Security evaluation of application-specific integrated circuits and field programmable gate arrays against setup time violation attacks

Fault attacks are real threats against hardware implementations of robust cryptographic algorithms such as advanced encryption standard (AES). The authors present an active non-invasive attack to inject faults during the execution of the algorithm and describe setup time violation attacks by under-powering and overclocking an application-specific integrated circuit. Then a security evaluation is presented against setup time violation attacks of several AES architectures on two field programmable gate arrays (FPGA) brands, namely Altera Stratix and Xilinx Virtex5. The authors notice that the architecture of the substitution box greatly impacts the faults statistics. These statistics are furthermore different depending on the FPGA vendor, and also notice that it is more difficult to inject single fault in the most recent technology. Also, the use-cases show how difficult it is to predict the most vulnerable resource in an FPGA. Finally, a low-cost countermeasure against this kind of attack is presented.