Closing the gap between speed and configurability of multi-bit fault emulation environments for security and safety-critical designs

Steadily decreasing transistor sizes and new multi beam laser attacks lead to an increasing amount of multi-bit fault occurrences, e.g., during fault attacks against cryptographic implementations. Therefore, multi-bit fault injection becomes more important during security and safety verification. Fault injection techniques which are applicable during the development cycle of a device are based on either software implementations, e.g. formal methods and simulations, or fault emulation environments in hardware. So far, simulations provide the best configurability whereas fault emulation environments provide the best performance in terms of run time. This contribution presents an FPGA-based emulation environment that combines the advantages of both simulation-based and emulation-based environments. To the best of our knowledge, we are the first to achieve this. Permanent and transient multi-bit faults are configurable at run time where the selection of a fault model, the configuration of the injection time and fault duration is supported without the need for re-synthesizing the design. We propose three measures for performance optimization allowing us to support all the fault configuration capabilities at run time without performance penalty. Experimental results are provided for a hardened 8051-like microprocessor showing that the presented emulation environment reaches the theoretical optimal performance for a wide range of fault configurations using our proposed optimizations