Journal of Cryptographic Engineering

, Volume 7, Issue 3, pp 183–197 | Cite as

Electromagnetic fault injection: the curse of flip-flops

  • S. Ordas
  • L. Guillaume-Sage
  • P. Maurine
Regular Paper


Electromagnetic (EM) waves have been recently pointed out as a medium for fault injection within integrated circuits (IC). Indeed, it has been experimentally demonstrated that an EM pulse (EMP), produced with a high-voltage pulse generator and an injector similar to that used to perform EM analyses, was susceptible to create faults exploitable from a cryptanalysis viewpoint. An analysis of the induced faults revealed that they originated from timing constraint violations. In this context, this paper demonstrates that EM injection, performed with enhanced injectors, can produce not only timing faults but also bit-set and bit-reset faults on an IC at rest. This first result clearly extends the range of the threats associated with EM fault injection. It then demonstrates, considering two different ICs under operation: an FPGA and a modern microcontroller, that faults produced by EMP injection are not timing faults but correspond to a different model which is presented in this paper. This model allows to explain experimental results introduced in all former communications.


Physical attacks Fault attacks EM injection EM susceptibility Model 


  1. 1.
    Bayon, P., Bossuet, L., Aubert, A., Fischer, V., Poucheret, F., Robisson, B., Maurine, P.: Contactless electromagnetic active attack on ring oscillator based true random number generator. In: COSADE, pp. 151–166 (2012)Google Scholar
  2. 2.
    Dehbaoui, A., Dutertre, J.-M., Robisson, B., Orsatelli, P., Maurine, P., Tria, A.: Injection of transient faults using electromagnetic pulses—practical results on a cryptographic system. IACR Cryptol. ePrint Arch. 2012, 123 (2012)Google Scholar
  3. 3.
    Dehbaoui, A., Dutertre, J.-M., Robisson, B., Tria, A.: Electromagnetic transient faults injection on a hardware and a software implementations of AES. In: FDTC, pp. 7–15 (2012)Google Scholar
  4. 4.
    Joye, M., Tunstall, M.: Fault Analysis in Cryptography. Springer (2012)Google Scholar
  5. 5.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer, Secaucus (2007)MATHGoogle Scholar
  6. 6.
    Maurine, P.: Techniques for EM fault injection: equipments and experimental results. In: FDTC, pp. 3–4 (2012)Google Scholar
  7. 7.
    Omarouayache, R., Raoult, J., Jarrix, S., Chusseau, L., Maurine, P.: Magnetic microprobe design for EM fault attackmagnetic microprobe design for EM fault attack. In: EMC Europe (2013)Google Scholar
  8. 8.
    Poucheret, F., Tobich, K., Lisart, M., Chusseau, L., Robisson, B., Maurine, P.: Local and direct EM injection of power into CMOS integrated circuits. In: FDTC, pp. 100–104 (2011)Google Scholar
  9. 9.
    Quisquater, J., Samyde, D.: Eddy current for magnetic analysis with active sensor. In: Proceedings of ESmart 2002, pp. 185–194 (2002)Google Scholar
  10. 10.
    Schmidt, J.-M., Hutter, M.: Optical and em fault-attacks on CRT-based RSA: concrete results. In Karl C. Posch, J.W. (ed.) Proceedings of 15th Austrian Workhop on Microelectronics (Austrochip’07), Graz, pp. 61–67 (2007)Google Scholar
  11. 11.
    Selmane, N., Guilley, S., Danger, J.-L.: Practical setup time violation attacks on AES. In: Seventh European Dependable Computing Conference (EDCC’08), pp. 91–96 (2008)Google Scholar
  12. 12.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: CHES. Springer Berlin Heidelberg, pp. 2–12 (2002)Google Scholar
  13. 13.
    Tobich, K., Maurine, P., Liardet, P.-Y., Lisart, M., Ordas, T.: Voltage spikes on the substrate to obtain timing faults. In: DSD, pp. 483–486 (2013)Google Scholar
  14. 14.
    Zussa, L., Dehbaoui, A., Tobich, K., Dutertre, J.-M., Maurine, P., Guillaume-Sage, L., Clédière, J., Tria, A.: Efficiency of a glitch detector against electromagnetic fault injection. In: DATE, pp. 1–6 (2014)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.LIRMMUniversité Montpellier IIMontpellier Cedex 5France
  2. 2.CEA Commissariat à l’Énergie Atomique et aux Énergies AlternativesGardanneFrance

Personalised recommendations