Combining image processing and laser fault injections for characterizing a hardware AES

International audienceNowadays, the security level of secure integrated circuits makes simple attacks less efficient. The combination of invasive approaches and fault attacks can be seen as more and more pertinent to retrieve secrets from integrated circuits. This article includes a practical methodology and its application. We first describe how to retrieve the physical areas of interest for the attack. Then, we perform a deep fault injection characterization of the area of found. For the former, a methodology based on circuit preparation, Scanning Electron Microscopy (SEM) acquisitions, image registration and processing is given allowing to perform a controlled and localized laser fault attack with a state of the art injection platform. The laser fault injection presented here allows the attacker to perform a "bit-set", a "bit-reset" or a full register "reset". Controlling the value stored in a flip-flop is critical for security. To illustrate this methodology, an encryption algorithm is targeted. We see that efficient method that takes advantage of the comparison between faulty and correct cipher texts, such as Differential Fault Analysis (DFA) or "Safe Error", are particularly relevant with the proposed methodology. The overall methodology can efficiently be used to speed up an attack and to improve the test coverage