Amélie Marotta’s PhD thesis, entitled Electromagnetic injection fault models and countermeasures for RISC-V sw FPGA processors, is in progress at INRIA Taran team. His thesis co-supervised with Ronan Lashermes, INRIA/LHS, Olivier Sentieys, INRIA/TARAN and Rachid Dafali, DGA-MI Her PhD thesis was started on October 2021.
|15th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE) 2024, Gardanne, France (2024)
In the realm of fault injection (FI), electromagnetic fault injection (EMFI) attacks have garnered significant attention, particularly for their effectiveness against embedded systems with minimal setup. These attacks exploit vulnerabilities with ease, underscoring the importance of comprehensively understanding EMFI. Recent studies have highlighted the impact of EMFI on phase-locked loops (PLLs), uncovering specific clock glitches that induce faults. However, these studies lack a detailed explanation of how these glitches translate into a specific fault model. Addressing this gap, our research investigates the physical fault model of synchronous clock glitches (SCGs), a clock glitch injection mechanism likely to arise from EMFI interactions within the clock network. Through an integrated approach combining experimental and simulation techniques, we critically analyze the adequacy of existing fault models, such as the Timing Fault Model and the Sampling Fault Model, in explaining SCGs. Our findings reveal specific failure modes in D flip-flops (DFFs), contributing to a deeper understanding of EMFI effects and aiding in the development of more robust defensive strategies against such attacks.
|Journée thématique sur les attaques par injection de fautes (JAIF), 2023, Gardanne, France (2023)
Fault injection techniques are numerous, including laser, electromagnetic fault injection (EMFI), power glitch, and clock glitch. The physical effects that are caused from fault injection result in fault models that can be interpreted at three different abstraction levels: physical (impact on logic gates and flip-flop), register-transfer (bit-set, bit-reset) and microarchitectural (impact on the execution of programs). To fully characterize the effects of fault injection, it is important to know all three abstractions levels and how they are linked to each other. In this work, we focus on a particular type of clock glitch fault injection. We use TRAITOR, a many-fault injection platform, which uses a specific pertubation on the clock signal to induce incorrect behaviors in the target. Some observations of these behaviours at a microarchitectural level have been made, but until now, lower level fault models haven’t been proposed. We observe that the sampling process of registers can be compromised by TRAITOR’s glitched clock. While some fault models already exist, they do not explain this behaviour. Simulation- based investigations were done to characterize precisely when a register would latch or not depending on the glitched clock cycle shape. They revealed that the issue arises due to an insufficient energy supply on the clock port of the register. Besides, experiments were done on registers in FPGAs, to highlight that the hardware environment of the target system influences the fault results. During our presentation, we will introduce our approach to characterize the impact of TRAITOR on registers. We will present a new physical fault model which explains its effects