Sneaky Glitch: A Clock Glitch Generator to attack the AMD-Xilinx PLL
Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
Cryptographic algorithms are indispensable from today’s world and often require high-throughput implementations accelerated by specialized hardware like field programmable gate arrays (FPGAs). However, these implementations are vulnerable to side-channel attacks such as clock glitch attacks. This paper presents a clock glitch generator designed to insert glitches into a clock signal using only FPGA clocking resources to ensure signal purity. By incorporating an FPGA-internal calibration method, the start and width of the glitches can be set with a precision of 0.53°, equal to 14.8 ps, for a 100 MHz clock. The generator’s architecture allows glitches to be inserted in the positive and the negative phase of the clock. This increases the versatility of the possible attacks. The clock glitch generator was used to attack both the mixed-mode clock manager (MMCM) and phase-locked loop (PLL) primitives within the 7-Series and Ultrascale+ family. Despite the PLL’s ability to filter out clock glitches, an attack scenario was successfully identified that stealthily increased the output frequency of a 7-Series MMCM and PLL by up to 68%.