

# **PicoEMP**

A Low-Cost EMFI Platform Compared to BBI and Voltage Fault Injection using TDC and External VCC Measurements

Colin O'Flynn

NewAE Technology Inc. & Dalhousie University

## Topics

- EMFI Tools & Building Low-Cost Tools
- TDC for On-Die Voltage Measurement
- Comparing EMFI, Voltage-FI, and BBI

## EMFI Tooling



## EMFI Architectures

#### Direct Drive EMFI

#### Coupled Drive EMFI



Low-Side Switching

High-Side Switching





## Implementation



FDTC 2023 - Sept 10, 2023. Prague, CZ

## Gate Drive Waveform



## Pulse Comparison





## Pi on Pi Violence



Table I: Results of RSA Fault Attack on Raspberry Pi 3B+

| Result              | Count | Percentage |
|---------------------|-------|------------|
| No Impact           | 33    | 30 %       |
| System Hang         | 1     | 0.9 %      |
| Application Crash   | 45    | 41 %       |
| RSA Fault (invalid) | 4     | 3.7 %      |
| RSA Fault (success) | 26    | 24 %       |

## Time to Digital Converter (TDC)



### TDC on iCE40

#### SB\_CARRY

#### **Carry Logic**

The dedicated Carry Logic within each Logic Cell primarily accelerates and improves the efficiency of arithmetic logic such as adders, accumulators, subtracters, incrementers, decrementers, counters, ALUs, and comparators. The Carry Logic also supports a limited number of wide combinational logic functions.

The figure below illustrates the Carry Logic structure within a Logic Cell. The Carry Logic shares inputs with the associated Look-Up Table (LUT). The I1 and I2 inputs of the LUT directly feed the Carry Logic. The carry input from the previous adjacent Logic Cell optionally provides an alternate input to the LUT4 function, supplanting the I3 input.

#### Carry Logic Structure within a Logic Cell





## Delay Element Sensitivity

Table II: iCE40 Delay Element Measurements

| Using SB_CARRY |                         | Using SB_LUT4              |                      |                    |                            |
|----------------|-------------------------|----------------------------|----------------------|--------------------|----------------------------|
| ${ m V}_{int}$ | $\mid \overline{delay}$ | $\mid \sigma_{delay} \mid$ | $oldsymbol{V}_{int}$ | $\overline{delay}$ | $\mid \sigma_{delay} \mid$ |
| 1.1 V          | 0.52 nS                 | 0.21 nS                    | 1.1 V                | 2.09 nS            | 0.82 nS                    |
| 1.2 V          | 0.36 nS                 | 0.16 nS                    | 1.2 V                | 1.44 nS            | 0.53 nS                    |
| 1.3 V          | 0.30 nS                 | 0.12 nS                    | 1.3 V                | 1.12 nS            | 0.42 nS                    |

## TDC on ICE40



## Rebuilding TDC

- Can rebuild the TDC in seconds thanks to Yosys!
- Allows modification of the delay elements without needing tricky (and glitchable) state machine.

## TDC Results - Calibration



## Internal & External Voltage Measurements



## TDC / PicoEMP Measurement Setup



### **Practical Tests**



**Hardware AES** 



RISC-V Soft-Core, Loop Test



- The TDC is reloaded and measurement taken after finding an "effective" glitch setting/location.
- Does not require *any* touching of the setup, so no movement occurs.
- Reloading happens <1 second</li>



iCE40 FPGA

- The TDC is reloaded and measurement taken after finding an "effective" glitch setting/location.
- Does not require *any* touching of the setup, so no movement occurs.
- Reloading happens <1 second</li>



 The TDC is reloaded and measurement taken after finding an "effective" glitch setting/location.

- Does not require *any* touching of the setup, so no movement occurs.
- Reloading happens <1 second</li>



 The TDC is reloaded and measurement taken after finding an "effective" glitch setting/location.

- Does not require *any* touching of the setup, so no movement occurs.
- Reloading happens <1 second</li>



iCE40 FPGA

- The TDC is reloaded and measurement taken after finding an "effective" glitch setting/location.
- Does not require *any* touching of the setup, so no movement occurs.
- Reloading happens <1 second</li>



iCE40 FPGA

- The TDC is reloaded and measurement taken after finding an "effective" glitch setting/location.
- Does not require *any* touching of the setup, so no movement occurs.
- Reloading happens <1 second</li>



iCE40 FPGA

- The TDC is reloaded and measurement taken after finding an "effective" glitch setting/location.
- Does not require *any* touching of the setup, so no movement occurs.
- Reloading happens <1 second</li>

### Hardware AES



Figure 13: Measurements of the VCC-INT power rail using TDC during hardware AES operations.



Figure 12: Measurements of the VCC-INT power rail using external oscilloscope during hardware AES operations.

FDTC 2023 - Sept 10, 2023. Prague, CZ

### RISC-V Core



Figure 15: Measurements of the VCC-INT power rail using TDC during RISC-V soft-core operation.



Figure 14: Measurements of the VCC-INT power rail using external oscilloscope during RISC-V soft-core operation.

## EMFI Width?



## EMFI Width?





Figure 17: Comparison of EMFI Pulse Width, measured using TDC on VCC internally.



Figure 16: Comparison of EMFI Pulse Width, measured using oscilloscope on VCC externally.

## Effective vs. Ineffective Glitches



Figure 18: Comparison of EMFI pulses as measured on VCC-INT for effective & ineffective glitches.

FDTC 2023 - Sept 10, 2023. Prague, CZ

## Effective vs. Ineffective Glitches



Aided Design of Integrated Circuits and Systems. 2020

Figure 18: Comparison of EMFI pulses as measured on VCC-INT for effective & ineffective glitches.

FDTC 2023 - Sept 10, 2023. Prague, CZ

1.50

1.75

0.75

0.25

0.50

1.00

Time (uS)

1.25

## Conclusions & Questions

- PicoEMP is a low-cost EMFI tool, with a safety-focused design.
- TDC implemented in an iCE40 FPGA provides a useful calibration and exploration artifact.
- We can use this to demonstrate the link between EMFI, Voltage Glitching, and BBI.
- We can also link external power measurements with internal (TDC) measurements.

colin –AT– oflynn.com