Fault injection attacks are a family of techniques used for accessing, analyzing or extracting information from secure electronic circuitry, such as cryptographic circuitry. A fault injection attack typically involves causing a fault in the circuit, e.g., by physically contacting signal lines, by applying high-power laser or electromagnetic pulses, or by causing glitches on power supply or other external interfaces. The fault is expected to cause the circuit to output sensitive information, or otherwise assist the attacker in penetrating the circuit or the information it stores.
Various techniques for detecting and mitigating fault injection attacks are known in the art. For example, U.S. Patent Application Publication 2011/0029828, whose disclosure is incorporated herein by reference, describes a circuit for detecting a fault injection in an integrated circuit. The circuit includes at least one logic block for performing a logic function of the integrated circuit; an isolation block coupled to receive a signal to be processed and an isolation enable signal indicating a functional phase and a detection phase of the logic block. The isolation block applies, during the functional phase, the signal to be processed to at least one input of the logic block, and during the detection phase, a constant value to the input of the logic block. A detection block is adapted to monitor, during the detection phase, the state of the output signal of the logic block, and to generate an alert signal in case of any change in the state of the output signal.
U.S. Patent Application Publication 2007/0075746, whose disclosure is incorporated herein by reference, describes techniques for glitch detection in a secure microcontroller. An apparatus includes a plurality of macro-cells formed from logic capable of performing one or more functions. The apparatus also includes a clock tree capable of receiving a clock signal and providing at least one copy of the clock signal to each macro-cell. The clock tree includes a local branch within each macro-cell, where each local branch is capable of providing at least one copy of the clock signal. In addition, the apparatus includes at least one glitch detection circuit capable of detecting a glitch in one or more copies of the clock signal provided by the local branches in the macro-cells.
U.S. Patent Application Publication 2009/0315603, whose disclosure is incorporated herein by reference, describes techniques for detecting a disturbance of a state of at least one first flip-flop from a group of several first flip-flops of an electronic circuit. The respective outputs of the first flip-flops in the group are, independently from their functional purpose, combined to provide a signal and its inverse, triggering two second flip-flops having data inputs forced to a same state, the respective outputs of the second flip-flops being combined to provide the result of the detection. A pulse signal comprising a pulse at least for each triggering edge of one of the first flip-flops in the group initializes the second flip-flops.
U.S. Patent Application Publication 2005/0235179, whose disclosure is incorporated herein by reference, describes a device for protection against error injection into a synchronous flip-flop of an elementary logic module. A logic circuit comprises a logic module comprising a functional synchronous flip-flop receiving a functional result comprising several bits in parallel, and supplying a synchronous result. A module for checking the integrity of the functional flip-flop comprises a first coding block receiving the functional result and supplying a first code, a second coding block receiving the synchronous result and supplying a second code, a checking synchronous flip-flop receiving the first code and supplying a third code, and a comparator for comparing the second code with the third code and for supplying a first error signal.
Korean Patent Application Publication KR101352149B, whose disclosure is incorporated herein by reference, describes a circuit for detecting optical fault injection using a buffer in a reset signal path, capable of detecting optical fault injection using buffers existing in a reset signal line required for resetting a chip. The circuit includes a plurality of detection units formed in a path of a reset signal which is transmitted to each flip-flop comprising a digital circuit for detecting external optical fault injection, a signal collection unit for collecting outputs of the detection units into one and distinguishing a change when a change in signals of any of the detection units is occurred, and a detection signal generation unit for detecting a signal change outputted from the detection units and generating an optical fault injection detection signal by an input of the signal collection unit.