A Systematic Approach to Fault Attack Resistant Design

  • Nahid Farhady Galathy
  • Bilgiday Yuce
  • Patrick Schaumont


Fault injection is a powerful hacking tool, affecting all forms of cryptography. In this chapter, we describe common fault injection mechanisms, and common fault analysis techniques. From these observations, we derive a set of guidelines and techniques for fault attack resistant design. The main objective of this contribution is to describe fault attack resistant design and differentiate it from fault tolerant design, a set of techniques based on redundancy. The key differentiator between the two types of design can be made by considering the cause of the fault. Fault tolerant design deals with random, arbitrary events and generic failures of a design. In contrast, fault attack resistant design deals with an intelligent adversary who has a focused objective to break the security of a design. The fault tolerant methods basically require the system to be able to continue performing its functions correctly in presence of faults. On the other hand, a fault attack resistant design requires the system to continue performing its intended operation without leaking secret data-dependent information in presence of faults. While fault tolerant design techniques can be used to create a fault attack resistant design, in this chapter, will show that by analyzing the fault attack requirements, the nature of the threat enables significant optimizations, which improve cost and performance of the protected designs. We review several fault-resistant design techniques that are generic and broadly applicable to secure intellectual property (IP) modules.


  1. 1.
    Agoyan, M., Dutertre, J.M., Naccache, D., Robisson, B., Tria, A.: When Clocks Fail: On Critical Paths and Clock Faults. In: Smart Card Research and Advanced Application, pp. 182–193. Springer (2010)Google Scholar
  2. 2.
    Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of Clock Glitches on 8-bit MCUs. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 105–114 (2011)Google Scholar
  3. 3.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006). FebCrossRefGoogle Scholar
  4. 4.
    Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012). NovCrossRefGoogle Scholar
  5. 5.
    Barenghi, A., Bertoni, G.M., Breveglieri, L., Pelliccioli, M., Pelosi, G.: Injection technologies for fault attacks on microprocessors. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography. Information Security and Cryptography, pp. 275–293. Springer, Berlin (2012)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Advances in CryptologyCRYPTO’97, pp. 513–525. Springer (1997)Google Scholar
  7. 7.
    Blömer, J., Seifert, J.P.: Fault based cryptanalysis of the advanced encryption standard (AES). In: Financial Cryptography, pp. 162–181. Springer (2003)Google Scholar
  8. 8.
    Bo, Y., Xiangyu, L., Cong, C., Yihe, S., Liji, W., Xiangmin, Z.: An AES chip with DPA resistance using hardware-based random order execution. J. Semicond. 33(6), 065009 (2012)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Danger, J.L., Guilley, S., Bhasin, S., Nassar, M.: Overview of dual rail with Precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors. In: 2009 3rd International Conference on Signals, Circuits and Systems (SCS), pp. 1–8. IEEE (2009)Google Scholar
  11. 11.
    Dehbaoui, A., Dutertre, J.M., Robisson, B., Orsatelli, P., Maurine, P., Tria, A.: Injection of transient faults using electromagnetic pulses-practical results on a cryptographic system. IACR Cryptol. ePrint Arch. 2012, 123 (2012)Google Scholar
  12. 12.
    Ghalaty, N.F., Aysu, A., Schaumont, P.: Analyzing and eliminating the causes of fault sensitivity analysis. In: Proceedings of the Conference on Design, Automation & Test in Europe. p. 204. European Design and Automation Association (2014)Google Scholar
  13. 13.
    Ghalaty, N.F., Yuce, B., Taha, M., Schaumont, P.: Differential Fault Intensity Analysis. In: 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 49–58. IEEE (2014)Google Scholar
  14. 14.
    Guilley, S., Sauvage, L., Danger, J.L., Selmane, N.: Fault injection resilience. In: 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 51–65. IEEE (2010)Google Scholar
  15. 15.
    Guo, X., Mukhopadhyay, D., Karri, R.: Provably secure concurrent error detection against differential fault analysis. IACR Cryptol. ePrint Arch. 2012, 552 (2012)Google Scholar
  16. 16.
    Joye, M., Tunstall, M. (eds.): Fault Analysis in Cryptography. Information Security and Cryptography. Springer, Berlin (2012)Google Scholar
  17. 17.
    Karaklajic, D., Fan, J., Verbauwhede, I.: A systematic M safe-error Detection in hardware implementations of cryptographic algorithms. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 96–101 (2012)Google Scholar
