Introduction to the special session on secure implementations
11th IEEE International On-Line Testing Symposium
On-line testing has been a very active domain during the last decades. The studies in this area were initially motivated by transient faults occurring in some particular environments such as space. Then the interest increased with the evolution towards very deep submicron technologies. Transient faults are now a threat that cannot be neglected. Protections against field failures become necessary even in circuits designed for consumer applications running at sea level. A lot of work has
... f work has therefore been done towards efficient techniques detecting and/or tolerating transient faults. The On-line Testing Symposium, created eleven years ago, is one of the major forums where such techniques are presented. ... and secure circuit designers ... In parallel, computers or integrated circuits are more and more used in applications with severe security constraints. In modern systems, security increasingly relies on functions implemented in hardware for various reasons (cost, power consumption, performances, confidentiality, ...). Smart cards are a good example of integrated system with strong security constraints especially when used for applications such as banking, access control, identification or even set-top-boxes. Designing a circuit for such applications requires ensuring that a hacker will not be able to recover the secrets hidden in the circuit, such as for example a secret key used by a cryptographic algorithm. Using robust algorithms is not sufficient; the implementation must also be very careful. Different types of attacks can indeed be used to recover secrets from "leakage" information related to the implementation. So-called "side channel" information can come from the execution time, the power consumption or the electromagnetic emissions of the circuit when the secret information is manipulated. More recently, a new threat appeared: the fault-based attacks. In such attacks, an action of the hacker modifies the nominal circuit behavior, so that the secret information can be inferred from erroneous results. Power glitch attacks can be performed by perturbing the power supply. Glitches can also be induced on the clock or reset signals. In order to better control the area of the chip that is disturbed, it is possible to use optical fault induction attacks based either on flash lights (e.g. photoflash lamps) or laser beams. This is possible in some cases without even suppressing the package, i.e. in a non-invasive way. No matter the equipment used to create the fault in the circuit, the erroneous answers eventually given by the circuit can be used in combination with cryptanalysis to get the secret. It becomes therefore necessary to protect the circuits designed for security applications, so that no useful information is given to the hacker by either side channels or faulty behaviors. Specific conferences and workshops, such as CHES and FDTC, have been created to discuss hardware implementations of secure devices, in particular cryptographic functions. However, it appears that the online testing community has not been very actively participating in such events. ... have common interests ! The faults that should be considered in fault-based attacks have different characteristics than the natural faults due to harsh environments. Also, the constraints related to security are quite different from the constraints for safety or availability. In the later case, the mission is the primary concern. On the opposite, a secure circuit should completely stop working, rather than expose a secret. But methods proposed to detect on-line the occurrence of natural faults may be used as a basis to counter fault-based attacks. They should however be revisited, taking into account the particular needs of secure applications. We are at a point where cross-fertilisation between test experts and security experts must be encouraged. I hope that this session, and the panel jointly organized, will help the on-line testing community in better understanding the needs and constraints in the security area. I believe that a more active collaboration between these communities would be fruitful on both sides.