Exploring the Feasibility of Low Cost Fault Injection Attacks on Sub-threshold Devices through an Example of a 65nm AES Implementation

  • Alessandro Barenghi
  • Cédric Hocquet
  • David Bol
  • François-Xavier Standaert
  • Francesco Regazzoni
  • Israel Koren
Part of the Lecture Notes in Computer Science book series (volume 7055)


The continuous scaling of VLSI technology and the aggressive use of low power strategies (such as subthreshold voltage) make it possible to implement standard cryptographic primitives within the very limited circuit and power budget of RFID devices. On the other hand, such cryptographic implementations raise concerns regarding their vulnerability to both active and passive side channel attacks. In particular, when focusing on RFID targeted designs, it is important to evaluate their resistance to low cost physical attacks.

A common low cost fault injection attack is the one which is induced by insufficient supply voltage of the chip with the goal of causing setup time violations. This kind of fault attack relies on the possibility of gracefully degrading the performance of the chip. It is however, unclear whether this kind of low cost attack is feasible in the case of low voltage design since a reduction of the voltage may result in a catastrophic failure of the device rather than an isolated setup violation. Furthermore, the effect that process variations may have on the fault model used by the attacker and consequently the success probability of the attack, are unknown.

In this paper, we investigate these issues by evaluating the resistance to low cost fault injection attacks of chips implementing the AES cipher that were manufactured using a 65nm low power library and operate at subthreshold voltage. We show that it is possible to successfully breach the security of a custom implementation of the AES cipher. Our experiments have taken into account the expected process variations through testing of multiple samples of the chip. To the best of our knowledge, this work is the first attempt to explore the resistance against low cost fault injection attacks on devices that operate at subthreshold voltage and are very susceptible to process variations.


Supply Voltage Fault Injection Fault Attack Differential Fault Analysis Subthreshold Voltage 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barenghi, A., Bertoni, G., Parrinello, E., Pelosi, G.: Low Voltage Fault Attacks on the RSA Cryptosystem. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 23–31 (2009)Google Scholar
  2. 2.
    Barenghi, A., Bertoni, G.M., Breveglieri, L., Pellicioli, M., Pelosi, G.: Low Voltage Fault Attacks to AES. In: Tehranipoor, M., Plusquellic, J. (eds.) HOST. IEEE Computer Society, Los Alamitos (2010)Google Scholar
  3. 3.
    Bol, D., Ambroise, R., Flandre, D., Legat, J.D.: Interests and limitations of technology scaling for subthreshold logic. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 17(10), 1508–1519 (2009)CrossRefGoogle Scholar
  4. 4.
    Chen, C.-N., Yen, S.-M.: Differential fault analysis on aes key schedule and some countermeasures. In: Proc. Information Security and Privacy, pp. 217–217 (2003)Google Scholar
  5. 5.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  6. 6.
    Das, R., Harrop, P.: RFID forecasts, players and opportunities 2011, 96, 2021. IDTechEx report (2010)Google Scholar
  7. 7.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential Fault Analysis on AES. In: CoRR, cs.CR/0301020 (2003)Google Scholar
  8. 8.
    Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES implementation on a grain of sand. IEE Proceedings on Information Security 152(1), 13–20 (2005)CrossRefGoogle Scholar
  9. 9.
    Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 27–41. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Hutter, M., Plos, T., Schmidt, J.-M.: Contact-Based Fault Injections and Power Analysis on RFID Tags. In: Proc. IEEE European Conference on Circuit Theory and Design, pp. 409–412 (2009)Google Scholar
  11. 11.
    Kasper, T., Silbermann, M., Paar, C.: All you can eat or breaking a real-world contactless payment system. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 343–350. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Kim, C.H., Quisquater, J.-J.: New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 48–60. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Mentens, N., Batina, L., Preneel, B., Verbauwhede, I.: A systematic evaluation of compact hardware implementations for the rijndael S-box. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 323–333. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A generalized method of differential fault attack against AES cryptosystem. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 91–100. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    NIST. Announcing the advanced encryption standard aes. Technical report, Federal Information Processing Standards Publication 197 (2001)Google Scholar
  16. 16.
    Peacham, D., Thomas, B.: A DFA attack against the AES key schedule. SiVenture Whitepaper (October 2006)Google Scholar
  17. 17.
    Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A Compact Rijndael Hardware Architecture with S-Box Optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Schmidt, J.-M., Hutter, M., Plos, T.: Optical Fault Attacks on AES: A Threat in Violet. In: Proc. Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 13–22 (2009)Google Scholar
  20. 20.
    Selmane, N., Guilley, S., Danger, J.-L.: Practical Setup Time Violation Attacks on AES. In: EDCC-7 2008: Proceedings of the 2008 Seventh European Dependable Computing Conference, pp. 91–96. IEEE Computer Society, Washington, DC, USA (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Alessandro Barenghi
    • 1
  • Cédric Hocquet
    • 2
  • David Bol
    • 2
  • François-Xavier Standaert
    • 2
  • Francesco Regazzoni
    • 2
    • 3
  • Israel Koren
    • 4
  1. 1.DEIPolitecnico di MilanoMilanoItaly
  2. 2.ICTEAM InstituteUniversité catholique de LouvainLouvain-la-NeuveBelgium
  3. 3.ALaRIUniversity of LuganoLuganoSwitzerland
  4. 4.University of MassachusettsAmherstUSA

Personalised recommendations