## Characterizing and Modeling Clock-Glitch Fault Injection

#### Amélie Marotta

Ronan Lashermes, Olivier Sentieys, Rachid Dafali, Guillaume Bouffard

amelie.marotta@inria.fr





- $\rightarrow$  Electromagnetic fault injection has an impact on clock signals  $^1$
- $\rightarrow$  TRAITOR, a many-fault injection tool, that uses clock glitches, recreates this impact
- $\Rightarrow$  Which fault model apply to TRAITOR ?

<sup>&</sup>lt;sup>1</sup> (Electromagnetic fault injection: the curse of flip-flops, Sébastien Ordas, Ludovic Guillaume-Sage, Philippe Maurine)



- microarchitecture level
  - $\rightarrow\,$  program execution



- microarchitecture level
  - $\rightarrow\,$  program execution
- register-transfer level
  - $\rightarrow\,$  bit-flip, stuck-at-0 or -1

- microarchitecture level
  - ightarrow program execution
- register-transfer level
  - $\rightarrow\,$  bit-flip, stuck-at-0 or -1
- physical level
  - $\rightarrow\,$  logic gates, registers

- microarchitecture level
  - ightarrow program execution
- register-transfer level
  - $\rightarrow\,$  bit-flip, stuck-at-0 or -1
- physical level
  - $\rightarrow\,$  logic gates, registers

#### TRAITOR



TRAITOR: A Low-Cost Evaluation Platform for Multifault Injection. Ludovic Claudepierre, Pierre-Yves Péneau, Damien Hardy, Erven Rohou.

#### TRAITOR

Generation of clk\_glitched:





## TRAITOR







Experiment set-up:

- $\rightarrow$  Artix-7
- $\rightarrow\,$  faults injected from amp. 0





Phase 1 (amp. 0 à X): all registers are faulted



Phase 1 (amp. 0 à X): all registers are faulted

Phase 2 (amp. X+1 à X+k): some registers remain faulted, some registers become unfaulted

⇒ fault sensitivity



Phase 1 (amp. 0 à X): all registers are faulted

Phase 2 (amp. X+1 à X+k): some registers remain faulted, some registers become unfaulted

⇒ fault sensitivity

Phase 3 (> amp X+k): all registers are unfaulted

#### Hypotheses

# TRAITOR's fault model is the *Timing Fault Model*. TRAITOR's fault model is the *Sampling Fault Model*.

#### Timing Fault Model ?



Electromagnetic Transient Faults Injection on a hardware and a software implementation of AES. Amine Dehbaoui, Jean-Max Dutertre, Bruno Robisson, Assia Tria

#### Sampling Fault Model ?

Sampling Fault Model:



TRAITOR's Fault Model:





Modeling and Simulating Electromagnetic Fault Injection. Mathieu Dumont, Mathieu Lisart, Philippe Maurine

#### Hypotheses

- 1
  2
  - ) TRAITOR's fault model is the *Timing Fault Model*. imes
  - ) TRAITOR's fault model is the Sampling Fault Model. imes
  - 3) *Energy-threshold Fault Model.* For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold.

#### Energy-threshold Fault Model



Impact of the glitched clock on one register

## Hypotheses

- 1) TRAITOR's fault model is the *Timing Fault Model*. imes
- 2) TRAITOR's fault model is the Sampling Fault Model. imes
- 3 Energy-threshold Fault Model. For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold. √
  - ) *Fault sensitivity variation.* The fault sensitivity only depends on the register.



same fault sensitivity

#### Fault sensitivity variation: configuration 1



#### Fault sensitivity variation: configuration 2



#### Fault sensitivity variation

#### configuration 1

#### configuration 2



unfaulted register

Registers' status for amp. 22

faulted register

Fault sensitivity variation

4 *Fault sensitivity variation.* The fault sensitivity only depends on the register.



New hypothesis: the only thing that changes is the routing between registers... does it influence the glitched clock ?

# Hypotheses

- 1) TRAITOR's fault model is the *Timing Fault Model*. imes
- 2) TRAITOR's fault model is the Sampling Fault Model. imes
- Energy-threshold Fault Model. For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold. √
- Fault sensitivity variation. The fault sensitivity only depends on the register.  $\times$
- 5) *Registers and clock routing cross-talk.* Data routes influence TRAITOR's glitched clock.
- 6 *Inter-clock routing cross-talk.* Other clock routing on the same FPGA influences TRAITOR's glitched clock.

#### Registers and clock routing cross-talk



Experiment set-up:

- $\rightarrow$  Artix-7
- $\rightarrow\,$  faults injected from amp. 0

#### Registers and clock routing cross-talk



#### Registers and clock routing cross-talk



| route | e 1 (a | mp. | 22) |  |
|-------|--------|-----|-----|--|
|       |        |     |     |  |
|       |        |     |     |  |
|       |        |     |     |  |
|       |        |     |     |  |

| route | <mark>e 2</mark> (a | 22) |  |  |
|-------|---------------------|-----|--|--|
|       |                     |     |  |  |
|       |                     |     |  |  |
|       |                     |     |  |  |
|       |                     |     |  |  |

# Hypotheses

- 1) TRAITOR's fault model is the *Timing Fault Model*. imes
- 2) TRAITOR's fault model is the Sampling Fault Model. imes
- Energy-threshold Fault Model. For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold.
- Fault sensitivity variation. The fault sensitivity only depends on the register.  $\times$
- 5) Registers and clock routing cross-talk. Data routes influence TRAITOR's glitched clock. √
- 6 *Inter-clock routing cross-talk.* Other clock routing on the same FPGA influences TRAITOR's glitched clock.

## Inter-clock routing cross-talk



Experiment set-up:

 $\rightarrow$  Artix-7

 $\rightarrow$  faults injected from amp. 0

Registers' behaviour:

- $\rightarrow$  fault sensitivity of singled-out target registers : 21
- $\rightarrow$  fault sensitivity of other target registers : 22

## Inter-clock routing cross-talk



Experiment set-up:

 $\rightarrow$  Artix-7

 $\rightarrow\,$  faults injected from amp. 0

Registers' behaviour:

- $\rightarrow$  fault sensitivity of singled-out target registers : 20
- $\rightarrow$  fault sensitivity of other target registers : 22

# Hypotheses

- 1) TRAITOR's fault model is the *Timing Fault Model*. imes
- 2) TRAITOR's fault model is the Sampling Fault Model. imes
- Energy-threshold fault model. For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold.
- Fault sensitivity variation. The fault sensitivity only depends on the register.  $\times$
- 5) Registers and clock routing cross-talk. Data routes influence TRAITOR's glitched clock. √
- 6 Inter-clock routing cross-talk. Other clock routing on the same FPGA influences TRAITOR's glitched clock. √

#### Cross-talk





#### Cross-talk





#### Cross-talk





#### Conclusion

Energy-threshold Fault Model:







 $\rightarrow$  Energy threshold (voltage and width)

 $\rightarrow$  Cross-talk (register/clock routing and clock/clock routing)

 $\rightarrow$  Explanation for some electromagnetic faults ?