Fault Attacks In Symmetric Key Cryptosystems

Fault attacks are among the well-studied topics in the area of cryptography. These attacks constitute a powerful tool to recover the secret key used in the encryption process. Fault attacks work by forcing a device to work under non-ideal environmental conditions (such as high temperature) or external disturbances (such as glitch in the power supply) while performing a cryptographic operation. The recent trend shows that the amount of research in this direction; which ranges from attacking a particular primitive, proposing a fault countermeasure, to attacking countermeasures; has grown up substantially and going to stay as an active research interest for a foreseeable future. Hence, it becomes apparent to have a comprehensive yet compact study of the (major) works. This work, which covers a wide spectrum in the present day research on fault attacks that fall under the purview of the symmetric key cryptography, aims at fulfilling the absence of an up-to-date survey. We present mostly all aspects of the topic in a way which is not only understandable for a non-expert reader, but also helpful for an expert as a reference

SoK: Parameterization of Fault Adversary Models - Connecting Theory and Practice

Since the first fault attack by Boneh et al. in 1997, various physical fault injection mechanisms have been explored to induce errors in electronic systems. Subsequent fault analysis methods of these errors have been studied, and successfully used to attack many cryptographic implementations. This poses a significant challenge to the secure implementation of cryptographic algorithms. To address this, numerous countermeasures have been proposed. Nevertheless, these countermeasures are primarily designed to protect against the particular assumptions made by the fault analysis methods. These assumptions, however, encompass only a limited range of the capabilities inherent to physical fault injection mechanisms. In this paper, we narrow our focus to fault attacks and countermeasures specific to ASICs, and introduce a novel parameterized fault adversary model capturing an adversary\u27s control over an ASIC. We systematically map (a) the physical fault injection mechanisms, (b) adversary models assumed in fault analysis, and (c) adversary models used to design countermeasures into our introduced model. This model forms the basis for our comprehensive exploration that covers a broad spectrum of fault attacks and countermeasures within symmetric key cryptography as a comprehensive survey. Furthermore, our investigation highlights a notable misalignment among the adversary models assumed in countermeasures, fault attacks, and the intrinsic capabilities of the physical fault injection mechanisms. Through this study, we emphasize the need to reevaluate existing fault adversary models, and advocate for the development of a unified model

Combined Threshold Implementation

Physical security is an important aspect of devices for which an adversary can manipulate the physical execution environment. Recently, more and more attention has been directed towards a security model that combines the capabilities of passive and active physical attacks, i.e., an adversary that performs fault-injection and side-channel analysis at the same time. Implementing countermeasures against such a powerful adversary is not only costly but also requires the skillful combination of masking and redundancy to counteract all reciprocal effects. In this work, we propose a new methodology to generate combined-secure circuits. We show how to transform TI-like constructions to resist any adversary with the capability to tamper with internal gates and probe internal wires. For the resulting protection scheme, we can prove the combined security in a well-established theoretical security model. Since the transformation preserves the advantages of TI-like structures, the resulting circuits prove to be more efficient in the number of required bits of randomness (up to 100%), the latency in clock cycles (up to 40%), and even the area for pipelined designs (up to 40%) than the state of the art for an adversary restricted to manipulating a single gate and probing a single wire

Security of esoteric firmware and trusted execution environments

Computer systems have become deeply integrated into everyday life and become more complex in order to satisfy functionality requirements. In modern vehicles, there are multiple embedded devices of different architectures, connected together to improve the driving experience. Modern computers including PC and server systems are also becoming a piece of embedded system with multiple components. Apart from the main Central Processing Unit (CPU), there are multiple microcontrollers on the motherboard. Additionally, modern architectures often provide a Trusted Execution Environment (TEE) which aims to provide a secure environment to protect the information used in it, even if the device is under the attacker's control. These new developments in computer systems raise new challenges to security analysis. With multiple devices and microcontrollers of different architectures used in the system, firmware analyses have become a challenging task. Besides, with the complex design of x86 systems, the threat model of TEE, where the device holder can be considered malicious, has not been fully evaluated. In this thesis, we contributed to three aspects of the security analysis of the after-mentioned systems. Firstly, MetaEmu provides an architecture-agnostic emulator for re-hosting firmware of different architectures, which makes dynamic analysis possible for esoteric firmware. Furthermore, the firmware partitioning method introduced in Incision makes it easier to dissect large firmware blobs to aid manual analysis. Secondly, with the analysis of Voltage Regulator Module (VRM) and TEE on Intel platforms, which is Intel SGX, we developed VoltPillager, a low-cost tool for injecting messages on the Serial Voltage Identification bus between the CPU and the voltage regulator on the motherboard. This allows us to precisely control the CPU core voltage. We leverage this powerful tool to mount the first hardware-based fault-injection attacks that breach confidentiality and integrity of Intel SGX enclaves. This attack would require a rethink of the SGX adversarial model, where a cloud provider is untrusted and has physical access to the hardware. Last, but not least, PMFault investigated the board-level security of server motherboards. With the analysis of Baseboard Management Controller (BMC) firmware and the motherboard design, we showcase new attacks which utilize the software-hardware interface exposed by microcontrollers on the motherboard. These attacks can cause serious security vulnerabilities, including leak of sensitive information in SGX and permanent damage to the CPU. This work gives a new perspective in the security evaluation of modern computer systems, which is board-level security analysis