# Characterizing and Modeling Clock-Glitch Fault Injection

#### Amélie Marotta

Ronan Lashermes, Olivier Sentieys, Rachid Dafali, Guillaume Bouffard

amelie marotta@inria.fr



Ínría\_

JAIF2023 1/27

- ightarrow Electromagnetic fault injection has an impact on clock signals  $^1$
- $\rightarrow$  TRAITOR, a many-fault injection tool, that uses clock glitches, recreates this impact
- ⇒ Which fault model apply to TRAITOR?

JAIF2023 2 / 27

<sup>&</sup>lt;sup>1</sup>(Electromagnetic fault injection: the curse of flip-flops, Sébastien Ordas, Ludovic Guillaume-Sage, Philippe Maurine)

Fault model at:

AIF2023 3 / 27

### Fault model at:

- microarchitecture level
  - $\rightarrow$  program execution

JAIF2023 3 / 27

### Fault model at:

- microarchitecture level
  - $\rightarrow$  program execution
- register-transfer level
  - $\rightarrow$  bit-flip, stuck-at-0 or -1

JAIF2023 3/27

### Fault model at:

- microarchitecture level
  - → program execution
- register-transfer level
  - $\rightarrow$  bit-flip, stuck-at-0 or -1
- physical level
  - ightarrow logic gates, registers

JAIF2023 3/27

#### Fault model at:

- microarchitecture level
  - → program execution
- register-transfer level
  - $\rightarrow$  bit-flip, stuck-at-0 or -1
- physical level
  - $\rightarrow$  logic gates, registers

JAIF2023 3 / 27

### **TRAITOR**



TRAITOR: A Low-Cost Evaluation Platform for Multifault Injection. Ludovic Claudepierre, Pierre-Yves Péneau, Damien Hardy, Erven Rohou.

JAIF2023 4/27

### **TRAITOR**

Generation of clk\_glitched:



TRAITOR: A Low-Cost Evaluation Platform for Multifault Injection. Ludovic Claudepierre, Pierre-Yves Péneau, Damien Hardy, Erven Rohou.

JAIF2023 5 / 27

### **TRAITOR**



MF2023 6 / 27



JF2023 7 / 27



Experiment set-up:

- $\rightarrow$  Artix-7
- $\rightarrow$  faults injected from amp. 0

JAIF2023 8 / 27



AIF2023 9 / 27



Phase 1 (amp. 0 à X): all registers are faulted

JAIF2023 9 / 27



Phase 1 (amp. 0 à X): all registers are faulted

Phase 2 (amp. X+1 à X+k): some registers remain faulted, some registers become unfaulted

⇒ fault sensitivity

JAIF2023 9/27



Phase 1 (amp. 0 à X): all registers are faulted

Phase 2 (amp. X+1 à X+k): some registers remain faulted, some registers become unfaulted

⇒ fault sensitivity

Phase 3 (> amp X+k): all registers are unfaulted

JAIF2023 9 / 27

### Hypotheses

- 1) TRAITOR's fault model is the *Timing Fault Model*.
- 2 TRAITOR's fault model is the Sampling Fault Model.

JAIF2023 10 / 27

### Timing Fault Model?

#### Timing Fault Model:





#### TRAITOR's Fault Model:





Electromagnetic Transient Faults Injection on a hardware and a software implementation of AES. Amine Dehbaoui, Jean-Max Dutertre, Bruno Robisson, Assia Tria

JAIF2023 11 / 27

## Sampling Fault Model?

#### Sampling Fault Model:



Clk D

#### TRAITOR's Fault Model:





Modeling and Simulating Electromagnetic Fault Injection. Mathieu Dumont, Mathieu Lisart, Philippe Maurine

JAIF2023 12 / 27

## Hypotheses

- 1) TRAITOR's fault model is the Timing Fault Model. imes
- (2) TRAITOR's fault model is the Sampling Fault Model. imes
- 3 Energy-threshold Fault Model. For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold.

