From physical stresses to timing constraints violation by Zussa, Loïc et al.
From physical stresses 
to timing constraints violation 
• ZUSSA Loïc, 
• DUTERTRE Jean-Max, 
• CLEDIERE Jessy, 
• TRIA Assia 
Research subject 
•  Caracterization and analysis of common fault injection 
mechanism 
2 
Today’s subject 
•  Power glitches fault injection mechanism 
 Analysis and practice 
Agenda 
•  Timing constraints of synchronous digital IC 
•  Static stresses (global effect) 
•  Transient stresses 
•  Conclusion 
3 
4 
D Q D Q 
Logic 
clk 
data 1 1 
1 1 
Dffi Dffi+1 Dclk!Q 
DpMax 
Tclk + Tskew - δsu 
data required time =   Tclk + Tskew - δsu  
data arrival time  =   Dclk!Q + DpMax 
Tclk >  Dclk!Q + DpMax - Tskew + δsu 
Upstream Downstream 
How to inject faults through timing constraints 
violation? 
•  Overclocking: (Frequency increase, i.e. period decrease) 
5 
Tclk <  Dclk!Q + DpMax - Tskew +δsu 
•  Underpowering or overheating: (Propagation time increase) 
Tclk <  Dclk!Q + DpMax - Tskew +δsu 
Target 
•  Platform: FPGA Spartan 3A 
•  Algorithm: AES 128 bit 
none-secure implementation 
•  Frequency: 100 MHz 
•  Power supply: 1.2V 
6 
Experimental proof 
Common fault injection means 
•  Clock stress (overclocking) 
•  Power stress (underpowering) 
•  Overheating 
7 
A common mechanism ! 
⇒ Timing constraints 
violations. 
•  10,000 input dataset 
•  Critical path faulted 
DCIS 2012 - ,,,,,, 
8 
Issues 
•  Low timing resolution 
Transient perturbations 
•  Clock glitch 
•  Power supply glitch 
9 
Questions 
•  Injection mechanism? Timing violation? 
•  Achievable resolution? 
10 
Clock glitch 
Glitchy clk 
Tclk - ΔT 
•  35ps resolution 
•  Global effect 
•  Timing constraints violation (obvious) 
•  A tool for critical time measurement 
•  Used to build a template/reference library 
To be compared, 
Power glitch: Ideal 
11 
Power glitch: Input capacitance 
12 
10ns 
80ns 
Power glitch: impedance adaptation 
13 
10ns 
40ns 
Power glitch: Input capacitance 
14 
10ns 
40ns 
 
100ns 
15-20ns 
15 
Spartan 3A 
Power glitch: impedance adaptation 
16 
Power glitch 
•  Target a specific 
round but also affect 
the neighboring 
rounds, 
17 
1,2V 
1V •  Global offset must be 
added. 
70%  20%  
18 
Power glitch 
•  Analysis of injected faults: 
 70% identical to clock glitch injection 
 20% neighboring rounds 
 10% the second most critical path of the round 
   
