BITFLIP 2025 : CyBer, reliability and Tolerance of FauLts in electronic components

Description

Infos pratiques

• Date

  Du 19 novembre 2025 au 20 novembre 2025 (09:00 - 18:00)
• Emplacement

  Couvent des Jacobins , 20 Place Saint-Anne, 35000 Rennes (France) - Metro lines A & B - Station : Place Saint-Anne
• Ajouter l'exposé à mon agenda

  Ajouter à mon calendrier

Programme du Mercredi 19 novembre

• 09:00 - 09:25

  Welcome session

• 09:25 - 10:10

  Keynote : Régis LEVEUGLE, TIMA Grenoble

  Title : "Digital integrated systems' hardening by design: from Reliability and Safety goals to Security – Pitfalls and challenges"

  Abstract : With the pervasive digitalization of many functions and the soaring of interconnected digital infrastructures and terminals, more and more critical applications have to rely on trustworthy electronics, and in particular dependable integrated systems. 

  Dependability concerns evolved from reliability and availability to additional safety constraints and today increasing hardware security requirements, with applications in e.g., automotive or industrial control systems but also aerospace, health or defense. Adding security to reliability and safety is often seen as seamless complementarity but in fact antagonisms exist during the system design. 

  Usual design flows are mostly focused on area/performance/energy trade-offs, taking into account reliability mainly from the process point of view. Designers must go beyond the automated flows to achieve reliability and/or safety in case of in-field disturbances and e.g., bit-flips occurring during the computations. Such hardening by design adds protection mechanisms that can also help tackling some malicious attacks. 

  Unfortunately, for several reasons, usual mechanisms are not sufficient to achieve hardware security. They can even be counter-productive in some cases. 

  This talk will summarize and illustrate the main pitfalls and highlight the challenges designers are facing when aiming at achieving both reliability/safety and security against hardware attacks. Practical examples will show that too optimistic views can imper the global system trustworthiness and that tackling hardware security constraints adds many requirements and concerns in the whole design flow even when functional safety is already addressed. 

  This talk will mainly focus on hardware hardening, but the main concerns and requirements that will be discussed also apply to embedded software.

• 10:10 - 10:30

  Poster session

• 10:30 - 11:00

  Coffee break

• 11:00 - 11:20

  Antoine BOUVET, ANSSI & Guenaël RENAULT, ANSSI

  Title : "Threat Assessment of Fault Injection Attacks"

  Abstract : Stay tuned

• 11:20 - 11:40

  Ziling LIAO, LIRMM Montpellier

  Title : "Body Bias Injection on the FLASH Memory Accelerator of a 32-bit Microcontroller : fault model"

  Abstract : Program flow attacks involve disrupting the flow of instruction  execution in microcontrollers (MCUs), thereby threatening their operation. While traditional studies focus on program counter or instruction corruptions within pipelines, little attention has been paid to the stages between FLASH memory and the CPU, such as memory accelerators. 

  Body Bias Injection (BBI) is a fault injection  technique in which a voltage pulse is applied to the backside of an integrated circuit, i.e. its substrate, causing localized disruptions in the power network. Despite its proven effectiveness in inducing transient faults, to the best of our knowledge, there is no information on its impact on MCU program flow. 

  Within this context, this paper demonstrates that BBI can efficiently disrupt MCU program flow, causing entire instruction lines to be skipped or repeated. It also shows that the most sensitive part of the MCUs against BBI is likely to be the memory accelerator rather than the processor itself.

• 11:40 - 12:00

  Letícia Maria VEIRAS BOLZANI, IHP

  Title : "Reliability Assessment of Emerging Technology-Based Applications"

  Abstract : Stay tuned

• 12:00 - 13:30

  Lunch Break

• 13:30 - 14:10

  Keynote : Jean Max DUTERTRE, Mines Saint-Etienne

  Title : "Monitoring Fault Injection Attacks with Sensors - Lessons Learned"

  Abstract : The injection of faults into an integrated circuit is the result of a disturbance to its nominal operating conditions or of its exposure to laser or EM stress. These perturbations can be detected by dedicated sensors that trigger an alarm to indicate that an attack is underway. 

