Idea: Embedded Fault Injection Simulator on Smartcard

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8364)


Smartcard implementations are prone to perturbation attacks that consist in changing the normal behavior of components in order to create exploitable errors. Perturbation attacks could be realized by different means such as laser beams involving costly and complex injection platforms. In the context of black box or grey box evaluation, there is a strong necessity of identifying fault injection vulnerabilities in developed products. This is why we propose to integrate the injection mechanism straight into the smartcard project. The embedded fault simulator program is thus integrated with the chip software and its effects can be analyzed by side-channel observations, which is not the case with any existing fault simulators. In this paper, we present this new concept and its architectural design. We show then how to implement the simulator on a real smartcard product. Finally, to validate this approach, we study the functional and side-channel impact of fault injection on a standard algorithm provided by the host smartcard.


Fault injection simulation fault attack smartcard embedded secure software 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Sauvage, L., Danger, J., Guilley, S., Homma, N., Hayashi, Y.-I.: Advanced Analysis of Faults Injected Through Conducted Intentional Electromagnetic Interferences. IEEE Transactions on Electromagnetic Compatibility 55(3), 589–596 (2013)CrossRefGoogle Scholar
  4. 4.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Coron, J.-S., Kocher, P.C., Naccache, D.: Statistics and Secret Leakage. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 157–173. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Hartog, J., Verschuren, J., Vink, E., Vos, J., Wiersma, W.: PINPAS: A Tool for Power Analysis of Smartcards. In: Security and Privacy in the Age of Uncertainty. IFIP, vol. 122, pp. 453–457. Springer, US (2003)CrossRefGoogle Scholar
  8. 8.
    Skorobogatov, S.: Optical Fault Masking Attacks. In: FDTC, pp. 23–29. IEEE Computer Society (2010)Google Scholar
  9. 9.
    Berthomé, P., Heydemann, K., Kauffmann-Tourkestansky, X., Lalande, J.-F.: High Level Model of Control Flow Attacks for Smart Card Functional Security. In: ARES, pp. 224–229. IEEE Computer Society (2012)Google Scholar
  10. 10.
    Grinschgl, J., Aichinger, T., Krieg, A., Steger, C., Weiss, R., Bock, H., Haid, J.: Automatized Fault Attack Emulation for Penetration Testing. In: 12th International Common Criteria Conference (2011)Google Scholar
  11. 11.
    Kosuri, V.K., Fazal, N.: FPGA Modeling of Fault-Injection Attacks on Cryptographic Devices. IJERA 3, 937–943 (2013)Google Scholar
  12. 12.
    Machemie, J.-B., Mazin, C., Lanet, J.-L., Cartigny, J.: SmartCM a smart card fault injection simulator. In: WIFS, pp. 1–6. IEEE (2011)Google Scholar
  13. 13.
    ISO/IEC 7816-4 Identification cards – Integrated circuit cards – Part 4: Organization, security and commands for interchange(2013)Google Scholar
  14. 14.
    Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., Encrenaz, E.: Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller. In: FDTC, pp. 77–88. IEEE (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.SAFRAN MorphoFrance
  2. 2.Identity & Security Alliance (The Morpho and Télécom ParisTech Research Center)Télécom ParisTechFrance

Personalised recommendations