A fault-injection may be caused by an inadvertent switching of the logic state of a digital circuit block in an integrated circuit in operation. Such switching may be deliberately provoked by means of a laser beam directed on the drain or the source of a MOS transistor, or by means of an electromagnetic field directed through a loop formed by conductive tracks interconnecting elementary logic gates or transistors inside an elementary gate. By injecting faults at strategic points, in synchronization with the operation of a secure circuit, an attacker can reveal secure information, such as encryption keys.
To detect laser beam attacks, the circuit may be provided with optical sensors distributed in the circuit, with a higher density around key elements of the circuit.
For example, such sensors can be implemented in buffer amplifiers provided in the reset tree of the integrated circuit. A buffer amplifier can be formed of two consecutive inverters, each being sensitive to laser beam fault-injection. The outputs of these amplifiers, at logic 1 in normal operation, are compared by an AND gate. When at least one of the buffer amplifiers switches due to a fault-injection, the output of the AND gate temporarily changes to logic 0. This passage through a logic 0 is stored in a flip-flop that serves to signal the fault. The signal indicating the fault may be used by software for taking preventive measures, or simply to reset the circuit.
In practice, it is difficult to protect, using optical sensors, all locations in a secure circuit that can be used for fault-injection and optical sensors are generally not suited for the detection of electromagnetic pulses. As a consequence, secure circuits may integrate other countermeasures to prevent attacks, such as the use of redundancy, allowing double verification of results.