  This presentation describes the development and experimental evaluation of digital sensors for monitoring fault injection attacks by laser illumination or EM perturbation. It also presents the lessons learned during their study. The strengths and weaknesses of the considered sensors are described in relation to the associated physical phenomena.

• 14:10 - 14:30

  Gwenn LE GONIDEC, Lab-STICC, Université Bretagne Sud

  Title : "Energy Management Mechanisms Create Security Risks for Application SoCs"

  Abstract : The increasing use of application SoCs for sensitive applications has driven the study of hardware attacks that adapt techniques traditionally used against secure components to these new targets. These attacks generally require physical access to the system. However, the complexity of application SoCs creates a new attack surface at the boundary between software and hardware. New attack vectors are emerging, making it possible to launch hardware attacks with only software access to the victim system, thus enabling remote execution.

  Energy management systems represent such a vulnerability. In 2017, the ClkScrew attack demonstrated that it is possible to perform fault injection by manipulating voltage regulation interfaces, allowing access to resources otherwise inaccessible from the Trusted Execution Environment (TEE). Major TEEs, such as Arm TrustZone and Intel SGX, have implemented countermeasures that hinder the optimal use of energy management mechanisms. New countermeasures proposed in the literature offer interesting perspectives but lack concrete implementations.

  In this presentation, we will provide an overview of remotely feasible energy-based attacks on application SoCs, focusing on recent cross-component attack methods based on the physical properties of the power distribution network. We will also discuss ongoing work to protect TEEs against these threats. Additionally, we will explore how these attacks impact the operational safety of systems and propose avenues for improving the resilience of application SoCs against these threats.

• 14:30 - 14:50

  Pierre-Alain MOELLIC, CEA LETI

  Title : "Hardware parameter-based adversarial attacks against DNN models."

  Abstract : The security of AI models has seen a significant expansion of its attack surface due to the widespread deployment of increasingly complex models across a variety of hardware platforms. Among the many attack vectors, those that directly target manipulations of the trainable parameters of models -parameter-based adversarial attacks - are attracting growing attention, whether during inference, training, or even deployment. 

  In this presentation, we provide a panorama of these threats, examining their real-world applicability in complex systems (e.g., federated learning) and the corresponding defense mechanisms.

• 14:50 - 15:10

  Paul GRANDAMME, Laboratoire Hubert Curien - Saint Etienne

  Title : "Fault injection attacks on unpowered devices"

  Abstract : Fault injection attacks are a widely used technique for evaluating the security of integrated circuits. Most such attacks target powered devices, where active sensors can detect and trigger protection mechanisms. However, these sensors are only effective when the circuit is powered.

  As part of the ANR POP project, this study investigates the vulnerability of unpowered circuits, where said sensors become ineffective. We developed new attack techniques that exploit permanent faults injected into Flash memory using laser and X-ray irradiation.

  The precision of the laser makes it possible to exploits the injected faults in a Persistent Fault Analysis scenario that disrupts the AES algorithm.

  Our findings highlight the need to re-evaluate current security mechanisms in light of this emerging class of attacks targeting unpowered devices.

• 15:10 - 15:30

  Florent MANNI, CNES - Clément COGGIOLA, CNES - Mickaël BRUNO, CNES

  Title : "Dealing with radiative environment : the most unpredictable attacker in space"

  Abstract : In the scope of embedded system development, knowledge of the environment is mandatory for a successful mission. Power consumption, mass, remote command/control are common topics addressed for such projects. In space, you must also consider thermal dissipation constraints (due to lack of air), in flight maintenance and radiations. 

  Radiation are unpredictable and create event like bitflip (SEU) , latchup and performance loss. After a brief introduction regarding the radiation environment, this presentation will focus on mitigation technique and the facilities available to validate these mitigations. Real hardware examples of processing systems will be used to illustrate the presentation.

• 15:30 - 16:00

  Coffee break

• 16:00 - 16:20

  Laurent MAINGAULT, CESTI CEA

  Title : "X-ray attacks on 28-nm technology node devices"

  Abstract : Stay tuned!

• 16:20 - 16:40

  Guillaume BOURG-CAZAN, Microchip

  Title : "Non-Volatile Memories issues against space radiative environment"

  Abstract : Stay tuned!

