Detecting Electromagnetic Injection Attack on FPGAs Using In-situ Timing Sensors

With the proliferation of embedded systems and our ever-increasing dependence on them, their security has never been more critical. Electromagnetic fault injection (EMFI) has garnered significant attention after it was found that electromagnetic (EM) pulses can cause faults in hardware and can be used to break security algorithms. In this work, we present an EMFI detector that excels at all quality metrics of a detection mechanism, namely, precision, accuracy, detection rate, and specificity. We developed this detector after careful evaluation of the most recent existing techniques for EMFI detection. We have conducted these evaluations on two different FPGA platforms and presented them in this paper. One of the most unexpected results of our study is that a previously designed sensor that was built based on a particular bit-set/reset fault model and achieved a relatively high-quality detection was, in fact, performing the detection based on a timing/sampling fault model. We conclude that despite the mixed interpretations in the previous work, the timing/sampling fault model is the most plausible way to describe EMFI effects. This work suggests that the EMFI attacks act like localized timing attacks in FPGAs, and we can detect them with low false-positive and false-negative rates using the newly proposed in-situ timing sensors. Our proposed sensors have low cost, are scalable, and can be integrated into any digital design with ease.