Fault Injection Through Electromagnetic Fields
Electromagnetic pulses can cause the change in the memory content or the malfunctioning of the device. This is due to the so called Eddy currents, which are created using an active coil . Electromagnetic pulses can induce a fault which is extremely localized and precise (up to the level of a single bit), while the equipment needed to carry out this attack can be relatively cheap. Furthermore, the attack can be carried out without depackaging the chip. However, the adversary is required to know the details of the layout of the chip in order to identify the precise point of attack. The EM pulse can either be injected over the power trail of the chip, uniformly affecting the whole attacked device, or a smaller EM coil can be used to induct an additional current on a specific part of the circuit. The idea of this type of fault injection has been introduced by Quisquater and Samyde . The authors demonstrated that it is possible to alter the computations of a cryptographic algorithm using an Electromagnetic probe and a camera flash (used to induce high voltage into the coil of the probe). This technique does not work efficiently with chips that employ grounded metal packaging (usually for heat sinking purposes), that also act as an EM shield, which needs the adversary to perform decapsulation (Table 2.1).