19,543 research outputs found
Experimental evaluation of two software countermeasures against fault attacks
Injection of transient faults can be used as a way to attack embedded
systems. On embedded processors such as microcontrollers, several studies
showed that such a transient fault injection with glitches or electromagnetic
pulses could corrupt either the data loads from the memory or the assembly
instructions executed by the circuit. Some countermeasure schemes which rely on
temporal redundancy have been proposed to handle this issue. Among them,
several schemes add this redundancy at assembly instruction level. In this
paper, we perform a practical evaluation for two of those countermeasure
schemes by using a pulsed electromagnetic fault injection process on a 32-bit
microcontroller. We provide some necessary conditions for an efficient
implementation of those countermeasure schemes in practice. We also evaluate
their efficiency and highlight their limitations. To the best of our knowledge,
no experimental evaluation of the security of such instruction-level
countermeasure schemes has been published yet.Comment: 6 pages, 2014 IEEE International Symposium on Hardware-Oriented
Security and Trust (HOST), Arlington : United States (2014
Power analysis on smartcard algorithms using simulation
This paper presents the results from a power analysis of the AES and RSA algorithms by\ud
simulation using the PINPAS tool. The PINPAS tool is capable of simulating the power\ud
consumption of assembler programs implemented in, amongst others, Hitachi H8/300\ud
assembler. The Hitachi H8/300 is a popular CPU for smartcards. Using the PINPAS tool, the\ud
vulnerability for power analysis attacks of straightforward AES and RSA implementations is\ud
examined. In case a vulnerability is found countermeasures are added to the implementation\ud
that attempt to counter power analysis attacks. After these modifications the analysis is\ud
performed again and the new results are compared to the original results
Formal Analysis of CRT-RSA Vigilant's Countermeasure Against the BellCoRe Attack: A Pledge for Formal Methods in the Field of Implementation Security
In our paper at PROOFS 2013, we formally studied a few known countermeasures
to protect CRT-RSA against the BellCoRe fault injection attack. However, we
left Vigilant's countermeasure and its alleged repaired version by Coron et al.
as future work, because the arithmetical framework of our tool was not
sufficiently powerful. In this paper we bridge this gap and then use the same
methodology to formally study both versions of the countermeasure. We obtain
surprising results, which we believe demonstrate the importance of formal
analysis in the field of implementation security. Indeed, the original version
of Vigilant's countermeasure is actually broken, but not as much as Coron et
al. thought it was. As a consequence, the repaired version they proposed can be
simplified. It can actually be simplified even further as two of the nine
modular verifications happen to be unnecessary. Fortunately, we could formally
prove the simplified repaired version to be resistant to the BellCoRe attack,
which was considered a "challenging issue" by the authors of the countermeasure
themselves.Comment: arXiv admin note: substantial text overlap with arXiv:1401.817
Detecting time-fragmented cache attacks against AES using Performance Monitoring Counters
Cache timing attacks use shared caches in multi-core processors as side
channels to extract information from victim processes. These attacks are
particularly dangerous in cloud infrastructures, in which the deployed
countermeasures cause collateral effects in terms of performance loss and
increase in energy consumption. We propose to monitor the victim process using
an independent monitoring (detector) process, that continuously measures
selected Performance Monitoring Counters (PMC) to detect the presence of an
attack. Ad-hoc countermeasures can be applied only when such a risky situation
arises. In our case, the victim process is the AES encryption algorithm and the
attack is performed by means of random encryption requests. We demonstrate that
PMCs are a feasible tool to detect the attack and that sampling PMCs at high
frequencies is worse than sampling at lower frequencies in terms of detection
capabilities, particularly when the attack is fragmented in time to try to be
hidden from detection
- …