F2023 13 / 27

# Energy-threshold Fault Model



Impact of the glitched clock on one register

JAIF2023 14 / 27

## Hypotheses

- $\stackrel{\textstyle lue{1}}{}$  TRAITOR's fault model is the Timing Fault Model. imes
- 2 TRAITOR's fault model is the Sampling Fault Model. ×
- 3 Energy-threshold Fault Model. For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold.
- 4 Fault sensitivity variation. The fault sensitivity only depends on the register.



IF2023 15 / 27

# Fault sensitivity variation: configuration 1



IF2023 16 / 27

# Fault sensitivity variation: configuration 2



AIF2023 17 / 27

# Fault sensitivity variation



JAIF2023 18 / 27

## Fault sensitivity variation

4 Fault sensitivity variation. The fault sensitivity only depends on the register.



New hypothesis: the only thing that changes is the routing between registers... does it influence the glitched clock?

.IF2023 19 / 27

## Hypotheses

- $\stackrel{\textstyle 1}{}$  TRAITOR's fault model is the Timing Fault Model. imes
- 2 TRAITOR's fault model is the Sampling Fault Model. ×
- 3 Energy-threshold Fault Model. For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold. √
- 4 Fault sensitivity variation. The fault sensitivity only depends on the register. ×
- (5) Registers and clock routing cross-talk. Data routes influence TRAITOR's glitched clock.
- 6 Inter-clock routing cross-talk. Other clock routing on the same FPGA influences TRAITOR's glitched clock.

IF2023 20 / 27

## Registers and clock routing cross-talk



### Experiment set-up:

- $\rightarrow$  Artix-7
- $\rightarrow\,$  faults injected from amp. 0

JAIF2023 21 / 27

# Registers and clock routing cross-talk



JAIF2023 21 / 27

# Registers and clock routing cross-talk



JAIF2023 21 / 27

### Hypotheses

- $\stackrel{\textstyle ullet}{}$  TRAITOR's fault model is the Timing Fault Model. imes
- (2) TRAITOR's fault model is the Sampling Fault Model. imes
- 3 Energy-threshold Fault Model. For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold.
- 4 Fault sensitivity variation. The fault sensitivity only depends on the register. ×
- 5 Registers and clock routing cross-talk. Data routes influence TRAITOR's glitched clock. ✓
- 6 Inter-clock routing cross-talk. Other clock routing on the same FPGA influences TRAITOR's glitched clock.

AIF2023 22 / 27

## Inter-clock routing cross-talk



### Experiment set-up:

- $\rightarrow$  Artix-7
- $\rightarrow$  faults injected from amp. 0

Registers' behaviour:

- $\rightarrow$  fault sensitivity of singled-out target registers : 21
- → fault sensitivity of other target registers: 22

JAIF2023 23 / 27

## Inter-clock routing cross-talk



### Experiment set-up:

- $\rightarrow$  Artix-7
- $\rightarrow$  faults injected from amp. 0

Registers' behaviour:

- → fault sensitivity of singled-out target registers : 20
- → fault sensitivity of other target registers: 22

JAIF2023 24 / 27

## Hypotheses

- $\stackrel{\textstyle 1}{}$  TRAITOR's fault model is the Timing Fault Model. imes
- 2 TRAITOR's fault model is the Sampling Fault Model. ×
- 3 Energy-threshold fault model. For a DFF to correctly register a clock rising edge, the clock signal is required to be above some energy threshold, combination of a voltage threshold and a width threshold. √
- 4 Fault sensitivity variation. The fault sensitivity only depends on the register. ×
- 5 Registers and clock routing cross-talk. Data routes influence TRAITOR's glitched clock. ✓
- 6 Inter-clock routing cross-talk. Other clock routing on the same FPGA influences TRAITOR's glitched clock. ✓

AIF2023 25 / 27

### Cross-talk



F2023 26 / 27

### Cross-talk



F2023 26 / 27

### Cross-talk



F2023 26 / 27

### Conclusion

### Energy-threshold Fault Model:







- $\rightarrow$  Energy threshold (voltage and width)
- $\rightarrow {\sf Cross-talk} \ ({\sf register/clock} \ {\sf routing} \\ {\sf and} \ {\sf clock/clock} \ {\sf routing})$
- → Explanation for some electromagnetic faults ?

JAIF2023 27 / 27