Design and validation of a platform for electromagnetic fault injection

Security is acknowledged as one of the main challenges in the design and deployment of embedded circuits. Devices need to operate on-the-field safely and correctly, even when at physical reach of potential adversaries. One of the most powerful techniques to compromise the correct functioning of a device are fault injection attacks. They enable an active adversary to trigger errors on a circuit in order to bypass security features or to gain knowledge of security-sensitive information. There are several methods to induce such errors. In this work we focus on the injection of faults through the electromagnetic (EM) channel. In particular, we document our efforts towards building a suitable platform for EM pulse injection. We design a pulse injection circuit that can provide currents over 20 A to an EM injector in order to generate abrupt variations of the EM field on the vicinity of a circuit. We validate the suitability of our platform by applying a well-know attack on an embedded 8-bit microcontroller implementing the AES block cipher. In particular, we show how to extract the AES secret cryptographic keys stored in the device by careful injection of faults during the encryption operations and simple analysis of the erroneous outputs.Peer ReviewedPostprint (published version

RRAM serial configuration for the generation of random bits

Peer ReviewedPostprint (published version

RRAM Based Random Bit Generation for Hardware Security Applications

© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Resistive random access memories (RRAMs) have arisen as a competitive candidate for non-volatile memories due to their scalability, simple structure, fast switching speed and compatibility with conventional back-end processes. The stochastic switching mechanism and intrinsic variability of RRAMs still poses challenges that must be overcome prior to their massive memory commercialization. However, these very same features open a wide range of potential applications for these devices in hardware security. In this context, this work proposes the generation of a random bit by means of simultaneous write operation of two parallel cells so that only one of them unpredictably switches its state. Electrical simulations confirm the strong stochastic behavior and stability of the proposed primitive. Exploiting this fact, a Physical Unclonable Function (PUF) like primitive is implemented based on modified 1 transistor - 1 resistor (1T1R) array structure.Peer ReviewedPostprint (published version

Random masking interleaved scrambling technique as a countermeasure for DPA/DEMA attacks in cache memories

Memory remanence in SRAMs and DRAMs is usually exploited through cold-boot attacks and the targets are the main memory and the L2 cache memory. Hence, a sudden power shutdown may give an attacker the opportunity to download the contents of the memory and extract critical data. Side-channel attacks such as differential power or differential electromagnetic analysis have proven to be very effective against memory security. Furthermore, blending cold-boot attacks with DPA or DEMA can overpower even a high-level of security in cache or main memories. In this scope, data scrambling techniques have been explored and employed to improve the security, with a minor penalty in performance. Enforcing security techniques and methods in cache memories is risky because any substantial reduction in the cache memory speed might be devastating to the CPU, which is why the performance penalty must be minimal. In this paper, we introduce an improved scrambling technique which uses random masking of the scrambling vector and it is designed to protect cache memories against cold-boot and differential power or electromagnetic attacks. The technique is analyzed in terms of area, power and speed, while the level of security is evaluated through adversary models and simulated attacks

8T SRAM Cell with Open Defects under Voltage and Timing Variations

Postprint (published version

Impact of laser attacks on the switching behavior of RRAM devices

The ubiquitous use of critical and private data in electronic format requires reliable and secure embedded systems for IoT devices. In this context, RRAMs (Resistive Random Access Memories) arises as a promising alternative to replace current memory technologies. However, their suitability for this kind of application, where the integrity of the data is crucial, is still under study. Among the different typology of attacks to recover information of secret data, laser attack is one of the most common due to its simplicity. Some preliminary works have already addressed the influence of laser tests on RRAM devices. Nevertheless, the results are not conclusive since different responses have been reported depending on the circuit under testing and the features of the test. In this paper, we have conducted laser tests on individual RRAM devices. For the set of experiments conducted, the devices did not show faulty behaviors. These results contribute to the characterization of RRAMs and, together with the rest of related works, are expected to pave the way for the development of suitable countermeasures against external attacks.Postprint (published version

Impact of gate tunnelling leakage on CMOS circuits with full open defects

Electronics Letter of the MonthInterconnecting lines with full open defects become floating lines. In nanometric CMOS technologies, gate tunnelling leakage currents impact the behaviour of these lines, which cannot be considered electrically isolated anymore. The voltage of the floating node is determined by its neighbours and leakage currents. After some time an equilibrium is reached between these effects. Theoretical analysis and experimental evidence of this behaviour are presented.Peer ReviewedAward-winningPostprint (published version

Unpredictable bits generation based on RRAM parallel configuration

In this letter a cell with the parallel combination of two TiN/Ti/HfO2/W resistive random access memory (RRAM) devices is studied for the generation of unpredictable bits. Measurements confirm that a simultaneous parallel SET operation in which one of the two RRAMs switches to the low resistance state (LRS) is an unpredictable process showing random properties for different sets of cells. Furthermore, given a device pair, the same device switches during subsequent write operations. The proposed cell is also analyzed under different current compliances and pulse widths with the same persistent behavior being observed. The features of the proposed cell, which provide data obfuscation without compromising reliability, pave the way for its application in Physical Unclonable Functions (PUFs) for hardware security purposes.Peer ReviewedPostprint (author's final draft

True random number generator based on RRAM-bias current starved ring oscillator

This work presents a RRAM-bias current starved ring oscillator (CSRO) as TRNG, where the cycle-to-cycle variability of a RRAM device is exploited as source of randomness. A simple voltage divider composed of this RRAM and a resistor is considered to bias the gate terminal of the extra transistor of every current starved (CS) inverter of the RO. In this way, the delay of the inverters is modified, deriving an unpredictable oscillation frequency every time the RRAM switches to the HRS. The oscillation frequency is finally leveraged to extract the sequence of random bits. The design is simple and add low area overhead. Experimental measurements are performed to analyze the cycle-to-cycle variability in the HRS. The very same measurements are subsequently used to validate the TRNG by means of electrical simulations. The obtained results passed all the NIST tests without the need for post-processing.This work was supported by the Spanish MCIN/AEI/10.13039/501100011033 under Project PID2019-103869RB-C33. The work of M. B. González was supported by the Ramón y Cajal under Grant RYC2020-030150-I.Peer ReviewedPostprint (published version