Advertisement

Optical Fault Induction Attacks

  • Sergei P. Skorobogatov
  • Ross J. Anderson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2523)

Abstract

We describe a new class of attacks on secure microcontrollers and smartcards. Illumination of a target transistor causes it to conduct, thereby inducing a transient fault. Such attacks are practical; they do not even require expensive laser equipment. We have carried them out using a flashgun bought second-hand from a camera store for $30 and with an $8 laser pointer. As an illustration of the power of this attack, we developed techniques to set or reset any individual bit of SRAM in a microcontroller. Unless suitable countermeasures are taken, optical probing may also be used to induce errors in cryptographic computations or protocols, and to disrupt the processor’s control flow. It thus provides a powerful extension of existing glitching and fault analysis techniques. This vulnerability may pose a big problem for the industry, similar to those resulting from probing attacks in the mid-1990s and power analysis attacks in the late 1990s.

We have therefore developed a technology to block these attacks. We use self-timed dual-rail circuit design techniques whereby a logical 1 or 0 is not encoded by a high or low voltage on a single line, but by (HL) or (LH) on a pair of lines. The combination (HH) signals an alarm, which will typically reset the processor. Circuits can be designed so that single-transistor failures do not lead to security failure. This technology may also make power analysis attacks very much harder too.

Keywords

Smart Card Block Cipher Transient Fault SRAM Cell Power Analysis Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    R.J. Anderson, M.G. Kuhn, “Low Cost Attacks on Tamper Resistant Devices”, in M. Lomas et al. (ed.), Security Protocols, 5th International Workshop, Paris, France, April 7–9, 1997Google Scholar
  2. 2.
    R.J. Anderson, “Security Engineering — A Guide to Building Dependable Distributed Systems”, Wiley 2001Google Scholar
  3. 3.
    D. Boneh, R.A. DeMillo, R.J. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults, Advances in Cryptology — Eurocrypt 97”, Springer LNCS vol 1233 pp 37–51Google Scholar
  4. 4.
    D.H. Habing, “Use of Laser to Simulate Radiation-induced Transients In Semiconductors and Circuits”, IEEE Trans. Nuc. Sci., Vol NS-12, No 6, pp 91–100, Dec. 1965CrossRefGoogle Scholar
  5. 5.
    A.H. Johnston, “Charge Generation and Collection in p-n Junctions Excited with Pulsed Infrared Lasers”, IEEE Trans. Nuc. Sci., Vol NS-40, No 6, pp 1694–1702, 1993CrossRefMathSciNetGoogle Scholar
  6. 6.
    P. Kocher, “Differential Power Analysis”, Advances in Cryptology — Crypto 99, Springer LNCS vol 1666 pp 388–397CrossRefGoogle Scholar
  7. 7.
    “Handbook of Optical Constants of Solids”, edited by Edward D. Palik, Orlando: Academic Press, 1985, pp 547–569Google Scholar
  8. 8.
    J.M. Rabaey, “Digital Integrated Circuits: A Design Perspective”, Prentice-Hall, 1995Google Scholar
  9. 9.
    K. Yun, “Memory”, UC San Diego, Adapted from EE271 notes, Stanford University, http://paradise.ucsd.edu/class/ece165/notes/lecC.pdf
  10. 10.
    J.J. Quisquater, D. Samyde, “ElectroMagnetic Analysis (EMA): Measures and Countermeasures for Smart Cards”, International Conference on Research in Smart Cards, E-smart 2001, Cannes, France, pp 200–210, Sept. 2001Google Scholar
  11. 11.
    S.W. Moore, R.J. Anderson, P. Cunningham, R. Mullins, G. Taylor, “Improving Smartcard Security using Self-Timed Circuits”, Asynch 2002, proceedings published by IEEE Computer Society PressGoogle Scholar
  12. 12.
    S.W. Moore, R.J. Anderson, M.G. Kuhn, “Improving Smartcard Security using Self-Timed Circuit Technology”, Fourth AciD-WG Workshop, Grenoble, ISBN 2-913329-44-6, 2000Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Sergei P. Skorobogatov
    • 1
  • Ross J. Anderson
    • 1
  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeUK

Personalised recommendations