• 16:40 - 17:00

  Wilfread GUILLEME, IRISA - Inria

  Title : "Hybrid Fault Mitigation for Neural Networks based on Directional and Positional Bit Sensitivity"

  Abstract : This presentation introduces SFI4NN, a statistical fault injection framework designed to analyze bit-level sensitivity in fixed-point quantized neural networks.

   It also presents VANDOR, a lightweight hardware strategy based on the observation that such networks are generally less sensitive to faults that shift values toward zero. 

  Finally, we propose a hybrid protection scheme that combines TMR, VANDOR, and unprotected strategies, applied uniformly to the bits of each parameter. 

  This scheme may vary across layers. The combination allows for fine-grained reliability tuning and helps identify Pareto-optimal trade-offs between enhanced resilience and minimal hardware overhead.

• 17:00 - 17:20

  Kévin QUENEHERVE, Lab-STICC - Université Bretagne Sud

  Title : "Exploring Fault Injection Attacks on CVA6 PMP Configuration Flow"

  Abstract : Fault injection attacks pose a critical threat to embedded systems, especially when they target memory protection mechanisms such as Physical Memory Protection (PMP) in RISC-V processors. Techniques like clock glitching can alter the configuration registers of the PMP mechanism in RISC-V cores, leading to various fault effects such as bit-flips, bit resets, set, and more.

  In this work, we experimentally demonstrate that the PMP mechanism in a RISC-V core is vulnerable to such attacks. We show that by carefully tuning the injection parameters, an attacker can reliably reproduce specific fault effects. This fine-grained fault characterization not only enables more targeted attacks but also guides the design of efficient and appropriate countermeasures.

• 17:20 - 17:40

  Paolo MAISTRI, TIMA Genoble

  Title : "FPGA Assessment Methodology of Adverse X-Ray Effects on Secure Digital Circuits"

  Abstract : Recent research demonstrates the feasibility of X-Ray attacks. Unlike traditional fault injection methods, X-Rays offer precise spatial targeting because of their short wavelength and high penetration power. 

  This allows attackers to selectively target specific regions within a device, from individual transistors to larger blocks. This necessitates a new perspective on hardening techniques, requiring designers to consider the impact of X-Ray irradiation on both fault injection and power consumption. 

  In this talk, we will present how X-Rays can be used to alter the behavior of the system, and lead to enhancing side channel leakage or altering cryptographic primitives implemented on programmable devices.

• 17:40 - 18:00

  Annachiara RUOSPO, Politecnico di Torino - Italy

  Title : "Estimating AI Systems Failure Rates via Statistical Fault Injection: Trade-offs Between Conservative and Iterative Approaches"

  Abstract : The increasing complexity of state-of-the-art computing systems makes reliability assessment methods both computationally demanding and often incompatible with practical timing constraints. Fault Injection (FI) remains one of the most widely used techniques for evaluating the reliability of safety-critical systems. 

  However, with modern hardware comprising billions of transistors and artificial intelligence (AI) models involving trillions of parameters, exhaustively injecting faults across the entire system is unfeasible. Statistical Fault Injection (SFI) addresses this challenge by injecting a representative subset of faults to estimate failure rates within defined error margins and confidence levels.

  This talk will present current methodologies for estimating failure rates in AI systems, focusing on both conservative and iterative SFI approaches. The effectiveness and trade-offs of these techniques will be evaluated using state-of-the-art deep neural network models, with the accuracy of the proposed SFIs benchmarked against results from exhaustive FI campaigns.

Programme du Jeudi 20 novembre

• 09:00 - 09:20

  Gilles GASIOT, ST Microelectronics

  Title : "Overview of STMICROELECTRONICS Space platform in 28nm-FDSOI"

  Abstract : Stay tuned!

