Providing protection against EMFI attacks
This Agile Analog blog post is focused on describing the dangers of Electromagnetic Fault Injection (EMFI) attacks and outlining the importance of EMFI sensors that are designed to provide protection.
EMFI attacks
An EMFI attack uses targeted electromagnetic pulse injection to generate temporary glitches or faults in a chip in order to bypass or compromise device security. It is a physical hardware security attack method where electrical contact or physical connection to the chips is not required. An attacker can induce eddy currents directly into the internal metal layers of the silicon by using an electromagnetic probe to produce a localized high-intensity magnetic field. An accurate EM pulse can flip a bit in a status register, so for example, an incorrect password result can be altered to give a password correct result.
It is also possible to bypass perimeter defenses, such as voltage or clock glitch sensors monitoring the device’s input pins. The power supply and clock signal may seem stable even as its internal logic is being corrupted, so this type of tampering is not easy to detect. Common attack targets include; smart cards, automotive ECUs (Electronic Control Units), drones and medical devices.
Dangers of EMFI attacks
EMFI is considered to be a powerful security attack method as it is non-invasive and can be performed quickly without needing to physically de-package or modify the target device's enclosure. This means that often there is no indication that an attack has even occurred. There can be long-term not just short-term danger. For example, if cryptographic key information is taken or changed it could be reused in other attacks. EMFI tools can be portable so attacks can take place post-deployment. Consequently, devices in the field, like IoT devices, are especially vulnerable to being compromised.
The dangers of EMFI attacks may go far beyond data issues or system damage. In fact, in automotive, medical systems and industrial systems EMFI could corrupt control logic, disrupt sensor readings and force unsafe system states, leading to accidents or even loss of life. EMFI attacks need to be taken seriously and one way to address this problem is with EMFI sensors.
EMFI sensors
EMFI sensors detect or measure properties of electromagnetic fields (electric, magnetic or both). As these electromagnetic fields can pass through the chip’s plastic packaging there is no resistance to an EMFI attack. Therefore, to be effective the EMFI sensor needs to be integrated into the silicon itself. These sensors can identify variations in the internal magnetic field on the device. If this occurs an alarm is activated to prevent an attack. EMFI sensors have a fast response time, so they are especially suited to real-time monitoring and high-speed systems.
Explore Mixed Signal Subsystem IP:
Advances with EMFI sensors
Due to an increase in the number of EMFI attacks there have been new product developments with EMFI sensors. As part of the Agile Analog agileSecure anti-tamper security portfolio we introduced an EMFI detector agileEMSensor. This includes programmable thresholds to allow designers to fine tune the sensitivity to avoid false positives. Isolated from power, supply and temperature, the flexible sensor element is integrated into the chip’s backend flow to protect sensitive circuitry. This provides digital outputs to warn processors of EMFI attacks.
This solution can be tailored to a customer’s exact specifications and optimized for (PPA) Power, Performance and Area. Ideally suited for security and monitoring in applications such as IoT, AI and automotive, as well as general SoCs and ASICs, the agileEMSensor offers superior levels of protection against EMFI attacks.
To find out more about agileEMSensor and our agileSecure product portfolio please visit our Security IP web pages.
Agile Analog™
Agile Analog is transforming the world of analog IP with Composa™, its innovative, highly configurable, multi-process analog IP technology. Headquartered in Cambridge, UK, with a growing number of customers across the globe, Agile Analog has developed a unique way to automatically generate analog IP that meets the customer’s exact specifications for any foundry and on any process, from legacy nodes right up to the leading edge. The company provides a wide range of novel analog IP and subsystems for data conversion, power management, IC monitoring, security, and always-on IP, with applications including data centers/HPC, IoT, AI, quantum computing, automotive, and aerospace. The digitally wrapped and verified solutions can be seamlessly integrated into any SoC, significantly reducing complexity, time, and costs and helping to accelerate innovation in semiconductor design.
Related Semiconductor IP
- EMFI Detector
- 32x8 Bits OTP (One-Time Programmable) IP, VIS 0.25um 2.5V/3.3V Mixed Signal Process
- 128x8 Bits OTP (One-Time Programmable) IP, SMIC 0.18µm 1.8V/3.3V Mixed Signal Process
- 256x16 Bits OTP (One-Time Programmable) IP, 256x16 Bits One Time Programmable Device SMIC 110nm 1.2V/3.3V Mixed Signal Generic Process
- 128x8 Bits OTP (One-Time Programmable) IP, SMIC 110nm 1.2V/3.3V Mixed Signal HE Process
Related Blogs
- Secure DDR DRAM Against Rowhammer, RAMBleed, and Cold-Boot Attacks
- Ensuring IoT Security Against Side Channel Attacks for ESP32
- Guarding against the threat of clock attacks with analog IP
- Cowan LRA model's 2010 semicon sales growth forecast estimate: How does it "stack up" against other prognosticators?