When Clocks Fail: On Critical Paths and Clock Faults

  • Michel Agoyan
  • Jean-Max Dutertre
  • David Naccache
  • Bruno Robisson
  • Assia Tria
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6035)


Whilst clock fault attacks are known to be a serious security threat, an in-depth explanation of such faults still seems to be put in order.

This work provides a theoretical analysis, backed by practical experiments, explaining when and how clock faults occur. Understanding and modeling the chain of events following a transient clock alteration allows to accurately predict faulty circuit behavior. A prediction fully confirmed by injecting variable-duration faults at predetermined clock cycles.

We illustrate the process by successfully attacking an fpga aes implementation using a dll-based fpga platform (one-bit fault attack).


Clock Cycle Critical Path Clock Period Fault Injection Critical Delay Path 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Special Issue on Cryptography and Security 94(2), 370–382 (2006)Google Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  3. 3.
    Boneth, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Choukri, H., Tunstall, M.: Round reduction using faults. In: Proc. Second Int’l Workshop Fault Diagnosis and Tolerance in Cryptography, FDTC 2005 (2005)Google Scholar
  5. 5.
    Daemen, J., Rijmen, V.: Rijndael, Aes proposal (1998)Google Scholar
  6. 6.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on aes. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Fukunaga, T., Takahashi, J.: Practical fault attack on a cryptographic lsi with iso/iec 18033-3 block ciphers. In: Proc. of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, pp. 84–92 (2009)Google Scholar
  8. 8.
    Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 27–41. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Guilley, S., Sauvage, L., Danger, J.-L., Selmane, N., Pacalet, R.: Silicon-level solutions to counteract passive and active attacks. In: FDTC 2008: Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 3–17 (2008)Google Scholar
  10. 10.
    Hutter, M., Schmidt, J.-M.: Optical and em fault-attacks on crt-based rsa: Concrete results. In: Proceedings of the 15th Austrian Workhop on Microelectronics (2007)Google Scholar
  11. 11.
    NIST. Announcing the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication No. 197, November 26 (2001)Google Scholar
  12. 12.
    Piret, G., Quisquater, J.-J.: A differential fault attack technique against spn structures, with application to the aes and khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)Google Scholar
  13. 13.
    Quisquater, J.J., Samyde, D.: Eddy current for magnetic analysis with active sensor. In: Proceedings of ESmart 2002, Eurosmart, pp. 185–194 (2002)Google Scholar
  14. 14.
    Robisson, B., Manet, P.: Differential behavioral analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 413–426. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Selmane, N., Guilley, S., Danger, J.-L.: Practical setup time violation attacks on AES. In: EDCC-7 2008: Proceedings of the 2008 Seventh European Dependable Computing Conference, pp. 91–96 (2008)Google Scholar
  16. 16.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Yen, S.-M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Transactions on Computers 49, 967–970 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Michel Agoyan
    • 1
  • Jean-Max Dutertre
    • 2
  • David Naccache
    • 1
    • 3
  • Bruno Robisson
    • 1
  • Assia Tria
    • 1
  1. 1.Centre microélectronique de Provence G. Charpak, Département SASCEA-LETIGardanneFrance
  2. 2.Centre microélectronique de Provence G. Charpak, Département SASÉcole nationale supérieure des Mines de Saint-ÉtienneGardanneFrance
  3. 3.Département d’informatique, Équipe de cryptographieÉcole normale supérieureParis CEDEX 05France

Personalised recommendations