Feature: Hardware design
Tis allows us to find the correlation
between our measured power and our Hamming weight leakage model. If we repeat it for all possible keys in the selected key byte, there will be a strong correlation for the correct key. Repeat for the full 16 key bytes and you
have the AES key. CPA is usually a more successful attack than DPA, and may be improved by using more accurate leakage models. We can derive these by evaluating the MCU that is used on the device under test, to create a template model or use a standard industry model such as Test Vector Leakage Assessment.
Fault injection Te previous power analysis techniques require basic equipment to passively observe activity within the target device. Our next group of techniques use fault injection, which forces the device to operate the chip outside of its normal conditions, with the objective to disrupt the execution of an instruction or corrupt a memory or register location. Ideal targets here are bootloader signature checks and device configuration registers for security mechanisms (JTAG disable, Code Read Out). Tese techniques generally require more sophisticated equipment, more experience and a certain amount of luck. Fault injection techniques fall into
three broad categories: clock glitching, voltage glitching and electromagnetic fault injection (EMFI), including optical fault injection.
Clock glitching Te objective of clock glitching is to introduce a small pulse – a glitch – into the processor clock stream that will prevent an instruction from executing correctly – if at all. Many of today’s commonly-used MCUs, such as Cortex-M based devices, will have a pipelined architecture that includes a dedicated execute stage. If we can place a too short or too long a pulse before the execute clock cycle, then we may be able to unduly influence execution of the target instruction. To experiment with clock glitching we
Correlation power analysis (CPA) is usually a more successful attack than differential power analysis (DPA), and may be improved by using more accurate leakage models
need some specialist hardware to generate a glitch stream; see Figure 5. Te glitch stream must also be
programmable in terms or pulse width and a time offset from a trigger provided by our test hardware similar to our power analysis examples. Once you have a glitching tool, you will need to experiment on a target device. Tis is typically done by creating a set of fault primitives, small programs that contain typical target features such as register read/write, loops and memory copies. You can then try to inject ‘useful’ faults by tuning the parameters of your fault injector, a ‘task’ for the long dark evenings. Once we have experience with a test device, we can begin testing a device with real application code.
Voltage glitching An alternative method of glitching the processor is voltage glitching through under- or over-voltage excursions. Since such glitches will typically be sub- microsecond long, we again need some form of specialist equipment. Tis can be a waveform generator with a voltage buffer to power the target, or a pair of power supplies (normal and glitch voltage) connected to the target through a programmable analogue switch. Another alternative is a voltage crowbar that momentarily shorts the power supply to create the voltage glitch. Another important tip is to adjust the
normal supply voltage to its threshold, either the minimal supply voltage if you are shorting, or maximum for over voltage.
EMFI We can also attempt to fault a device by using a strong electromagnetic field. Tis can be a pulse that can be used to corrupt memory locations or correct operation of the processor or, alternatively, it can be a
24 February 2026
www.electronicsworld.co.uk
continuous field to bias areas of the chip, specifically random number generators. A big advantage of EMFI faulting is that you don’t need to modify the target; just position the probe and fire away. Either way, the process or EMFI faulting
is much more experimental, though successful attacks have removed code read protection and re-enabled JTAG ports on real-world devices. We are not only contending with the shape and power of the pulse but also its location over the MCU and any external memory. To make testing more systematic, it is best
to use any XYZ table (Figure 6) that can be used to position the EMFI probe with high accuracy. Tese can be specialist equipment or adapted from other equipment, like laser engravers or 3D printers. Te table control must also be scriptable,
so extensive testing can be automated. As with clock and voltage glitching, we must assemble a set of test primitives that are downloaded into the MCU prior to any zapping. Tese tests can be simple loops, memory copies and broader memory scans, to detect any corruption in SRAM. Another useful primitive here is a
“NOP slide” – a block of NOP operations preceded by a test trigger. We can then pulse the device at the beginning of the slide and see if any CPU registers are affected. At the upper end of the electromagnetic
spectrum are lasers. It is possible to fault a device with a high intensity laser beam found on many low-cost engravers. For this to work successfully we need to decapsulate the chip package to expose the raw die. Tis can be done with Fuming Nitric Acid, a highly corrosive hazardous substance, so if you have ‘butter fingers’ like me, it’s best leſt alone. Once the die is exposed, you can proceed with the laser in place of the EMFI probe.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48
