FPGA-based mimicking of cryptographic device hacking through fault injection attacks

Cryptographic algorithms are at the core of secure communications applications. To improve computation speed and power consumption, it is common for these algorithms to be implemented into application-specific hardware processors, for example in Smart Cards. As with any other digital circuit, the internal memory elements, such as flip-flops, of these digital implementations can flip their value when the silicon is subjected to ionizing radiation or a high-energy light source. Hackers exploit this behavior by using laser light to perform what are commonly called fault attacks. After injecting the fault, the attacker records the faulty output pattern and performs specific post-processing operations which allow him to determine some bits of the internal encryption key. Repeating this process for different plain texts, a malicious actor can obtain the complete encryption key, or enough bits that a brute-force attack over the remaining bits becomes feasible. The present paper explores how to reproduce fault injection attacks on a cryptographic core implemented physically in an FPGA. Reproducing the fault attacks in the FPGA implementation will allow engineers to better study and implement mitigations and protections against these kinds of attacks in future designs.