I. Introduction
The cryptographic algorithms that have been implemented are designed in the way such that they are difficult to be broken mathematically[1]. In order to obtain the secret key, which allows the decryption of encrypted information, an attacker must perform a brute force analysis that requires a prohibitively large number of experiments. There is no known methodology for the most commonly used cryptographic algorithms to significantly reduce the secret key search space. However, it is shown that secret information (such as the key of the encryption algorithm) can leak through side channel attacks.
Examples of such side channels are the time needed to perform the encryption or the power consumed by the device implementing the encryption algorithm. Timing and power side channel attacks are based on the fact that the individual computation steps that are needed during the encryption are dependent on the bits of the secret key and thus, the time needed for these steps and the power consumed by them are directly correlated to the secret key bits. These attacks have been proven to be effective and it incurs relatively at low cost. Furthermore, once a side-channel attack technique has been developed and made public, expensive equipment or high technical skills are not required to apply in practice.
A different type of side-channel attacks that were proved to be very effective is realized through the injection of deliberate (malicious) faults into a cryptographic device and the observation of the corresponding erroneous outputs[2-3]. Using this type of attack and analyzing the outputs of the cryptographic device, called differential fault analysis (DFA)[4], the number of experiments needed to obtain the bits of the secret key can be drastically reduced. This kind of active side-channel attacks (in contrast to the previously described passive ones) has been in the last decade the subject of intense and expanding research, as it has been demonstrated to be highly effective[5-7].
Fig.1. shows fault injection techniques[8] that can be classified into three main categories: hardware fault injection, software fault injection and simulation-based fault injection. Hardware and software fault injections must be injected in the prototype or fully operational system, which can collectively be referred as physical-based fault injection.
Fig.1. Classification of Fault Injection Techniques
Among them, hardware and software fault injection have been used for a long time. Over the past decade, with the development of fault injection technology, especially the increasing need of evaluating system early in the design cycle, simulation-based has attracted more attention of researchers.
To experiment fault injection attack, the failure analysis of many different products involve the use of the following tools and techniques[9]: Microscopes, Sample preparation, Radiography, Spectroscopic analysis, Device modification, Surface analysis, Scanning electron microscopy, Laser signal injection microscopy (LSIM), Semiconductor probing, Software-based fault location techniques. Especially, we are focusing on the laser signal injection microscopy (LSIM) which injects faults into the device.
In this paper, we propose an improved laser probe which can be used for the experiment of fault injection attack.
The rest of the paper is organized as follows. After introduction in section Ⅰ, we describe the related work in section Ⅱ. In section Ⅲ, we present the proposed improved laser probe and discussion in section Ⅳ. Finally, section Ⅴ concludes with a summary of our scheme and future work.
II. Laser Probe for Fault Injection Attack
A laser is a tool that produces light through a process called optical amplification based on the stimulated emission of electromagnetic radiation. Lasers are different from light sources due to their coherent emission. Spatial coherence refers to the output, which is a narrow beam, often called “pencil beam”. Laser beams can be focused to very precise spots, giving high irradiance. They can be launched into beams of very low divergence in order to focus their power at a large distance. The light generated by stimulated emission is similar to the input signal in terms of wavelength, phase, and polarization. This makes the laser light coherent and able to maintain the uniform polarization and often established by the optical cavity design.
In Fig.2, a laser consists of a gain medium, which is a mechanism to supply energy and provide optical feedback. The gain medium is considered a material with properties that allow it to amplify light by stimulated emission. Light of a specific wavelength that passes through the gain medium will increase in power, known as amplification process. In order to amplify light, a gain medium needs to get supplied with energy. The process of supplying energy is called pumping. The energy is normally supplied as an electrical current, or as light at a different wavelength.
Fig.2. Components of a typical laser[10]
The Laser Fault Injection (LFI) technique has a good spatial and temporal precision to inject the faults. This laser used in fault injection tool will not result in permanent damage, because it allows adjusting by tuning the beam’s energy level. However, an amount higher a destructive threshold can destroy the circuit. The parameters below should be considered when performing an attack: gain medium of laser, wavelength, repetition rate, spot size, output power and so on.
