(Adversarial) Electromagnetic Disturbance in the Industry

Abstract

Faults occur naturally and are responsible for reliability concerns. Faults are also an interesting tool for attackers to extract sensitive information from secure chips. In particular, non-invasive fault attacks have received a fair amount of attention. One easy way to perturb a chip without altering it is the so-called Electromagnetic Fault Injection (EMFI). Such attack has been studied in great depth, and nowadays, it is part and parcel of the state-of-the-art. Indeed, new capabilities have emerged where EM experimental benches are used to cryptanalyze chips. The progress of this “field” is fast, in terms of <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">reproducibility</i> , <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">accuracy</i> , and <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">number of use-cases</i> . However, there is too little awareness about such advances. In this paper, we aim to expose the true harmfulness of EMFI (including reproducibility) to enable reasonable security quotations. We also analyze protections (at hardware/firmware/system levels) in light of their efficiency. We characterize the specificity of EM fault injection compared to other injection means (laser, glitch, probing).