  18. 18.
    Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst 21(12), 1509–1517 (2002)CrossRefGoogle Scholar
  19. 19.
    Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: J. Cryptogr. Eng. 1(1), 5–27 (2011)Google Scholar
  20. 20.
    Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant Smartcard processors. In: USENIX Workshop on Smartcard Technology, vol. 12, pp. 9–20 (1999)Google Scholar
  21. 21.
    Kunitake, Y., Sato, T., Yasuura, H., Hayashida, T.: Possibilities to miss predicting timing errors in canary flip-flops. In: 2011 IEEE 54th International Midwest Symposium on Circuits and Systems (MWSCAS), pp. 1–4. IEEE (2011)Google Scholar
  22. 22.
    Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Cryptographic Hardware and Embedded Systems, CHES 2010, pp. 320–334. Springer (2010)Google Scholar
  23. 23.
    Lomné, V., Roche, T., Thillard, A.: On the need of randomness in fault attack countermeasures-application to AES. In: 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 85–94. IEEE (2012)Google Scholar
  24. 24.
    Luo, P., Fei, Y.: Faulty clock detection for crypto circuits against differential fault analysis attack. Cryptol. ePrint Arch. Report 2014/883. http://eprint.iacr.org/ (2014)
  25. 25.
    Markantonakis, K., Mayes, K.: Secure Smart Embedded Devices. Platforms and Applications. Springer, Berlin (2013)Google Scholar
  26. 26.
    Mitra, S., McCluskey, E.J.: Which concurrent error detection scheme to choose? In: Test Conference, 2000. Proceedings. International, pp. 985–994. IEEE (2000)Google Scholar
  27. 27.
    Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A generalized method of differential fault attack against AES cryptosystem. In: Cryptographic Hardware and Embedded Systems-CHES 2006, pp. 91–100. Springer (2006)Google Scholar
  28. 28.
    Piret, G., Quisquater, J.J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Cryptographic Hardware and Embedded Systems-CHES 2003, pp. 77–88. Springer (2003)Google Scholar
  29. 29.
    Quisquater, J.J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for Smart Cards. In: Smart Card Programming and Security, pp. 200–210. Springer (2001)Google Scholar
  30. 30.
    Quisquater, J., Samyde, D.: Eddy current for magnetic analysis with active sensor. In: Esmart (2002)Google Scholar
  31. 31.
    Sato, T., Kunitake, Y.: A simple flip-flop circuit for typical-case designs for DFM. In: 8th International Symposium on Quality Electronic Design, 2007. ISQED’07, pp. 539–544. IEEE (2007)Google Scholar
  32. 32.
    Selmane, N., Guilley, S., Danger, J.L.: Practical setup time violation attacks on AES. In: Seventh European Dependable Computing Conference, 2008. EDCC 2008, pp. 91–96. IEEE (2008)Google Scholar
  33. 33.
    Skorobogatov, S., Woods, C.: Breakthrough silicon scanning discovers backdoor in military chip. In: CHES, pp. 23–40 (2012)Google Scholar
  34. 34.
    Skorobogatov, S.P.: Semi-invasive attacks—A new approach to hardware security analysis. Technical report. UCAM-CL-TR-630, University of Cambridge, Computer Laboratory (2005)Google Scholar
  35. 35.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Cryptographic Hardware and Embedded Systems-CHES 2002, pp. 2–12. Springer (2003)Google Scholar
  36. 36.
    Takahashi, J., Fukunaga, T., Gomisawa, S., Li, Y., Sakiyama, K., Ohta, K.: Fault injection and key retrieval experiments on an evaluation board. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography, pp. 313–331. Information Security and Cryptography, Springer, Berlin (2012)Google Scholar
  37. 37.
    Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization. In: Cryptographic Hardware and Embedded Systems–CHES 2014, pp. 93–111. Springer (2014)Google Scholar
  38. 38.
    Wang, L.T., Wu, C.W., Wen, X.: VLSI Test Principles and Architectures: Design for Testability. Academic Press (2006)Google Scholar
  39. 39.
    van Woudenberg, J., Witteman, M., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 91–99 (2011)Google Scholar
  40. 40.
    Yanci, A.G., Pickles, S., Arslan, T.: Characterization of a voltage Glitch attack detector for secure devices. In: Symposium on Bio-inspired Learning and Intelligent Systems for Security, 2009. BLISS’09, pp. 91–96. IEEE (2009)Google Scholar
  41. 41.
    Yuce, B., Ghalaty, N.F., Schaumont, P.: TVVF: Estimating the vulnerability of hardware cryptosystems against timing violation attacks. In: 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 72–77. IEEE (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Nahid Farhady Galathy
    • 1
  • Bilgiday Yuce
    • 1
  • Patrick Schaumont
    • 1
  1. 1.Virginia TechBlacksburgUSA

Personalised recommendations