Netlist Level Based Fault Injection Simulation

Master thesis (2021)

Authors

D. Belloli Electrical Engineering, Mathematics and Computer Science

Contributors

M. Taouil Computer Engineering - (mentor)

D. Vermoen Riscure (mentor)

J.S.S.M. Wong Computer Engineering - (mentor)

J.H.G. Dauwels Signal Processing Systems - (graduation committee member)

Faculty

Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science

Formal Verification Fault Injection Hardware Attacks

To reference this document use:

http://resolver.tudelft.nl/uuid:734f8266-621f-484b-a181-1f64a5dc034a

More Info

expand_more

Published Date

11-11-2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

The issue of securing microchip designs against hardware attacks has grown in magnitude as more and more embedded systems are deployed in hostile environments, where security measures have to be taken to prevent attackers from accessing unwanted information.
The first step in solving this problem is gaining awareness of the security vulnerabilities in a design, which can be done through a fault injection campaign. Current solutions tackle the issue by either requiring silicon manufacturing for every prototype, which is expensive, or simulating faults using a model of the device under test and of the possible faults being injected, which takes a considerable amount of time. Some hybrid solutions have been developed to improve this aspect (namely, by using FPGAs to implement the device and injecting faults on it instead), but they still require some form of specialized hardware to operate.
Moreover, a gap still remains between the results from these tools and the work necessary to update the design and mitigate the vulnerabiliies found. Results usually reference cells in the netlist, while the development is mostly done in a high-level hardware descriptive language.
This thesis proposes two improvements to the currently existing workflow: first, it explores the effectiveness of equivalence checking in tracing individual gates in the netlist representation back to the RTL lines that generated them, and second, it builds on the simulation-based fault injection approach by introducing a formal framework to prove the presence or absence of successful faults.
The results show that equivalence checking can significantly increase the number of cells recognized as results of individual RTL lines of code, enabling a designer to better pinpoint which components should be hardened against fault injection attacks. In terms of fault identification, the framework described can reduce the number of faults to be simulated down to 2% of the number necessary to exhaustively check a design for possible vulnerabilities, greatly speeding up existing simulation-based approaches.

Files

Main.pdf

(pdf | 3.51 Mb)