To develop countermeasures against fault attacks, it is important to model an attacker's ability. The instruction skip model is a well-studied practical model for fault attacks on software. Contrastingly, few studies have investigated the instruction replacement model, which is a generalization of the instruction skip model, because replacing an instruction with a desired one is considered difficult. Some previous studies have reported successful instruction replacements; however, those studies concluded that such instruction replacements are not practical attacks because the outcomes of the replacements are uncontrollable. This paper proposes the concept of a controllable instruction replacement technique that uses the laser irradiation of flash memory. The feasibility of the proposed technique is demonstrated experimentally using a smartcard-type ARM SC100 microcontroller. Then, practical cryptosystem attacks that exploit the proposed technique are investigated. The targeted cryptosystems employ the AES with software-based anti-fault countermeasures. We demonstrate that an existing anti-instruction-skip countermeasure can be circumvented by replacing a critical instruction, e.g., a branch instruction to detect fault occurrence.

The residue number system (RNS) is a method for representing an integer x as an n-tuple of its residues with respect to a given set of moduli. In RNS, addition, subtraction, and multiplication can be carried out by independent operations with respect to each modulus. Therefore, an n-fold speedup can be achieved by parallel processing. The main disadvantage of RNS is that we cannot efficiently compare the magnitude of two integers or determine the sign of an integer. Two general methods of comparison are to transform a number in RNS to a mixed-radix system or to a radix representation using the Chinese remainder theorem (CRT). We used the CRT to derive an equation approximating a value of x relative to M, the product of moduli. Then, we propose two algorithms that efficiently evaluate the equation and output a sign bit. The expected number of steps of these algorithms is of order n. The algorithms use a lookup table that is (n+3) times as large as M, which is reasonably small for most applications including cryptography.

Under the condition of inadequate torque management, contact failure could occur in the interconnecting connector. Contact failure reduces the local immunity and degrades the electromagnetic properties of the equipment. It has been shown in previous reports that connector contact failure causes the parasitic inductance and radiated electromagnetic noise to increase. However, there is not enough discussion about the effects of connector torque fluctuation on the surrounding electromagnetic environment. Thus, in this study, the effects of a changing connector torque value on the circuit response and near field at the contact boundary were investigated. Based on these results, we discuss the influence of torque fluctuation on the electromagnetic environment surrounding the connector.

An arbitrary noise generator (ANG) is based on time-series charging of divided parasitic capacitance (TSDPC) and emulates power supply noise generation in a CMOS digital circuit. A prototype ANG incorporates an array of 32 x 32 6-bit TSDPC cells along with a 128-word vector memory and occupies 2 x 2 mm2 in a 65 nm 1.2 V CMOS technology. Digital noise emulation of functional logic cores such as register arrays is demonstrated with chip-level waveform monitoring at power supply, ground, as well as substrate nodes.

Power supply noise waveforms within cryptographic VLSI circuits in a 65nm CMOS technology are captured by using an on-chip voltage waveform monitor (OCM). The waveforms exhibit the correlation of dynamic voltage drops to internal logical activities during Advance Encryption Standard (AES) processing, and causes side-channel information leakage regarding to secret key bytes. Correlation Power Analysis (CPA) is the method of an attack extracting such information leakage from the waveforms. The frequency components of power supply noise contributing the leakage are shown to be localized in an extremely low frequency region. The level of information leakage is strongly associated with the size of increment of dynamic voltage drops against the Hamming distance in the AES processing. The time window of significant importance where the leakage most likely happens is clearly designated within a single clock cycle in the final stage of AES processing. The on-chip power supply noise measurements unveil the facts about side-channel information leakage behind the traditional CPA with on-board sensing of power supply current through a resistor of 1 ohm.

Capacitor charging modeling accelerates the time-domain simulation of power current of cryptographic VLSI circuits in a CMOS technology. The model finely represents the amount of charges consumed during the operation of Advanced Encryption Standard (AES) cores in a variety of logical implementations, reflecting their internal logical activities. This approach significantly reduces the complexity of power current simulation, and accomplishes acceleration by a factor of more than 200 over the traditional transistor-level circuit simulation. The correlated power analysis (CPA) attack against AES cores is successfully simulated with a conventional circuit simulator, with the models individually derived for 10,000 different cipher texts. The CPA is also experimentally performed against AES cores fabricated in a 65nm as well as 130nm CMOS technologies, using SASEBO measurement standards. The fast power current simulation is demonstrated to be accurate enough to evaluate the vulnerability of AES cores in various logical implementations as well as in different technologies, and exhibits general agreements with the silicon measurements.