Scholar
  16. 16.
    Texas Instruments MSP430C11x1, MSP430F11x1A Mixed Signal Microcontroller. Accessed 21 Jan 2011
  17. 17.
    Actel ProASIC3 Handbook. ProASIC3 Flash Family FPGAs. . Accessed 21 Jan 2011
  18. 18.
    PIC16F62X Data Sheet. Flash-Based 8-Bit CMOS Microcontroller. . Accessed 21 Jan 2011
  19. 19.
    Skorobogatov, S.: 2010 Flash memory ’Bumping’ attacks. In: Cryptographic Hardware and Embedded Systems Workshop (CHES-2010) Santa Barbara, USA. LNCS, vol. 6225, pp. 158–172. Springer (2010)Google Scholar

Copyright information

© Springer-Verlag 2011

Authors and Affiliations

  1. 1.University of Cambridge Computer LaboratoryCambridgeUK

Personalised recommendations