•  Conclusion: Clock and power glitch induced faults are due 
to timing constraints violation  
•  >90% single-bit fault 
A spatial effect component? 
Linked to voltage transient propagation 
through the power supply grid 
19 
•  Voltage decrement => critical path increase  
20 
Metastability 
Data-dependency 
Underpowering 
21 
time 
vo
lt
ag
e 
VDD 
time 
vo
lt
ag
e VDD 
Gnd 
bounce 
Power glitch 
=> Timing violation 
time 
vo
lt
ag
e 
VDD 
•  Injection mechanism? 
•  Overclocking, underpowering, overheating generate 
exactly the sames faults => same mechanism, 
•  Static stresses give accurate results BUT random 
temporal localization, 
•  Transient stresses give a better temporal localization 
BUT inducing spactial effect, 
•  Indepth investigation are going to explain these spatial 
effects. 
22 
23 
0 
10 
20 
30 
40 
50 
60 
70 
80 
90 
100 
8405 8440 8475 8510 8545 8580 8615 8650 8685 8720 8755 8790 8825 8860 8895 8930 8965 9000 
Fa
ul
t o
cc
ur
re
nc
e 
ra
te
 (%
) 
Clock period (ps) 
Setup 
violation 
Early latching No fault 
≈ 180 ps 
Overclocking 
•  Fault occurrence rate vs applied stress 
Overheating  
24 
Metastability 
Data-dependency 
•  Temperature increase => critical path increase  
25 
δset-up δhold 
Dclk!Q 
logic glitches 
DpMax 
Dclk!Q 
Timing constraint fulfilled 
Qdownstream 
clk 
Qupstream 
Ddownstream 
26 
δset-up δhold 
Qdownstream 
Setup time violation (i.e. timing constraint violation) : 
 ⇒ metastability (non-deterministic) 
 ‘1’ OR ‘0’ ? 
Dclk!Q 
clk 
Qupstream 
Dclk!Q 
logic glitches 
DpMax 
Ddownstream 
27 
δset-up δhold 
Dclk!Q 
Dclk!Q 
logic glitches 
DpMax 
Timing constraint violation : 
Early latching (deterministic) 
Qdownstream 
clk 
Qupstream 
Ddownstream 
28 
δset-up δhold 
Dclk!Q 
logic glitches 
DpMax 
Dclk!Q 
Timing constraint fulfilled 
Qdownstream 
clk 
Qupstream 
Ddownstream 
29 
δset-up δhold 
Dclk!Q 
logic glitches 
DpMax 
Dclk!Q 
Perturbation 
 ‘1’ OR ‘0’ ? 
Setup time violation (i.e. timing constraint violation) : 
 ⇒ metastability (non-deterministic) 
Qdownstream 
clk 
Qupstream 
Ddownstream 
30 
δset-up δhold 
Dclk!Q 
logic glitches 
DpMax 
Perturbation 
Dclk!Q 
Timing constraint violation : 
Early latching (deterministic) 
Qdownstream 
clk 
Qupstream 
Ddownstream 
31 
EM pulse 
Round Exe 
Key Exp 
FSM 
7 mm 
7 
m
m
 
Faulted 
 bytes 
Faults cartography 
Context 
•  Many of our daily used electronic devices embed 
cryptographic features, 
•  Often targeted by malicious attackers, 
•  Indepth understanding of attack means is needed to protect 
properly these devices. 
32 
•  Josep Balasch, Benedikt Gierlichs, and Ingrid Verbauwhede. An indepth and black-box characterization of the 
effects of clock glitches on 8-bit mcus. 2011. 
•  H. BarEl, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan. The sorcerer’s apprentice guide to fault 
attacks. 2006. 
•  Alessandro Barenghi, Guido Bertoni, Luca Breveglieri, Mauro Pellicioli, and Gerardo Pelosi. Low voltage fault 
attacks to aes.  2010. 
•  E. Biham and A. Shamir. Differential fault analysis of secret key cryptosystems. 1997. 
•  D. Boneh, R.A. DeMillo, and R.J. Lipton. On the importance of checking cryptographic protocols for faults.  
1997. 
•  Eric Brier, Christophe Clavier, and Francis Olivier. Correlation power analysis with a leakage model. 2004.  
•  D. Ha, K. Woo, S. Meninger, T. Xanthopoulos, E. Crain, and D. Ham. Time-domain cmos temperature sensors 
with dual delay-locked loops for microprocessor thermal monitoring. 2011. 
•  J.U. Horstmann, H.W. Eichel, and R.L. Coates. Metastability behavior of cmos asic flip-flops in theory and test. 
1989. 
•  Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. 1999. 
•  Oliver K¨ommerling and Markus G. Kuhn. Design principles for tamperresistant smartcard processors. 1999. 
•  Yang Li, Kazuo Ohta, and Kazuo Sakiyama. New fault-based sidechannel attack using fault sensitivity.  2012. 
•  N. Selmane, S. Bhasin, S. Guilley, and J.L. Danger. Security evaluation of asics and field programmable gate 
arrays against setup time violation attacks. 2011. 
•  Sung-Ming Yen and Marc Joye. Checking before output may not be enough against fault-based cryptanalysis.  
2000. 
33 
Inverter : 
34 
•  Power Supply. 
  VDD      => tpLH  
•  Mobility :  
temperature dependent. 
 T°    => tpLH  
  (generally) 
