Evaluation of a target’s fault injection resilience has typically three phases: target profiling, setup creation and the search for a successful glitch. During target profiling the evaluator learns as much as possible about the target via data sheets, test programs, back side imaging or direct investigation of the target (e.g. find available signals). The creation of the evaluation setup includes choosing the method of evaluation(clock, voltage, optics, transient pulse, etc), the information stream, which maximizes learning of the unknown or unexpected behavior of the target, and last but not least managing the information stream coming from the setup, which includes sanity check of the tools and simplification of the setup.
The third phase is searching for a (successful) fault, a random process where the number of parameters used determines the complexity of the search and indirectly the conclusions of the target fault injection resilience.
The three phases are the same for both basic FI evaluations (which we introduce in the fault injection training) and complex FI evaluations. We use the term basic evaluation to describe testing the FI resilience of a target against a single fault/glitch, single trigger and simple/static trigger (rising edge of SPI). In contrast, a complex evaluation may have multiple, dynamic triggers (random patterns in the signal), the testing may involve resilience against multiple faults and strategies for directing the search for a successful faults are typically used. The key differentiator between a simple and a complex evaluation is the type and amount of information available, the countermeasures present on the target, the tools available and last but not least the creativity and knowledge of the attacker.
In this training we focus exclusively on complex FI attacks. We begin with an overview of the state-of-art tools and attacks. Next, you learn to design and build a setup which can carry out a complex FI attack and use tools that allow decisions to be made in real-time. During the deep analysis sessionwe use visualization, post-processing and filtering of the results to direct the search during the third phase of a fault injection evaluation. The FI in the dark session shows that side channel analysis can be an additional source of information which gives insights into the behavior of the target.
Want to know more? Download the flyer here . Or send us an email for more information.
You selected to get the course Advanced FI, September 26-2... (20190926). Please Login or Signup to get it.