Cheap and Cheerful: A Low-Cost Digital Sensor for Detecting Laser Fault Injection Attacks

  • Wei HeEmail author
  • Jakub Breier
  • Shivam Bhasin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10076)


Fault Injection Attacks (FIAs) have become a critical threat towards prevailing security embedded systems. FIA typically exploits the maliciously induced faults in security ICs for retrieving confidential internals. Since the faults are injected by disturbing circuit behaviors, FIA can possibly be detected in advance by integrating a sensitive sensor. In this paper, a full-digital detection logic against laser fault injection is proposed, which mainly consists of a high-frequency RO watchdog and a disturbance capture for sensing frequency ripples due to laser impact. Practical experiments on Virtex-5 FPGA show that the proposed sensor has fault detection rate of \(100\,\%\) for both regional and single CLB injection, protecting critical registers of PRESENT-80 cipher, with superior power/spatial security margin compared to a prior PLL-based sensor, while maintaining extremely low cost in hardware. The proposed logic is further applied to protect complete cipher over larger fabric, and the fine-grained fault injection using pulse laser shows a detection rate of \(94.20\,\%\), and an alarm rate of 2.63 : 1 in this experiment. Owing to its simple digital architecture, this system can be easily applied into any security-critical ICs.


Cryptography Embedded system Ring-oscillator Semi-invasive attack FPGA 


  1. 1.
    Amiel, F., Villegas, K., Feix, B., Marcel, L.: Passive and active combined attacks: combining fault attacks and side channel analysis. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2007, pp. 92–102. IEEE (2007)Google Scholar
  2. 2.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)CrossRefGoogle Scholar
  3. 3.
    Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). doi: 10.1007/BFb0052259 CrossRefGoogle Scholar
  5. 5.
    Binder, D., Smith, E.C., Holman, A.B.: Satellite anomalies from galactic cosmic rays. IEEE Trans. Nucl. Sci. 22(6), 2675–2680 (1975)CrossRefGoogle Scholar
  6. 6.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_31 CrossRefGoogle Scholar
  7. 7.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). doi: 10.1007/3-540-69053-0_4 Google Scholar
  8. 8.
    Endo, S., Li, Y., Homma, N., Sakiyama, K., Ohta, K., Aoki, T.: An efficient countermeasure against fault sensitivity analysis using configurable delay blocks. In: 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 95–102. IEEE (2012)Google Scholar
  9. 9.
    Hammouri, G., Akdemir, K., Sunar, B.: Novel PUF-based error detection methods in finite state machines. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 235–252. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00730-9_15 CrossRefGoogle Scholar
  10. 10.
    He, W., Breier, J., Bhasin, S., Miura, N., Nagata, M.: Ring oscillator under laser: potential of pll based countermeasure against laser fault injection. In: International Workshop on Fault Diagnosis and Tolerance in Cryptography 2016, pp. 1–12. IEEE, August 2016Google Scholar
  11. 11.
    Karri, R., Kuznetsov, G., Goessel, M.: Parity-based concurrent error detection of substitution-permutation network block ciphers. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 113–124. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45238-6_10 CrossRefGoogle Scholar
  12. 12.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_25 Google Scholar
  13. 13.
    Miura, N., Najm, Z., He, W., Bhasin, S., Ngo, X.T., Nagata, M., Danger, J.L.: Pll to the rescue: a novel em fault countermeasure. In: Proceedings of the 53rd Annual Design Automation Conference, p. 90. ACM (2016)Google Scholar
  14. 14.
    Moradi, A., Immler, V.: Early propagation and imbalanced routing, how to diminish in FPGAs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 598–615. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44709-3_33 Google Scholar
  15. 15.
    Saha, D., Mukhopadhyay, D., RoyChowdhury, D.: A diagonal fault attack on the advanced encryption standard. Cryptology ePrint Archive, Report 2009/581 (2009).
  16. 16.
    Pedro, M., Soos, M., Guilley, S.: FIRE: fault injection for reverse engineering. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 280–293. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21040-2_20 CrossRefGoogle Scholar
  17. 17.
    Selmke, B., Brummer, S., Heyszl, J., Sigl, G.: Precise laser fault injections into 90 nm and 45 nm SRAM-cells. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 193–205. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-31271-2_12 CrossRefGoogle Scholar
  18. 18.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003). doi: 10.1007/3-540-36400-5_2 CrossRefGoogle Scholar
  19. 19.
    Steiner, N., Wood, A., Shojaei, H., Couch, J., Athanas, P., French, M.: Torc: towards an open-source tool flow. In: Proceedings of the 19th ACM/SIGDA International Symposium on Field Programmable Gate Arrays, pp. 41–44. ACM (2011)Google Scholar
  20. 20.
    Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the 44th Annual Design Automation Conference, pp. 9–14. ACM (2007)Google Scholar
  21. 21.
    Zussa, L., Dehbaoui, A., Tobich, K., Dutertre, J.M., Maurine, P., Guillaume-Sage, L., Clediere, J., Tria, A.: Efficiency of a glitch detector against electromagnetic fault injection. In: Proceedings of the Conference on Design, Automation & Test in Europe, p. 203. European Design and Automation Association (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Temasek Laboratories, Physical Analysis and Cryptographic EngineeringNanyang Technological UniversitySingaporeSingapore

Personalised recommendations