Glitch It If You Can: Parameter Search Strategies for Successful Fault Injection

  • Rafael Boix CarpiEmail author
  • Stjepan Picek
  • Lejla Batina
  • Federico Menarini
  • Domagoj Jakobovic
  • Marin Golub
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8419)


Fault analysis poses a serious threat to embedded security devices, especially smart cards. In particular, modeling faults and finding effective practical approaches that are also generic is considered to be of interest for smart card industry. In this work we propose a novel methodology to deal with a difficult question of choosing multiple parameters required for effective faults. To this aim, we investigate several algorithms and find a new promising direction using evolutionary computation. Our experimental results on some of the smart cards used today show the potential of this new approach. Our best algorithm is a tailored search strategy especially developed for the purpose of finding the best choice of parameters for glitching. With this approach we found some of off-the-shelf devices, although secured against this type of attacks, still vulnerable.


Fault analysis Glitches Smart cards Self-adaptive algorithms Evolutionary computation 



This work was supported in part by the Technology Foundation STW (project 12624 - SIDES), The Netherlands Organization for Scientific Research NWO (project ProFIL 628.001.007) and the ICT COST action IC1204 TRUDEVICE.


  1. 1.
    Anderson, R., Kuhn, M., A, E.U.S.: Tamper resistance – a cautionary note. In: Proceedings of the Second Usenix Workshop on Electronic Commerce, pp. 1–11 (1996)Google Scholar
  2. 2.
    Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, WOST’99, Berkeley, CA, USA, p. 2. USENIX Association (1999)Google Scholar
  3. 3.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) Google Scholar
  4. 4.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): measures and counter-measures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001) Google Scholar
  5. 5.
    Boneh, D., DeMillo, R., Lipton, R.: New threat model breaks crypto codes. Bellcore 85 Press Release (1996)Google Scholar
  6. 6.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997) Google Scholar
  7. 7.
    Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: Kaliski Jr, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003) Google Scholar
  8. 8.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003) Google Scholar
  9. 9.
    van Woudenberg, J., Witteman, M., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 91–99 (2011)Google Scholar
  10. 10.
    Balasch, J., Gierlichs, B., Verbauwhede, I.: An In-depth and Black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Proceedings of the 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC ’11, Washington, DC, USA, pp. 105–114. IEEE Computer Society (2011)Google Scholar
  11. 11.
    Weise, T.: Global Optimization Algorithms Theory and Application (2009).
  12. 12.
    Jakobovic, D., et al.: Evolutionary computation framework, January 2013.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Rafael Boix Carpi
    • 1
    Email author
  • Stjepan Picek
    • 2
    • 3
  • Lejla Batina
    • 2
  • Federico Menarini
    • 1
  • Domagoj Jakobovic
    • 3
  • Marin Golub
    • 3
  1. 1.Riscure BVDelftThe Netherlands
  2. 2.Radboud University NijmegenNijmegenThe Netherlands
  3. 3.Faculty of Electrical Engineering and ComputingZagrebCroatia

Personalised recommendations