Fault Injection, A Fast Moving Target in Evaluations

Differential Fault Analysis has been known since 1996 (Dan Boneh, Richard A. DeMillo and Richard J. Lipton, "The Bellcore Attack") [1]. Before that, the implementa tions of cryptographic functions were developed without the awareness of fault analysis attacks. The first fault injection set-ups produced single voltage glitches or single light flashes at a single location on the silicon. A range of countermeasures has been developed and applied in cryptographic devices since. But while the countermeasures against perturbation attacks were being developed, attack techniques also evolved. The accuracy of the timing was improved, multiple light flashes were used to circumvent double checks, perturbation attacks were being combined with side channels such as power consumption and detection methods developed to prevent chips from blocking after they detected the perturbation attempt. Against all these second generation attack methods new countermeasures were developed. This raised the level of security of secure microcontroller chips to a high level, especially compared to products of ten years ago. The certification schemes are mandating more and more advanced tests to keep secure systems secure in the future. One of the latest requirements is light manipulation test using power consumption waveform based triggering with multiple light flashes at multiple locations on the silicon. If attack scenarios that are as complicated as this one are in scope where will it end? The equipment necessary for the attack is expensive and special software is required. The perturbation attacks that are performed outside security labs and universities are of a different level.