Glitch Detection in Hardware Implementations on FPGAs Using Delay Based Sampling Techniques

Glitches are the spurious signal transitions, which occur due to unbalanced path delays at the inputs of a gate. Presence of glitches in a digital system increases the number of signal transitions, thereby increasing the dynamic power consumption of the system. Consequently, overall power consumption, a major design criteria of a digital system, is increased. Furthermore, glitches are shown to be a source of side-channel leakage and can be exploited to enhance the success rate of power analysis attacks against cryptographic applications even in presence of side-channel countermeasures. Therefore, elimination of glitches in digital systems implemented on hardware platforms, such as Field Programmable Gate Arrays (FPGAs), is imperative for low power and secure designs. However, a targeted application of glitch elimination techniques requires precise detection of possible glitches. While post place-and route simulation allows the user to detect and display glitches, it cannot take process variations of the FPGA into account. Furthermore, it relies solely on the accuracy of the simulation model. Hence, the implemented circuit might have glitches that were not exposed by simulation. Therefore, only measuring the actual hardware implementation will show all glitches. These measurements are typically made with high quality, fast, and therefore expensive oscilloscopes. In this paper we introduce a methodology to detect glitches in hardware implementations on FPGAs. We designed a circuit, that can be implemented inside the FPGA along with the circuit under test, which not only detects the presence of glitches but also captures the glitch waveform and the relative location of a glitch with respect to the system clock. To enhance the resolution of the captured waveform we over sample the data multiple times with different phase shifts of the sampling clock. Through our proposed method we can reliably detect glitches with a width as small as 2ns on a Spartan 3E FPGA and determ- ne their location relative to the system clock with a resolution of 20ps.