Precise Fault Injection to Enable DFIA for Attacking AES in Remote FPGAs

Differential Fault Intensity Analysis (DFIA) is a class of biased-fault attacks that aim to recover secret keys from block ciphers such as Advanced Encryption Standard (AES). In DFIA an attacker collects a set of ciphertexts generated while carefully controlling the fault intensity, and then performs an analysis on the results that reveals the secret encryption key. In AES, DFIA requires injecting varied intensity faults during exactly the 9th round of encryption, which could be accomplished using clock or supply voltage glitching, although previous works give scant consideration to shaping the fault within a realistic scenario.In this work, we demonstrate DFIA against an FPGA implementation of AES without assuming arbitrary external control of clock or supply voltage. Instead we use on-chip ring oscillators (ROs) to create a precise and controllable voltage drop in the vicinity of the AES circuit, which causes timing faults to occur. The fault intensity is finely controlled by changing the number of activated ROs, and we explore how to optimize the timing of the RO activation to cause a fault in the 9th round as is required in DFIA. We use this approach to perform DFIA against AES on Xilinx Spartan-7 FPGA, show that it successfully extracts AES key bytes, and discuss its performance.