Low-cost Setup for Localized Semi-invasive Optical Fault Injection Attacks - How Low Can We Go?

Localized semi-invasive optical fault attacks are nowadays considered to be out of reach for attackers with a limited budget. For this reason, they typically receive lower attention and priority during the security analysis of low-cost devices. Indeed, an optical fault injection setup typically requires expensive equipment which includes at least a laser station, a microscope, and a programmable X-Y table, all of which can quickly add up to several thousand euros. Additionally, a careful handling of toxic chemicals in a protected environment is required to decapsulate the chips under test and gain direct access to the die surface. In this work, we present a low-cost fault injection setup which is capable of producing localized faults in modern 8-bit and 32-bit microcontrollers, does not require handling hazardous substances or wearing protective eyeware, and would set back an attacker only a couple hundred euros. Finally, we show that the type of faults which are obtained from such a low-cost setup can be exploited to successfully attack real-world cryptographic implementations, such that of the NSA's Speck lightweight block cipher.     «

Localized semi-invasive optical fault attacks are nowadays considered to be out of reach for attackers with a limited budget. For this reason, they typically receive lower attention and priority during the security analysis of low-cost devices. Indeed, an optical fault injection setup typically requires expensive equipment which includes at least a laser station, a microscope, and a programmable X-Y table, all of which can quickly add up to several thousand euros. Additionally, a careful handli...     »