Fault Attacks on SRAM-based FPGAs: Analysis of Laser-induced Faults in a Virtex-II

Fault Attacks on SRAM-based FPGAs: Analysis of Laser-induced Faults in a Virtex-II V. Maingot, J.B. Ferron, G. Canivet, R. Leveugle TIMA Laboratory Presented by G. Canivet

Outline Introduction Experimental settings Results Conclusion & Perspectives 2

Introduction Increasing use of systems requiring a high level of Safety and/or Security (Pay-TV, Banking, car industry, aeronautics ). Operate under harsh environment Ionizing radiations, particles Intentional perturbations (fault-based attacks). Faults can modify: In ASICs: mainly processed Data. In SRAM-based FPGAs: both Processed Data and Function Definition (configuration errors) 3

Outline Introduction Experimental settings Results Conclusion & Perspectives 4

ATLAS laser testing facility Pulsed laser facility of the IMS Lab from University of Bordeaux Composed: 2 Ultra-short pulsed laser sources Several optical benches Complete set of instrumentation Pulses are focused on the DUT by objectives Laser pulse energy is typically 1nJ. Characteristics for our campaigns Wavelength : 950ŋm Spot size : 5µm Maximum speed: 200µm/s Pulse repetition: 400Hz Multiple laser shots 5

THESIC+ testbed and the DUT Testbed for Harsh Environment Studies on Integrated Circuits Build around 2 FPGAs COM FPGA Leon2 processor Communication Chipset FPGA User Design Ressources available DUT Device Under Test Xilinx Virtex-II XC2V1000 0.15µm CMOS, 8-layer metal 896-pin flip-chip fine-pitch package COM FPGA Chipset FPGA 6

SEFEA ProD : bit-stream analysis tool Bit stream Analysis: Matrix Tile View: View of the configuration memory as a tile array (showing used tiles). Predicted criticality of each configuration bit. Schematic Tile View: resources used in each CLB tile (Interconnections, registers & LUT). Matrix Frame View: matrix tile view with bits grouped by frame. Matrix Frame View Schematic Tile View Matrix Tile View Comparison between 2 bit-streams: Used for fault effect analysis 7

Campaign example 51 Experiments Each experiment: scan of a given area, multiple laser shots Static campaign, several configuration bit-streams Goal: error activations, global view of possible configuration modifications, demonstration of the analysis tool capabilities Future extension: characterization of patterns obtained after single shots 8

Outline Introduction Experimental settings Results Conclusion & Perspectives 9

Repartition of faulted bits Average Number of faulted bits 70 60 50 40 30 Bits initially at 1 Bits initially at 0 20 10 0 CLB CLBIO GCLK IOB IOI BRAM BRAM I Bits initially at 1 46,32 0 0 0 0 0 0,59 Bits initially at 0 12,4 0,39 0 0,02 0,02 36,57 3,66 Most sensitive elements: CLB & BRAM Most of the area of the FPGA Faulted 1 principally in CLBs: 0 value by default More elements configured in CLBs (highest density of 1 is in CLB tiles) 10

Repartition of faulted CLB bits More precise repartition 3 categories: Logic Config. (LUTs, User memory..) Interconnection Configuration Unknown (inaccessible by JBits) Bit Type Total Logic Interco.Unknown Average Number 80.95 34.49 44.15 2.31 Percent 58.75 25.02 32.03 1.68 Flip-Flop contents defined by a single bit LUTs: Truth tables included in the bitstream Modification of the initial function No modification Interconnection: Single connection: between 1 and 3 configuration bits 11

CLB interconnection structure 90.3% of interconnections defined by 2 bits 2 bits activated per connected resource (single link) Each bit defines the reachable sources Connected sources in the intersection of activated lists OMUX 9 B1 B2 B3 B4 B5 XQ0 XQ1 YQ0 YQ1 In average: 9 bits / resource 4 sources / bit Bit OMux9(B1) : XQ0, XQ1 Bit OMux9(B2) : YQ0, YQ1 Bit OMux9(B3) : XQ0 Bit OMux9(B4) : XQ1, YQ0 Bit OMux9(B5) : YQ1 12

CLB interconnection modifications No initial connection: 86% no effect In average 3 bit-flips to create Existing connection: Connection maintained in more than 50% of the cases (Added) Effect depends on neighbor CLB Connected wires Unconnected wires Modified Suppressed Added No effect No effect Created : CLB interconnection : CLB wire Initial state Connected Unconnected Effect on connection Av num of mod. patterns Modified Suppressed Added No effect No effect Created 7.1 20.4 29 0 1163.1 187.4 Percent 0.5% 1.5% 2.1% 0% 82.7% 13.3% Av num of bitflips per pattern 2.3 1.5 1.7 n/a 1.4 3.1 13

Average number of faulted bits per CLB Configuration bits: Original Bit-stream Faulted Density: Compare probabilities to flip a bit P( 1 ) 2.5 * P( 0 ) Category Higher probability to suppress an interconnection Value Overall Bits at 1 Bits at 0 Golden Bit-stream 1760 212.80 1547.20 Faulted bits 9.15 2.37 6.78 Bit flip Probability 0.52 1.11 0.44 14

Outline Introduction Experimental settings Results Conclusion & Perspectives 15

Conclusion Quick overview of our fault effect analysis flow Results of preliminary analyses Modification of the functionality of the circuit Localisation of sensitive elements Classification of error patterns Insight of some effect Higher probability to flip a 1 than a 0 Effect on CLB interconnections 16

Perspectives Development of an accurate fault model Error patterns due to single laser shots Link with emulation-based fault injection techniques for dependability evaluation at design time Functional characterization of bit-stream modifications Study of dynamic effects Development of efficient protections against faults adapted to SRAM-based FPGAs 17

Thank you for your attention