Weaknesses Identification with Static Analysis
Identification of portions of the circuit sensitive to fault attacks can be achieved using static timing analysis. Static timing analysis produces a very detailed timing characterization of the paths inside their design, highlighting the critical path and all the other paths which are very close to the critical one. Barenghi et al.  proposed to extract the worst-case delays associated with the input connections of the state and key registers. Static analysis was carried out with Synposys PrimePower, using as input the placed and routed netlist and the parasitics of the connections. The authors compared the ranking of sensitivity to attacks, obtained using static analysis, with the fault attacks mounted on a real device. Obtained results demonstrated that static timing analysis provides an effective way to estimate the worst case timings for the input lines of the state registers and pinpoint which ones are more likely to be vulnerable to setup-time violation attacks.