Fault injection attack equipment can be divided into four parts as shown in Fig. 3. (1) Laser cutter for a laser beam fire and cutting on the target; (2) Optical microscopy (Microscope) to enlarge the size of the target; (3) X-Y stage (including anti-vibration enclosures) for moving target in the X-axis, Y-axis, R-rotation. Z-axis movement is generally achieved by an optical microscope; (4) Camera and Viewer.
Fig.3. An example of FA tool set up
III. An Improved Laser Probing System for Fault Injection Attack
Typically the laser probe is considered expensive equipment. Thus, enhancing the laser probe through utilizing existing equipment is recommended rather than buying a new product. The basic concept of the proposed idea is a dual-laser probe which is the combination between existing laser probe and extra laser head in parallel. Our improved laser probe can be divided into two parts: Laser-Ⅰ for laser cutting to remove the surface of the targeted device, before performing the fault injection attack and Laser-Ⅱ for fault injection. In this case, we needed a separate controller.
In our proposed idea on laser probe enhancement, we assume QuikLaze-II or EzLaze-3[11] of New Wave Research is used for laser I. The key of the motivation is from the first conceptual design of this research, experimented by research teams in Cambridge university and Gyeongbuk university.
Also, the combination of laser-Ⅱ methods is divided by the laser types as shown in Fig 4 and 5.
Fig.4. An Improved laser probe―Case 1.
Fig.5. An Improved laser probe―Case 2.
Fig.4. shows the design of improved laser probe―case 1 which used Diode laser for laser-Ⅱ. In this case, combined experiments auxiliary devices (zig module) are used together with the laser probe which enables the mode-switching between Laser-Ⅰ and Laser-Ⅱ. However, the extra-large size of the laser probe is the problem. In addition, an additional CCD camera installation is needed.
Fig.5. shows the design of improved laser probe―case 2 which used Fiber laser for laser-Ⅱ. In this case, we can connect between the Laser-I and Laser-II through fiber cable. Thus, we can solve the problem occurring in the case 1 and a wider working space can be utilized. In addition, an additional installation of the CCD camera is no longer required. Mode-switching can be done by either operating the zig module or using additional software to control the operation.
IV. Discussion
In this section, we compare the advantages and disadvantages of our proposed improve laser probes.
Before making the comparison, we describe some notations to compare two proposed ideas.
Table 1. Notation
Table 2. shows the comparison between the existing laser probes, in this case it is EzLaze-3 and the proposed idea. The performance is shown in terms of energy, repetition rate, wavelength, spot size and so on. EzLaze-3 gives lower energy which ranges from 0.5mJ to 2.5mJ; whereby the proposed dual-mode laser probe gives 20mJ (20mW). The repetition rate of the proposed idea gives up to 5 times over EzLaze-3, and 2 times better in terms of wavelength, which is 1064nm. The spot size of EzLaze-3; in the sense how accurate the laser probe can focus, ranges from 2×2㎛ to 50×50㎛ and 1×1㎛ for the proposed idea. The main difference that makes the proposed idea advantageous is the laser switching function, controlled by auxiliary devices (zig module).
Table 2. Specification comparison between EzLaze-3[11] and propose idea for fault injection
Table 3. shows the feature comparison between the proposed improves laser probes. In case 1, if we used Diode laser for Laser-Ⅱ, we can obtain high speed in terms of number of times in a given duration, and high energy. But the problem is that it is not cost-effective and the overall size is large. In addition, microscope eyepiece is not made available, and an additional CCD camera installation is needed. In case 2, if we used fiber laser for Laser-Ⅱ, similarly, it can support the high speed but it produces low energy.
Table 3. Feature comparison between proposed improve laser probe ideas
However, Fiber laser is cheaper than Diode laser and possible to use the microscope eyepiece. Moreover, the large size problem can be overcome in this case.
