A fault model for conducted intentional electromagnetic interferences

Abstract

Experimental setups used in electromagnetic compatibility tests can be used as platforms for fault injections. Faulting an equipment is a mean for a malevolent attacker to extract secret information. Compared to other fault injection setups, those based on EMC tests provide three advantages: non-invasivity, absence of synchronization, and frequency selectivity. This injection technique therefore allows the attacker to perform analysis with little knowledge of the targeted equipment. To assess the potential of this attack, a characterization of its effects is needed. This is the purpose of this paper. More precisely, our contributions are twofold: First of all, we observe that the faults are reproducible. Second, we show that the fault model is compatible with known attacks.