Role of Laser-Induced IR Drops in the Occurrence of Faults: Assessment and Simulation

Abstract

Laser fault injection attacks induce transient faults into ICs by locally generating transient currents capable of temporarily flipping the outputs of logic gates. Laser fault injection may be anticipated or studied by using simulation tools at different abstraction levels: physical, electrical or logical. At the electrical level, the general laser-fault injection model is based on the addition of current sources to the various sensitive nodes of CMOS transistors. This type of electrical model does not take into account the large transient current components also induced between VDD and GND as a result of laser illumination. Such current components have no direct effect on the logic gate output nodes. Still, they provoke a significant IR-drop that may, in turn, contribute to the fault injection process. This paper describes our research on the assessment of this contribution. It introduces an upgraded electrical model taking the laser-induced IR-drop into account. It also proposes a methodology that allows the model’s use to simulate laser-induced faults at electrical level in large-scale circuits. On the basis of simulations with a case-study circuit, we found that, depending on the parameters of the laser pulse, the number of injected faults may be underestimated by a factor as large as 48 if the laser-induced IR-drop is ignored. This may lead to incorrect estimations of the fault injection threshold, which is especially relevant for the design of countermeasure techniques for secure integrated systems.