A Fully-Digital EM Pulse Detector

El-Baze, David; Rigaud, Jean-Baptiste; Maurine, Philippe

doi:10.3850/9783981537079_0164

Cited by 18 publications

(16 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, if we are interested in higher frequencies, the timing model becomes relevant. This was confirmed in a recent paper by Nabhan et al [13] where they evaluated the effectiveness of a sampling fault modelbased EMFI detection sensor introduced by Elbaze et al [14]. After performing various experiments on an FPGA-based Advanced Encryption Standard (AES) accelerator accompanied by 16 sensors, they validated the sensor's inefficiency for operating frequencies exceeding 150 MHz.…”

Section: B Related Work 1) Em Fault Modelsmentioning

confidence: 62%

“…Moreover, the harmonic response increased from (11)(12)(13)(14)(15)(16)(17) for PW = 80ns to (13)(14)(15)(16)(17)(18)(19) for PW = 100ns, finally locking with a 100% probability on the 19 th harmonic for PW = 120ns and PW = 140ns. Let us notice that for this position, a small increase of the pulse width from 60 ns to 80 ns quickly leads to high harmonics, while similar increments over 80 ns do not exhibit the same type of consequence.…”

Section: B Pulse Width Effectmentioning

confidence: 99%

See 1 more Smart Citation

Harmonic Response of Ring Oscillators under Single ElectroMagnetic Pulsed Fault Injection

Amraoui,

Douadi,

Leveugle

et al. 2024

2024 IEEE 25th Latin American Test Symposium (LATS)

View full text Add to dashboard Cite

Ring Oscillators (ROs) are essential building blocks in digital devices used for instance in clock generation, True Random Number Generators (TRNGs), Physical Unclonable Functions (PUFs) or on-chip voltage or temperature sensors. Their response to laser pulses, EM (ElectroMagnetic) harmonic fault injections or radio frequency interferences injected into the power distribution network has already been extensively studied. In this paper, we present experimental characterization results of EM pulsed fault injection performed on ROs implemented in FPGAs. We highlight the occurrence of harmonic responses with variable characteristics depending on several parameters, such as the RO placement within the FPGA chip, the timing and location of the injection and the electromagnetic pulse width and amplitude. We show that the usual fault model based on Single Event Transients (SETs) can only partially explain the faulty behavior, even after a single pulse injection.

show abstract

Section: B Related Work 1) Em Fault Modelsmentioning

confidence: 62%

Section: B Pulse Width Effectmentioning

confidence: 99%

Harmonic Response of Ring Oscillators under Single ElectroMagnetic Pulsed Fault Injection

Amraoui,

Douadi,

Leveugle

et al. 2024

2024 IEEE 25th Latin American Test Symposium (LATS)

View full text Add to dashboard Cite

show abstract

“…To avoid the difficulties with the tuning of delay according to the IC timings in the delay based glitch detector, El-Baze et al [5] introduced an EM detector which is entirely digital.…”

Section: Fully-digital Em Pulse Detectormentioning

confidence: 99%

Detecting Electromagnetic Injection Attack on FPGAs Using In-situ Timing Sensors

Gujar

Nazhandali

2020

J Hardw Syst Secur

View full text Add to dashboard Cite

Nowadays, security is one of the foremost concerns as the confidence in a system is mostly dependent on its ability to protect itself against any attack. The area of Electromagnetic Fault Injection (EMFI) wherein attackers can use electromagnetic (EM) pulses to induce faults has started garnering increasing attention. It became crucial to understand EM attacks I would like to thank my committee members Dr. Leyla Nazhandali, Dr. Patrick Schaumont, and Dr. Lynn Abbott, for their strong support throughout my time at Virginia Tech. I am very grateful to Dr. Nazandali for her constant advice, mentoring and direction which helped me achieve my research goals. I would also like to give my special thanks to my colleagues in the Secure Embedded Systems lab namely Abhishek Bendre, Bilgiday Yuce, Chinmay Deshpande, and Yuan Yao for their prompt help in fixing issues with the setup and answering my questions which helped me to carry forward my research. I would also like to thank Archanaa Krishnan and Daniel Dinu for their supportive and cheerful companionship. I would like to thank the Virginia Tech libraries, Virginia Tech ECE department and the Virginia Tech Graduate School for their contribution in making the masters' thesis a smooth and fulfilling journey for me. I am much thankful to my friends at Virginia Tech for their constant push which motivated to do my best work. Last but not the least, I would like to thank my mom, my dad and my younger brother for their continued confidence in me and my efforts. I have gathered valuable knowledge and essential skills in perseverance and patience during this thesis for which I am eternally obliged to everyone involved. v

show abstract

“…Active shields, which consist of wire meshes that run signals over the chip's surface and detect any interruption on a wire, are thus a very effective means to thwart many fault attacks. Furthermore, the use of light sensors [21] allows to detect anomalies in the circuit's behavior. The main drawback of such hardware countermeasures is their cost.…”

Section: Countermeasuresmentioning

confidence: 99%

Thwarting Fault Attacks against Lightweight Cryptography using SIMD Instructions

Lac

Canteaut

Fournier

et al. 2018

2018 IEEE International Symposium on Circuits and Systems (ISCAS)

View full text Add to dashboard Cite

A growing number of connected objects, with their high performance and low-resources constraints, are embedding lightweight ciphers for protecting the confidentiality of the data they manipulate or store. Since those objects are easily accessible, they are prone to a whole range of physical attacks, one of which are fault attacks against for which countermeasures are usually expensive to implement, especially on off-the-shelf devices. For such devices, we propose a new generic software countermeasure, called the Internal Redundancy Countermeasure (IRC), to thwart most fault attacks while preserving the performances of the targeted cipher. We report practical experiments showing that IRC successfully thwarts fault attacks on the block cipher PRIDE and on the stream cipher TRIVIUM for which we protect both the initialization and the keystream generation. Keywords: IRC¨Physical attacks¨Fault attacks¨SIMD instructionsS oftware countermeasure¨Lightweight cryptography¨IoT. implementations' performances and sizes, especially for off-the-shelf devices with no particular hardware mechanism to thwart such attacks. In this paper, we introduce a new paradigm, called the Internal Redundancy Countermeasure (IRC), for using spatial redundancies to thwart fault attacks. First, we describe the concept of IRC based on the use of SIMD (Single Instruction Multiple Data) instructions, which are increasingly available in off-the-shelf IoT devices: for 32-bit architectures, we work on 4 bytes in parallel. Then, we introduce a method for implementing this countermeasure in a completely generic way, i.e. independently of the cipher. Finally, we report practical experiments that show that IRC successfully thwarts real fault injections on the block cipher PRIDE and on the stream cipher TRIVIUM before discussing about the efficiency of this approach and concluding on some future work.

show abstract

A Fully-Digital EM Pulse Detector

Cited by 18 publications

References 12 publications

Harmonic Response of Ring Oscillators under Single ElectroMagnetic Pulsed Fault Injection

Harmonic Response of Ring Oscillators under Single ElectroMagnetic Pulsed Fault Injection

Detecting Electromagnetic Injection Attack on FPGAs Using In-situ Timing Sensors

Thwarting Fault Attacks against Lightweight Cryptography using SIMD Instructions

Contact Info

Product

Resources

About