On the other hand, Table 4. shows the feature comparison between three different types of lasers. We can see that fiber laser has more advantages (such as extremely compact design, maintenance free operation, allows for easy integration into production and minimal floor space requirements, etc.) over Nd:YAG laser and CO2 laser. The main advantages that make fiber laser superior to other lasers are as follows. 1) It has high optical efficiency which is up to 30% more power efficient than Nd:YAG which gives only 5% and 10% for CO2. 2) It has better degree of integration into production with minimal floor space, and good air-cooling system (no water chiller required-cost and energy savings). 3) It gives a good quality of laser beam in terms of power with low mean time between failure. 4) It has a good reliability and maintenance free operation, which means there is no cleaning or optical alignment process required for optimum power output.
Table 4. Feature comparison between different lasers[12]
V. Conclusion
In this paper, the research on different fault injection tools was studied. The main concept of the idea to improve the laser probe is through utilizing existing equipment. The proposed laser probe can be divided into two parts, which are Laser-I for laser cutting, and Laser-II for fault injection. We study the advantages of existing equipment, and consider the significant parameters such as energy, repetition rate, wavelength, etc. The features and advantages of proposed laser probes are compared. In case 1, Diode laser for Laser-II gives a high speed but it is not cost-effective, and the size is large. It is not made available to use the microscope eyepiece, and an additional CCD camera installation is needed. In case 2, fiber laser is used for Laser-II, which can support high speed and it is cost-effective. The common problem that both the cases are facing is low energy production. Lastly, three different types of lasers are compared and advantages are studied.
Through this research, we study the existing laser probes which are considered efficient enough presently. However, the evolution of the techniques and equipment is moving fast forward. The proposed technique is to utilize and enhance existing equipment, in order to acquire the most efficient tool for the fault injection purpose.
This research contributes to recent technology, trends, and understandings in fault-injection attack with FA tools accuracy and countermeasure. In addition, this research idea can be adapted according to the environment and industries. The development of countermeasures against invasive attack and non-invasive attack is concerned.
참고문헌
- A.J. Meneze, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, Oct. 1996.
- R. Anderson and M. Kuhn, "Low cost attacks on tamper resistant devices," Proceedings of the 5th International Workshop on Security Protocols, pp. 125-136, Apr. 1997.
- D. Boneh, R. DeMillo, and R. Lipton, "On the importance of eliminating errors in cryptographic computations," Journal of Cryptology, vol. 14, no. 2, pp. 101-119, Nov. 2001. https://doi.org/10.1007/s001450010016
- E. Biham and A. Shamir, "Differential Fault Analysis of Secret Key Cryptosystems," in proceedings of CRYPTO'97, LNCS 1294, pp. 513-525, Aug. 1997.
- D. Boneh, R. DeMillo, and R. Lipton, "On the importance of checking cryptographic protocols for faults," in proceedings of EUROCRYPT'97, LNCS 1233, pp. 37-51, May, 1997.
- F. Bao, R.H. Deng, Y. Han, A. Jeng, A.D. Narasimhalu, and T. Ngair, "Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults," Proceedings of the 5th International Workshop on Security Protocols, Springer-Verlag London, pp. 115-124, Apr, 1997.
- A.K. Lenstra, "Memo on RSA signature generation in the presence of faults," Manuscript, September. 1996. Available from Author at arjen.lenstra@citicorp.com
- Mei-Chen Hsueh, T.K. Tsai, and R.K. Iyer, "Fault Injection Techniques and Tools," IEEE Computer, Vol. 30, Issue. 4, pp. 75-82, Apr. 1997.
- Wikipedia, Failure analysis, http://en.wikipedia.org/wiki/Failure_analysis
- Wikipedia, Laser, http://en.wikipedia.org/wiki/Laser
- New Wave Research, http://www.esi.com/Products/NewWaveResearch.aspx.
- GNTECH, http://gn-tech.net
- G.R. Gordon, "The LASER, Light Amplification by Stimulated Emission of Radiation," The Ann Arbor Conference on Optical Pumping, Jun. 1959.
- HoonJae Lee, "A study on generalization of Fault-Injection Analysis tools," 2013-046, Dongseo University Industry-Academic Cooperation Foundation, 2013.