• 09:20 - 09:50

  Speakers : NanoXplore/ Onera / Inria Nuclétudes

  Title : "Evaluation of an FPGA in a Highly Radiative Environment"

  Abstract : Stay tuned

• 09:50 - 10:10

  Adrien GRASSEIN, NanoXplore

  Title : "Onysis : European Secure SoC FPGA"

  Abstract : Stay tuned

• 10:10 - 10:30

  Romain WACQUEZ, CEA LETI

  Title : "FAMES Pilot Line: Security by technology for FD-SOI 10nm devices"

  Abstract : To ensure European sovereignty in the semiconductor industry, the European Chip Act supports and finances the creation of 5 pilot lines that aim at enable development and deployment of cutting edge and next generation semiconductor technologies. One of the 5 is FAMES, with 830M€ of budget (CAPEX and OPEX), driven by CEA Leti and targeting the development of 3D technologies, non volatile memories, RF components but FD-SOI 10 nm and 7nm digital nodes. But as As quoted in the European Chips Act, Security has become a major topic across many sectors. 

  Then, security guidelines have been assigned to European Pilot Lines. By exploiting intrinsic vulnerabilities of silicon technologies, HW security cost could be decreased if risks associated to physical attacks (and firstly fault injection) could be taken into account at the development phase of the technology. 

  This is what has been assigned to CEA Leti in the FAMES program. Starting from advantageous security properties of FD-SO in production today, we aim at turning these unique features of the FD-SOI technology into key security feature for the technology nodes to come. Also we will see how a low level model of the attacker could support the development of a digital twin for the evaluation of cyber threats of a digital system, firstly versus fault injection.  

• 10:30 - 11:00

  Coffee break

• 11:00 - 11:20

  Lucas ROQUET, IRISA

  Title : "Cross-Layer Reliability Evaluation and Efficient Hardening of Large Vision Transformers Models"

  Abstract : TVision Transformers (ViTs) are highly accurate Machine Learning (ML) models. However, their large size and complexity increase the expected error rate due to hardware faults. Measuring the error rate of large ViT models is challenging, as conventional microarchitectural fault simulations can take years to produce statistically significant data. 

  This work proposes a two-level evaluation based on data collected through more than 70 hours of neutron beam experiments and more than 600 hours of software fault simulation. We consider 12 ViT models executed in 2 NVIDIA GPU architectures.

   We first characterize the fault model in ViT's kernels to identify the faults more likely to propagate to the output. We then design dedicated procedures efficiently integrated into the ViT to locate and correct these faults. We propose MaxiMum corrupted values (MaxiMals), an experimentally tuned low-cost mitigation solution to reduce the impact of transient faults on ViTs. We demonstrate that MaxiMals can correct 90.7% of critical failures, with execution time overheads as low as 5.61%.

• 11:20 - 11:40

  Olivier POTIN, Mines Saint Etienne

  Title : "Code Encryption for Confidentiality and Execution Integrity down to Control Signals"

  Abstract : Embedded devices face software and physical fault injections to either extract or tamper with code in memory. The code execution and code intellectual property are threatened.

  Some existing countermeasures provide Control Flow Integrity (CFI) with the confidentiality and integrity of the instructions by chaining all of them through a cryptographic encryption primitive. While tampering with instructions in memory is prevented, fault injection attacks can still target the microarchitecture.

  In this work, we introduce a new scheme by chaining the instructions through an encryption with associated control signals. This provides additional authenticity and integrity properties down to the control signals of the microarchitecture’s pipeline. The instructions are stored encrypted in memory. At runtime, prior to being executed, the fetched instructions are decrypted depending on the control signals in the pipeline and all the previously decrypted instructions. In case of fault injections, targeting either instructions or control signals, the decryption process fails and generates random instructions, instead of the original ones. This quickly leads to an invalid instruction exception: the fault attack is thwarted.

  Our scheme was implemented on FPGA, into the 4-stage pipeline of the RISC-V CV32E40P core, using Ascon for encryption/decryption. When running and validating Embench program executions, we observed at least: a LUT overhead of 28.9%, a reduction of the maximum core frequency of about -29.6%. While patches have to be stored, there is neither clock cycle overhead.

• 11:40 - 12:00

  Patrice BENARD, 3D+

  Title : "Radiation tolerant electronic and Anti-tamper technology for harsh environment"

  Abstract : Stay tuned!

