Design-Agnostic Distributed Timing Fault Injection Monitor With End-to-End Design Automation

TL;DR

This paper introduces a fully automated, design-agnostic, and scalable fault injection monitor that detects various clock and timing attacks in hardware circuits, enhancing security in integrated systems.

Contribution

It presents a novel, fully synthesizable in situ FIA monitor with a delay locked loop, capable of detecting multiple attack types across process nodes with automation and small footprint.

Findings

Successfully fabricated in 65 nm CMOS technology.

Detects 12 types of clock glitches and timing injections.

Operates from 2 MHz to 1.26 GHz clock frequencies.

Abstract

Fault injection attacks induce hardware failures in circuits and exploit these faults to compromise the security of the system. It has been demonstrated that FIAs can bypass system security mechanisms, cause faulty outputs, and gain access to secret information. Certain types of FIAs can be mounted with little effort by tampering with clock signals and or the chip operating conditions. To mitigate such low cost, yet powerful attacks, we propose a fully synthesizable and distributable in situ fault injection monitor that employs a delay locked loop to track the pulsewidth of the clock. We further develop a fully automated design framework to optimize and implement the FIA monitors at any process node. Our design is fabricated and verified in 65 nm CMOS technology with a small footprint of 1500 um2. It can lock to clock frequencies from 2 MHz to 1.26 GHz while detecting all 12 types of possible clock glitches, as well as timing FIA injections via the supply voltage, electromagnetic signals, and chip temperature.