Abstract
This paper shows how effectiveness of side-channel and fault attacks can be improved for devices running from internal clock sources. Due to frequency instability of internally clocked chips, attacking them was always a great challenge. A significant improvement was achieved by using a frequency injection locking technique via the power supply line of a chip. As a result, the analysis of a semiconductor chip can be accomplished with less effort and in shorter time. Successful synchronization was demonstrated on a secure microcontroller and a secure FPGA. This paper presents research into limits for synchronization and discusses possible countermeasures against frequency injection attacks.
Similar content being viewed by others
References
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO’99, Santa Barbara, USA. LNCS, vol. 1666, pp. 388–397. Springer-Verlag (1999)
Quisquater, J.-J., Samyde, D.: ElectroMagnetic analysis (EMA): measures and counter-measures for smard cards. In: Smart Card Programming and Security (E-smart 2001), Cannes, France. LNCS, vol. 2140, pp. 200–210. Springer-Verlag (2001)
Messerges, T., Dabbish, E., Sloan, R.: Investigations of Power Analysis Attacks on Smartcards. In: USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA (1999)
Mangard S., Oswald E., Popp T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New York (2007)
Sauvage, L., Guilley, S., Mathieu, Y.: Electromagnetic radiations of FPGAs: high spatial resolution cartography and attack of a cryptographic module. ACM Trans. Reconfigurable Technol. Syst. (TRETS), 2(1) (2009)
Real, D., Canovas, C., Clediere, J., Drissi, M.: Defeating classical hardware countermesures: a new processing for side channel analysis. DATE2008, pp. 1274–1279 (2008)
Kafi, M., Guilley, S., Marcello, S., Naccache, D.: Deconvolving protected signals. ARES2009, pp. 687–694 (2009)
Ferrigno J., Hlava M.: When AES blinks: introducing optical side channel. IET Inf. Secur. 2(3), 94–98 (2008)
Skorobogatov, S.: Using optical emission analysis for estimating contribution to power analysis. In: 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC-2009), pp. 111–119, Lausanne, Switzerland. IEEE-CS Press (2009)
Markettos, A.T., Moore, S.W.: The frequency injection attack on ring-oscillator-based true random number generators. In: Cryptographic Hardware and Embedded Systems Workshop (CHES-2009), Lausanne, Switzerland. LNCS, vol. 5747, pp. 317–331. Springer (2009)
Kommerling. O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA (1999)
RC Oscillator. Electronics-Tutorials.http://www.electronicstutorials.ws/oscillator/rc_oscillator.html.. Accessed 21 Jan 2011
CMOS Oscillators. Fairchild Semiconductor. http://www12.fairchildsemi.com/an/AN/AN-118.pdf . Accessed 21 Jan 2011
Adler R.: A study of locking phenomena in oscillators. Proc. IRE Waves Electrons 34, 351–357 (1946)
Razavi, B.: A study of injection pulling and locking in oscillators. In: IEEE Custom Integrated Circuits Conference, pp. 305–312 (2003)
Texas Instruments MSP430C11x1, MSP430F11x1A Mixed Signal Microcontroller. http://focus.ti.com/lit/ds/symlink/msp430f1121a.pdf.. Accessed 21 Jan 2011
Actel ProASIC3 Handbook. ProASIC3 Flash Family FPGAs. http://www.actel.com/documents/PA3_DS.pdf . Accessed 21 Jan 2011
PIC16F62X Data Sheet. Flash-Based 8-Bit CMOS Microcontroller. http://ww1.microchip.com/downloads/en/DeviceDoc/40300C.pdf . Accessed 21 Jan 2011
Skorobogatov, S.: 2010 Flash memory ’Bumping’ attacks. In: Cryptographic Hardware and Embedded Systems Workshop (CHES-2010) Santa Barbara, USA. LNCS, vol. 6225, pp. 158–172. Springer (2010)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Skorobogatov, S. Synchronization method for SCA and fault attacks. J Cryptogr Eng 1, 71–77 (2011). https://doi.org/10.1007/s13389-011-0004-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-011-0004-0