• 12:00 - 13:30

  Lunch break

• 13:30 - 13:50

  Marion LE PENVEN, Airbus Defence and Space

  Title : "NG-Ultra Application Development Ecosystem"

  Abstract : NG-Ultra, the first 100% European radiation-hardened FPGA + System-on-Chip (SoC), is now available to all. In such a complex component, a mature and exhaustive ecosystem is a key factor in its industrial use. In our current context, no industry can afford for each new project to start from scratch with all the hardware (HW) functional blocks coding for a 500k LUT FPGA and to implement software (SW) on 4 processing cores. Development time and costs would be too great. That’s why having a complete ecosystem is essential in reducing development times and costs for any new target.Thus, for more than 5 years now, Airbus Defence and Space (ADS) has focused on building a complete ecosystem and framework with NanoXplore (NX). 

  This includes:
  •    SoC generic Low-Level Software for the different modules of the SoC and for the SoC boot step
  •    Software integration & debug tools, using the ARM environment and external debug probes
  •    A comprehensive set of VHDL IPs common to all NGUltra-based applications and their associated Low-Level SW packages. This IP set also aims to standardise the SoC/FPGA interface and the HW/SW interface for all future ADS applications.
  •    ADS-made scripts and manual analysis methods to automatise place and route and to exploit the new Impulse toolchain at its maximum.Beyond the NG-Ultra target, most VHDL IPs and scripts are directly reusable on the Ultra-300 FPGA from NX as it has the same architecture and same silicon technology node. Moreover, most VHDL IPs are also reusable on other FPGA targets, helping to rapidly build a backbone code for most future ADS applications.
   

• 13:50 - 14:10

  Stéphane BAUDRAND, MBDA

  Title : "Virtual Platform for Simulation-based Heterogenous System-On-Chip Verification and Validation"

  Abstract : Stay tuned!
   

• 14:10 - 14:30

  Nicolas VAN SPAANDONCK, Wind River

  Title : "Improve the robustness of your embedded software by using the Simics virtual platform and hardware fault injection"

  Abstract : In addition to hardware testing in high-radiation environments, especially for the aerospace industry, using a virtual platform simulating the hardware brings numerous benefits, from design to deployment.

  A virtual platform such as Simics enhances the reliability and security of embedded software by enabling the execution of tests that are difficult to perform on real hardware, such as hardware fault injection not only in memory, but also on the communication peripherals of complex system on chips.

• 14:30 - 14:50

  Mathieu JAN, CEA LIST - Damien COUROUSSE, CEA LIST

  Title : "Robustness Analysis of Microarchitectures Against Fault Injection Attacks"

  Abstract : Recent research highlights the need to analyze the effects of faults at the microarchitectural level of processors in order to fully understand the consequences of such attacks at the software level. In this context, this presentation will introduce our pre-silicon, exhaustive, and automated methodology capable of modeling interactions between hardware and software layers, along with the recent results obtained. 

  Using formal verification techniques, this methodology has, for instance, enabled us to identify a new vulnerability in the secure core of OpenTitan. We will conclude with some perspectives, notably the use of fault models derived from experimental characterizations, aiming at conducting combined analyses at both the microarchitectural and software levels.

• 14:50 - 15:10

  Laurent LE BRIZOUAL, IETR - Université de Rennes

  Title : "TCAD Simulation of laser fault injection"

  Abstract : Stay tuned!

• 15:10 - 15:30

  Luc NOIZETTE, Nuclétudes

  Title : "Using High Level Profiling Data to Early Assess the Fault Tolerance of Complex Digital Components"

  Abstract : Stay tuned!

• 15:30 - 16:00

  Coffee break

• 16:00 - 16:20

  Jean Max DUTERTRE, Mines Saint-Etienne

  Title : "Betrayed by light – Using Photon Emission Microscopy as an Enabler of Laser Fault
  Injection"

  Abstract : Stay tuned!

• 16:20 - 16:40

  Ludovic CLAUDEPIERRE, IETR - Université de Rennes

  Title : "Attacking hardware with photons: laser injection and photo-emission"

  Abstract : Stay tuned!

• 16:40 - 17:00

  Jérémie QUERREUX, DGA MI - Franck SALVADOR, Thalès CESTI - Alexandre BOJU, Alphanov)

  Title : "Optical probing custom bench for component security analysis"

  Abstract : Stay tuned!

• 17:00 - 17:10

  Closing & poster session reward