Advanced analysis of faults injected through conducted intentional electromagnetic interferences

Experimental setups used in electromagnetic compatibility (EMC) tests can be used as platforms for fault injections. Injecting faults into equipment is a means for a malevolent attacker to extract secret information. In this paper, we first present an advanced setup, i.e., a setup with characteristics beyond the main international EMC standards. It performs more accurate measurements of the disturbance power, reducing the measurement error by 20.33 dB. Second, we propose an advanced analysis methodology allowing an attacker or a countermeasure designer to identify the disturbance frequency leading to the most powerful attack. As an illustration, the method is applied on an ASIC implementation of DES, providing a thorough characterization and classification of the generated faults. In this case, the most powerful attacks are performed when the disturbance has a frequency below 1 MHz. The threat has thus to be considered really serious, as generating such disturbance does not require a high budget.