Horizontal Magnetic Pulses and the Impact of Ultrafast Transient Current on Hardware Security of SoCs

Work carried out within the CEA-Leti has shown that physical attacks can be a threat to the security mechanisms of SoCs (System-On-Chips). Indeed, fault injections by electromagnetic disturbance have already led to an elevation of privileges by authenticating with an illegitimate password, or more recently have made it possible to circumvent one of the highest security levels of a SoC, which is the Secure Boot. However, the technologies integrated into this type of target are increasingly sophisticated, such as the technological node less than or equal to 7 nm for the new Samsung S20. The implementation of these attacks requires state-of-the-art equipment not currently available commercially (very small diameter probe, high transient current pulse generator, etc.). The thesis defended in 2022 by Clément Gaine within our team made it possible to study several components of the EM injection chain, in particular a main element such as the electromagnetic injection probe. New aspects will be explored in this thesis, in particular the complete chain of injection from the pulse generator to the creation of an electromotive force in the target, induced by the EM probe via very high current gradients (di/dt). The objective is to master the complete EMFI chain in order to define the most suitable injection system for characterizing a smartphone and solving the challenges related to this type of target such as: the complex microarchitecture, the multilayer software stack, the complex packaging with sometimes the stacking of several components on the same chip (PoP: Package On Package).

Facebook

Twitter