Guillaume Bouffard
Researcher in Embedded System Security
Amélie Marotta’s PhD thesis, titled Electromagnetic Injection Fault Models and Countermeasures for RISC-V SW FPGA Processors, is currently in progress at INRIA Taran team. Her thesis is co-supervised by Ronan Lashermes from INRIA/LHS, Olivier Sentieys from INRIA/TARAN, and Rachid Dafali from DGA-MI.
Her PhD thesis commenced in October 2021.
Characterizing and Modeling Synchronous Clock-Glitch Fault Injection- In Constructive Side-Channel Analysis and Secure Design - 15th International Workshop, COSADE 2024, Gardanne, France, April 9-10, 2024, Proceedings (2024) | |
|
In the realm of fault injection (FI), electromagnetic fault injection (EMFI) attacks have garnered significant attention, particularly for their effectiveness against embedded systems with minimal setup. These attacks exploit vulnerabilities with ease, underscoring the im- portance of comprehensively understanding EMFI. Recent studies have highlighted the impact of EMFI on phase-locked loops (PLLs), uncov- ering specific clock glitches that induce faults. However, these studies lack a detailed explanation of how these glitches translate into a specific fault model. Addressing this gap, our research investigates the physical fault model of synchronous clock glitches (SCGs), a clock glitch injec- tion mechanism likely to arise from EMFI interactions within the clock network. Through an integrated approach combining experimental and simulation techniques, we critically analyze the adequacy of existing fault models, such as the Timing Fault Model and the Sampling Fault Model, in explaining SCGs. Our findings reveal specific failure modes in D flip-flops (DFFs), contributing to a deeper understanding of EMFI effects and aiding in the development of more robust defensive strategies against such attacks. |
|
Characterizing and Modeling Clock-Glitch Fault Injection- Journée thématique sur les attaques par injection de fautes (JAIF), 2023, Gardanne, France (2023) | |
|
Fault injection techniques are numerous, including laser, electromagnetic fault injection (EMFI), power glitch, and clock glitch. The physical effects that are caused from fault injection result in fault models that can be interpreted at three different abstraction levels: physical (impact on logic gates and flip-flop), register-transfer (bit-set, bit-reset) and microarchitectural (impact on the execution of programs). To fully characterize the effects of fault injection, it is important to know all three abstractions levels and how they are linked to each other. In this work, we focus on a particular type of clock glitch fault injection. We use TRAITOR, a many-fault injection platform, which uses a specific pertubation on the clock signal to induce incorrect behaviors in the target. Some observations of these behaviours at a microarchitectural level have been made, but until now, lower level fault models haven’t been proposed. We observe that the sampling process of registers can be compromised by TRAITOR’s glitched clock. While some fault models already exist, they do not explain this behaviour. Simulation- based investigations were done to characterize precisely when a register would latch or not depending on the glitched clock cycle shape. They revealed that the issue arises due to an insufficient energy supply on the clock port of the register. Besides, experiments were done on registers in FPGAs, to highlight that the hardware environment of the target system influences the fault results. During our presentation, we will introduce our approach to characterize the impact of TRAITOR on registers. We will present a new physical fault model which explains its effects |
|