Combining Image Processing and Laser Fault Injections for Characterizing a Hardware AES

Nowadays, the security level of secure integrated circuits makes simple attacks less efficient. The combination of invasive approaches and fault attacks can be seen as more and more pertinent to retrieve secrets from integrated circuits. This paper includes a practical methodology and its application. We first describe how to retrieve the physical areas of interest for the attack. Then, we perform a deep fault injection characterization of the area of found.

For the former, a methodology based on circuit preparation, scanning electron microscope acquisitions, image registration and processing is given allowing to perform a controlled and localized laser fault attack with a state-of-the-art injection platform. The laser fault injection presented here allows the attacker to perform a “bit-set,” a “bit-reset” or a full register “reset”. Controlling the value stored in a flip-flop is critical for security. To illustrate this methodology, an encryption algorithm is targeted. We see that efficient methods that take advantage of the comparison between faulty and correct cipher texts, such as differential fault analysis or “safe error”, are particularly relevant with the proposed methodology. The overall methodology can efficiently be used to speed up an attack and to improve the test coverage.