5,512 research outputs found
Combining High-Level and Low-Level Approaches to Evaluate Software Implementations Robustness Against Multiple Fault Injection Attacks
International audiencePhysical fault injections break security functionalities of algorithms by targeting their implementations. Software techniques strengthen such implementations to enhance their robustness against fault attacks. Exhaustively testing physical fault injections is time consuming and requires complex platforms. Simulation solutions are developed for this specific purpose. We chose two independent tools presented in 2014, the Laser Attack Robustness (Lazart) and the Embedded Fault Simulator (EFS) in order to evaluate software implementations against multiple fault injection attacks. Lazart and the EFS share the common goal that consists in detecting vulnerabilities in the code. However, they operate with different techniques , fault models and abstraction levels. This paper aims at exhibiting specific advantages of both approaches and proposes a combining scheme that emphasizes their complementary nature
SoK: Assisted Fault Simulation - Existing Challenges and Opportunities Offered by AI
Fault injection attacks have caused implementations to behave unexpectedly, resulting in a spectacular bypass of security features and even the extraction of cryptographic keys. Clearly, developers want to ensure the robustness of the software against faults and eliminate production weaknesses that could lead to exploitation. Several fault simulators have been released that promise cost-effective evaluations against fault attacks. In this paper, we set out to discover how suitable such tools are, for a developer who wishes to create robust software against fault attacks. We found four open-source fault simulators that employ different techniques to navigate faults, which we objectively compare and discuss their benefits and drawbacks. Unfortunately, none of the four open-source fault simulators employ artificial intelligence (AI) techniques. However, AI was successfully applied to improve the fault simulation of cryptographic algorithms, though none of these tools is open source. We suggest improvements to open-source fault simulators inspired by the AI techniques used by cryptographic fault simulators
Mitigating smart card fault injection with link-time code rewriting: a feasibility study
We present a feasibility study to protect smart card software against fault-injection attacks by means of binary code rewriting. We implemented a range of protection techniques in a link-time rewriter and evaluate and discuss the obtained coverage, the associated overhead and engineering effort, as well as its practical usability
Characterization of Model-Based Detectors for CPS Sensor Faults/Attacks
A vector-valued model-based cumulative sum (CUSUM) procedure is proposed for
identifying faulty/falsified sensor measurements. First, given the system
dynamics, we derive tools for tuning the CUSUM procedure in the fault/attack
free case to fulfill a desired detection performance (in terms of false alarm
rate). We use the widely-used chi-squared fault/attack detection procedure as a
benchmark to compare the performance of the CUSUM. In particular, we
characterize the state degradation that a class of attacks can induce to the
system while enforcing that the detectors (CUSUM and chi-squared) do not raise
alarms. In doing so, we find the upper bound of state degradation that is
possible by an undetected attacker. We quantify the advantage of using a
dynamic detector (CUSUM), which leverages the history of the state, over a
static detector (chi-squared) which uses a single measurement at a time.
Simulations of a chemical reactor with heat exchanger are presented to
illustrate the performance of our tools.Comment: Submitted to IEEE Transactions on Control Systems Technolog
On Reachable Sets of Hidden CPS Sensor Attacks
For given system dynamics, observer structure, and observer-based
fault/attack detection procedure, we provide mathematical tools -- in terms of
Linear Matrix Inequalities (LMIs) -- for computing outer ellipsoidal bounds on
the set of estimation errors that attacks can induce while maintaining the
alarm rate of the detector equal to its attack-free false alarm rate. We refer
to these sets to as hidden reachable sets. The obtained ellipsoidal bounds on
hidden reachable sets quantify the attacker's potential impact when it is
constrained to stay hidden from the detector. We provide tools for minimizing
the volume of these ellipsoidal bounds (minimizing thus the reachable sets) by
redesigning the observer gains. Simulation results are presented to illustrate
the performance of our tools
Link-time smart card code hardening
This paper presents a feasibility study to protect smart card software against fault-injection attacks by means of link-time code rewriting. This approach avoids the drawbacks of source code hardening, avoids the need for manual assembly writing, and is applicable in conjunction with closed third-party compilers. We implemented a range of cookbook code hardening recipes in a prototype link-time rewriter and evaluate their coverage and associated overhead to conclude that this approach is promising. We demonstrate that the overhead of using an automated link-time approach is not significantly higher than what can be obtained with compile-time hardening or with manual hardening of compiler-generated assembly code
- …