Body Biasing Injection (BBI) is considered as a recent fault injection technique. The main idea of BBI is to apply a voltage pulse onto the backside of the integrated circuit die by using a needle. According to previous works, this method is able to inject local faults but it may require chip decapsulation in order to be in contact with the die substrate. In this work, we first highlight a very compact BBI setup using a homemade programmable BBI injector, which is able to inject voltage pulses up to 250V. Then, we use this injector to induce perturbations on the hardware AES accelerator of a recent SoC. The obtained faults are exploitable and allow us to perform a Differential Fault Attack (DFA) efficiently to recover the secret key.
Karim M. Abdellatif currently works as a hardware security expert at Ledger. There, he aims at evaluating hardware wallets against fault injection and side-channel attacks. He holds a PhD. in embedded security from Sorbonne university. Previously, Karim was a hardware security engineer at Morpho, France.