Figure of merits of 28nm Si technologies for implementing laser attack resistant security dedicated circuits

International audienceAmong all means to attack a security dedicated circuit, fault injection by means of laser illumination is a very efficient one. The laser beam creates electrons/holes pairs along its way through the silicon. The collection of these charges creates a transient current and thus may induce a fault in the circuit. Nevertheless the collection efficiency depends on various parameters including the technology used to implement the circuit. Here, up-to-date Bulk and Fully Depleted Silicon on Insulator (FD-SOI) 28nm technologies are compared in terms of sensitivity against laser injection. It comes out that FD-SOI structures show less sensitivity to laser injection and thus should be further explored for security dedicated circuits implementations

Formal verification of a software countermeasure against instruction skip attacks

Fault attacks against embedded circuits enabled to define many new attack paths against secure circuits. Every attack path relies on a specific fault model which defines the type of faults that the attacker can perform. On embedded processors, a fault model consisting in an assembly instruction skip can be very useful for an attacker and has been obtained by using several fault injection means. To avoid this threat, some countermeasure schemes which rely on temporal redundancy have been proposed. Nevertheless, double fault injection in a long enough time interval is practical and can bypass those countermeasure schemes. Some fine-grained countermeasure schemes have also been proposed for specific instructions. However, to the best of our knowledge, no approach that enables to secure a generic assembly program in order to make it fault-tolerant to instruction skip attacks has been formally proven yet. In this paper, we provide a fault-tolerant replacement sequence for almost all the instructions of the Thumb-2 instruction set and provide a formal verification for this fault tolerance. This simple transformation enables to add a reasonably good security level to an embedded program and makes practical fault injection attacks much harder to achieve

Experimental validation of a Bulk Built-In Current Sensor for detecting laser-induced currents

International audience—Bulk Built-In Current Sensors (BBICS) were developed to detect the transient bulk currents induced in the bulk of integrated circuits when hit by ionizing particles or pulsed laser. This paper reports the experimental evaluation of a complete BBICS architecture, designed to simultaneously monitor PMOS and NMOS transistors, under Photoelectric Laser Stimulation (PLS). The obtained results are the first experimental proof of the efficiency of BBICS in laser fault injection detection attempts. Furthermore, this paper highlights the importance of BBICS tapping in a sensitive area (logical gates) for improved laser detection. It studies the performances of this BBICS architecture and suggests modifications for its future implementation

SEU sensitivity and modeling using picosecond pulsed laser stimulation of a D Flip-Flop in 40 nm CMOS technology

International audience—This paper presents the design of a CMOS 40 nm D Flip-Flop cell and reports the laser fault sensitivity mapping both with experiments and simulation results. Theses studies are driven by the need to propose a simulation methodology based on laser/silicon interactions with a complex integrated circuit. In the security field, it is therefore mandatory to understand the behavior of sensitive devices like D Flip-Flops to laser stimulation. In previous works, Roscian et al., Sarafianos et al., Lacruche et al. or Courbon et al. studied the relations between the layout of cells, its different laser-sensitive areas and their associated fault model using laser pulse duration in the nanosecond range. In this paper, we report similar experiments carried out using a shorter laser pulse duration (30 ps instead of 50 ns). We also propose an upgrade of the simulation model they used to take into account laser pulse durations in the picosecond range on a logic gate composed of a large number of transistors for a recent CMOS technology (40 nm)

Layered architecture for quantum computing

We develop a layered quantum computer architecture, which is a systematic framework for tackling the individual challenges of developing a quantum computer while constructing a cohesive device design. We discuss many of the prominent techniques for implementing circuit-model quantum computing and introduce several new methods, with an emphasis on employing surface code quantum error correction. In doing so, we propose a new quantum computer architecture based on optical control of quantum dots. The timescales of physical hardware operations and logical, error-corrected quantum gates differ by several orders of magnitude. By dividing functionality into layers, we can design and analyze subsystems independently, demonstrating the value of our layered architectural approach. Using this concrete hardware platform, we provide resource analysis for executing fault-tolerant quantum algorithms for integer factoring and quantum simulation, finding that the quantum dot architecture we study could solve such problems on the timescale of days.Comment: 27 pages, 20 figure

Laser Fault Injection into SRAM cells: Picosecond versus Nanosecond pulses

International audience—Laser fault injection into SRAM cells is a widely used technique to perform fault attacks. In previous works, Roscian and Sarafianos studied the relations between the layout of the cell, its different laser-sensitive areas and their associated fault model using 50 ns duration laser pulses. In this paper, we report similar experiments carried out using shorter laser pulses (30 ps duration instead of 50 ns). Laser-sensitive areas that did not appear at 50 ns were observed. Additionally, these experiments confirmed the validity of the bit-set/bit-reset fault model over the bit-flip one. We also propose an upgrade of the simulation model they used to take into account laser pulses in the picosecond range. Finally, we performed additional laser fault injection experiments on the RAM memory of a microcontroller to validate the previous results