Fault simulator tackles intrusive hacks

By Chris Edwards |  No Comments  |  Posted: July 11, 2022
Topics/Categories: Blog - EDA  |  Tags: , , , ,  | Organizations:

Nazareth-based Optima Design Automation is turning its high-throughput fault-simulation technology to the problem of verifying that hardware designs can survive intrusive fault-injection attacks without giving up important secrets.

Jamil Mazzawi, founder and CEO of Optima DA, said the main aim of the company’s Optima-SEC is to check whether attacks designed to upset the correct operation of cryptoprocessors and reveal information about the secret keys they operate on.

A common line of defence in these situations is to use protection circuitry to detect attacks and reset or shut down the processor until the normal operation is restored. Typical attacks are to reduce the operating voltage to where logic will not switch properly, increase the clock to cause combinatorial chains fail to complete or even laser or electromagnetic attacks to flip the states of registers directly.

“How do you verify the protection mechanism inside the chip? That’s the challenge that we are solving,” Mazzawi claimed.

There are many difficulties with this kind of verification, he explained. “Even if someone aims a laser at a certain position in the chip, you don’t know how strong beam will be, when it will start working, and during which cycle within the operation of the chip? How many flops it will impact at the same time? Will it drive the values to zeros or to one? Will it impact them at all or not? So the hacks can be very random in their nature and impact the chip in a very different ways.

“For doing verification, what we discovered that what people want is really a kind of fault simulation, because we are simulating how the chip will behave under different fail failure or fault conditions. And that’s the basis of our solution,” Mazzawi added. “Optima has already developed fault simulation technology that we are using very successfully for safety. We thought, OK, let’s adapt our technology to match the special needs of security. We call it fast fault-attack simulation. The different fault attacks all cause the chip to behave in different way that may lead to a failure and that’s what we are modeling ”

Attack range

Verification using this method involves simulating the behavior of logic cells deemed to be in range of the different attacks, each one with its own profile of how bits in registers tend to flip or fail to change state as expected. For a laser attack, for example, the modelling involves deciding on a radius of impact and then randomly flipping bits within that area. A series of analyses will attempt different placements. The user can control the profiles of attacks and control the kinds of faults the tool will inject. Optima is working with partners to determine how different types of attack trigger faults.

“We simulate what happens: did the information leak or not and did the detection mechanism identify that there is attack or not. Because of the speed of our fault simulator, we can do millions of such simulations.”

One issue with verifying circuit behavior early on is the way effects can be localized in space, though others such as power attacks might be less focused. The fault simulator can work with schematics before layout information is available, using the connectivity to determine how likely flops will be close to each other. Gates in the design can also be tagged to show whether they are part of the crypto or protection logic or whether they are outside the circuitry that needs to be analyzed for robustness.

“What we’ve done in safety and what we also do in security is to allow a flow that can work as early as RTL in the beginning, but one that you can rerun at the end once you have the layout information,” Mazzawi said.

The initial form of the tool determines whether the protection logic behaves as expected. “The basic mode that we support now is to check changes on certain outputs. An unwanted change, we consider it as a failure,” Mazzawi said, but there are plans to look at information leakage that can reveal key bits. “We would measure without an attack and then with to see how much it’s caused power to change. If it is above a certain threshold, then there’s a failure.”

Leave a Comment


Synopsys Cadence Design Systems Siemens EDA
View All Sponsors