FIND NEWAE TECHNOLOGY PRODUCTS ON MOUSER ELECTRONICS
.png)
Clock Glitching
Clock glitching is one of the oldest and most widely used methods of fault injection. It requires inserting short glitches into the device clock, which causes timing violations inside the device.
​
The result of a clock glitch can be a device skipping an instruction, changing data, or executing an incorrect instruction.
Crowbar Glitching
Voltage glitching varies the device voltage during execution, causing instructions to be skipped, incorrect data to be used/stored, or instructions to be mutated.
​
The ChipWhisperer uses a simple "crowbar" method that can be applied on both low-power and high-power targets.
​
This method has a crowbar which shorts the power to the target device. This works on both our own targets, as well as in-circuit targets.
Synchronous Sampling
A regular oscilloscope has an internal time-base which defines when samples of the power trace are taken.
​
Power analysis is about measuring how power as a target performs certain operations. Fundamentally, these operations occur relative to a clock on the target. When capturing with an oscilloscope, there is some changing delay between the device clock and the next sample point.
​
Fig 1: The time delay between the device clock rising edge and sample point (red circles on power trace) varies, as there is no phase relationship between the oscilloscope timebase and the device clock. This requires running the oscilloscope at fast sample rates (5x-10x device clock speed) to reduce the potential phase jitter.
With an oscilloscope, you need to sample at a high rate to reduce this delay (jitter).
ChipWhisperer instead uses a synchronous sampling method, which generates a sample clock —perfectly locked to the target device clock. It allows you to multiply and phase-shift the sample clock, while still maintaining consistent time alignment.
​
Fig 2: ChipWhisperer maintains a constant phase relationship between the two clocks. The sample clock can still run faster than the device clock (here running 2x as fast), but the sample points are always at consistent locations within the device clock cycles. This allows ChipWhisperer hardware to be effective at only 1x to 4x the device clock rate.