An {EM} Fault Injection Susceptibility Criterion and Its Application to the Localization of Hotspots
Abstract
Electromagnetic (EM) fault injection has been proven efficient in attacking targets such as system-on-chip (SoC) or smartcards. Nonetheless, security characterisations, performed either by certification laboratories or by firms, are time consuming and this impacts on the final result. Indeed complete tests of integrated circuits (ICs) require trying numerous parameters, from pulse polarity to probes geometry and coupling, hence many maps are required to test all surface of Devices Under Test (DUT) and are unfortunately rarely performed.
In this paper we propose a criterion to find zones with a high susceptibility to EM Fault Injection (EMFI). By using preprocessing tools based on both the effects of EMFI on circuits and the analysis of EM emission traces, we are able to speed up the search of zones where faults are more likely to occur hence reducing the time required for security characterisations.