Electromagnetic Pulse Fault Injection Attack And Analysis Method For DRAM

Electromagnetic Pulse(EMP)Fault Injection Attack(FIA)has become one of the most threatening challenges to hardware security,because of its low cost and acceptable time-spatial resolution.However,the faster,smaller and more complex digital integrated circuits and security countermeasures make it difficult for EMP to be directly applied to the attack on high-performance processors.Memory is an important part of computer systems,and the access speed of its basic storage unit is limited by physical principles.In this thesis,EMP is used to attack modern computer system by injecting faults into the memory and using second-order effects of the induced faults across multiple components of the target computer.First,EMP is used to attack different types of memories to find the most sensitive one to EMP.Dynamic Random Access Memory(DRAM)is found to be the most sensitive through the experiments.Then,attack experiments are carried out on two other DRAMs.Based on the collected results,the faults are classified and modeled,and the mechanism of the faults occurred in the experiments are qualitatively analyzed.In the above fault models,multi-byte persistent faults account for the largest proportion.Next,a new persistent fault analysis(PFA)method called MPFA is proposed for multiple persistent faults,which reduces both the computational complexity and the required ciphertexts.MPFA can be applied to the ciphertexts only attack scenario where all fault positions,fault values and fault quantity are unknown.The experiments show that compared to the existing persistent fault based analysis methods,the MPFA method reduces the number of required ciphertexts for cracking AES by at least 57.5%,and reduces the cracking time to 36 seconds.Finally,a real EMP fault injection attack is carried out to inject multi-byte persistent faults into the sbox,which is stored in DRAM,of AES-128.Based on the faults injected into the DRAM,the key of AES-128 is successfully cracked by the MPFA method.The AES-128 runs on an ARM processor with a working frequency of 650 MHz.The crack takes 656 ciphertexts,and the analysis time is less than 14 seconds.DRAM usually works as main memory in computing systems.The investigation into the EMP FIA on DRAM is of great significance to the development of countermeasures and improving hardware security of computer systems.