Paper 2022/602

Real-Time Frequency Detection to Synchronize Fault Injection on System-on-Chip

Clément Fanjas, Clément Gaine, Driss Aboulkassimi, Simon Pontié, and Olivier Potin


The success rate of Fault Injection (FI) and Side-Channel Analysis (SCA) depends on the quality of the synchronization available in the target. As the modern SoCs implement complex hardware architectures able to run at high-speed frequency, the synchronization of hardware security characterization becomes therefore a real challenge. However when I/Os are unavailable, unreachable or if the synchronization quality is not sufficient, other triggering methodologies should be investigated. This paper proposes a new synchronization approach named Synchronization by Frequency Detection (SFD), which does not use the target I/Os. This approach consists in the identification of a vulnerability following a specific code responsible for the activation of a characteristic frequency which can be detected in the EM field measured from the target. A real time analysis of EM field is applied in order to trigger the injection upon the detection of this characteristic frequency. For validating the proof-of-concept of this new triggering methodology, this paper presents an exploitation of the SFD concept against the Android Secure-Boot of a smartphone-grade SoC. By triggering the attack upon the activation of a frequency at 124.5 MHz during a RSA signature computation, we were able to synchronize an electromagnetic fault injection to skip a vulnerable instruction in the Linux Kernel Authentication. We successfully bypassed this security feature, effectively running Android OS with a compromised Linux Kernel with one success every 15 minutes.

Available format(s)
Publication info
Preprint. MINOR revision.
Secure BootFault injectionSide-ChannelSystem on Chip
Contact author(s)
simon pontie @ cea fr
clement fanjas @ cea fr
driss aboulkassimi @ cea fr
oliver potin @ emse fr
2022-05-17: received
Short URL
Creative Commons Attribution


      author = {Clément Fanjas and Clément Gaine and Driss Aboulkassimi and Simon Pontié and Olivier Potin},
      title = {Real-Time Frequency Detection to Synchronize Fault Injection on System-on-Chip},
      howpublished = {Cryptology ePrint Archive, Paper 2022/602},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.