Comprehensive laser sensitivity profiling and data register bit-flips in 65 nm FPGA
FPGAs have emerged as a popular platform for security sensitive applications. As a practical attack methodology, laser based fault analyses have drawn much attention in the past years due to its superior accuracy in fault perturbation into security-critical Integrated Circuits (ICs). However, due to...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/82156 http://hdl.handle.net/10220/42300 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | FPGAs have emerged as a popular platform for security sensitive applications. As a practical attack methodology, laser based fault analyses have drawn much attention in the past years due to its superior accuracy in fault perturbation into security-critical Integrated Circuits (ICs). However, due to the insufficient device information, the practical injections work are not so efficient as expected. In this paper, we thoroughly analyze the laser fault injections to data flip-flops, instead of the widely studied configuration memory bits, of a modern nanoscale FPGA. A profiling campaign based on laser chip scan is performed on an exemplary 65 nm Virtex-5 FPGA, through the delayered silicon substrate, to identify the laser sensitivity distribution of the resource array and the fundamental logic cells. The sophisticated flip-flop bit flips are realized by launching fine-grained laser perturbations on an identified Configurable Logic Block (CLB) region. The profiled laser fault sensitivity map to FPGA resource significantly facilitate high-precision logic navigation and fault injection in practical cryptographic fault attacks. We show that the observed single- and multiple-bit faults are compatible with most proposed differential or algebraic fault analyses (DFA/AFA). Finally, further discussions on capability of reported fault models to bypass fault countermeasures like parity and dual-rail logic are also given. |
|---|