FLAT: Layout-Aware and Security Property-Assisted Timing Fault-Injection Attack Assessment

The ease and inexpensive setup of injecting timing faults in a hardware design make it vulnerable to adversaries, resulting in confidentiality or integrity violations. The state-of-the-art fault-injection attack assessment frameworks do not consider significant timing variations during layout generation from a gate-level design when assessing security threats of timing faults. Additionally, existing mitigation methods focus on higher design abstractions (e.g., register transfer level (RTL) and gate level), resulting in substantial area, power consumption, and latency overhead. To address these limitations, we propose our layout-aware and security property-assisted timing fault-injection attack assessment (FLAT) framework that automatically assesses the feasibility of injecting controlled timing faults into the layout of a design using clock glitches and quantifies its vulnerability concerning security properties. If the design is vulnerable, FLAT modifies the layout to tune the fan-in path delays of the security-critical registers as local countermeasures. Unlike system-wide mitigation approaches, these countermeasures incur minimal overheads at an IP or system-on-chip (SoC) design regarding power, performance, and area while ensuring security against timing faults. To demonstrate the effectiveness of FLAT, we perform security assessments on the postlayout designs of various benchmarks e.g., advanced encryption standard (AES), rivest-shamir-adleman (RSA), and floating-point unit (FPU) by targeting major fault injection attack vectors and deploying local countermeasures. These assessments indicate that the FLAT framework adeptly evaluates each design’s susceptibility to timing faults and implements the countermeasures to mitigate this susceptibility to the desired level.