4 research outputs found

    Foundations and practice of security : 6th international symposium, FPS 2013, La Rochelle, France, October 21-22, 2013, revised selected papers

    No full text
    International audienceThis book constitutes the carefully refereed post-proceedings of the 6th Symposium on Foundations and Practice of Security, FPS 2013, held in La Rochelle, France, in October 2013. The 25 revised full papers presented together with a keynote address were carefully reviewed and selected from 65 submissions. The papers are organized in topical sections on security protocols, formal methods, physical security, attack classification and assessment, access control, cipher attacks, ad-hoc and sensor networks, resilience and intrusion detectio

    Reduction in the Number of Fault Injections for Blind Fault Attack on SPN Block Ciphers

    Get PDF
    In 2014, a new fault analysis called blind fault attack (BFA) was proposed, in which attackers can only obtain the number of different faulty outputs without knowing the public data. The original BFA requires 480,000 fault injections to recover a 128-bit AES key. This work attempts to reduce the number of fault injections under the same attack assumptions. We analyze BFA from an information theoretical perspective and introduce a new probability-based distinguisher. Three approaches are proposed for different attack scenarios. The best one realized a 66.8% reduction of the number of fault injections on AES

    LJGS: Gradual Security Types for Object-Oriented Languages

    Get PDF
    LJGS is a lightweight Java core calculus with a gradual security type system. The calculus guarantees secure information flow for sequential, class-based, typed object-oriented programming with mutable objects and virtual method calls. An LJGS program is composed of fragments that are checked either statically or dynamically. Statically checked fragments adhere to a security type system so that they incur no run-time penalty whereas dynamically checked fragments rely on run-time security labels. The programmer marks the boundaries between static and dynamic checking with casts so that it is always clear whether a program fragment requires run-time checks. LJGS requires security annotations on fields and methods. A field annotation either specifies a fixed static security level or it prescribes dynamic checking. A method annotation specifies a constrained polymorphic security signature. The types of local variables in method bodies are analyzed flow-sensitively and require no annotation. The dynamic checking of fields relies on a static points-to analysis to approximate implicit flows. We prove type soundness and non-interference for LJGS

    Dynamic Laser Fault Injection Aided by Quiescent Photon Emissions in Embedded Microcontrollers: Apparatus, Methodology and Attacks

    Get PDF
    Internet of Things (IoT) is becoming more integrated in our daily life with the increasing number of embedded electronic devices interacting together. These electronic devices are often controlled by a Micro-Controller Unit (MCU). As an example, it is estimated that today’s well-equipped automobile uses more than 50 MCUs. Some MCUs contain cryptographic co-processors to enhance the security of the exchanged and stored data with a common belief that the data is secured and safe. However many MCUs have been shown to be vulnerable to Fault Injection (FI) attacks. These attacks can reveal shared secrets, firmware, and other confidential information. In addition, this extracted information obtained by attacks can lead to identification of new vulnerabilities which may scale to attacks on many devices. In general, FI on MCUs corrupt data or corrupt instructions. Although it is assumed that only authorized personnel with access to cryptographic secrets will gain access to confidential information in MCUs, attackers in specialized labs nowadays may have access to high-tech equipment which could be used to attack these MCUs. Laser Fault Injection (LFI) is gaining more of a reputation for its ability to inject local faults rather than global ones due to its precision, thus providing a greater risk of breaking security in many devices. Although publications have generally discussed the topic of security of MCUs, attack techniques are diverse and published LFI provides few and superficial details about the used experimental setup and methodology. Furthermore, limited research has examined the combination of both LFI and Photo-Emission Microscopy (PEM), direct modification of instructions using the LFI, control of embedded processor resets using LFI, and countermeasures which simultaneously thwart other aspects including decapsulation and reverse engineering (RE). This thesis contributes to the study of the MCUs’ security by analyzing their susceptibility to LFI attacks and PEM. The proposed research aims to build a LFI bench from scratch allowing maximum control of laser parameters. In addition, a methodology for analysis of the Device Under Attack (DUA) in preparation for LFI is proposed, including frontside/backside decapsulation methods, and visualization of the structure of the DUA. Analysis of attack viability of different targets on the DUA, including One-Time Programmable (OTP) memory, Flash memory and Static Random Access Memory (SRAM) was performed. A realistic attack of a cryptographic algorithm, such as Advanced Encryption Standard (AES) using LFI was conducted. On the other hand, countermeasures to the proposed attack techniques, including decapsulation/RE, LFI and PEM, were discussed. This dissertation provides a summary for the necessary background and experimental setup to study the possibility of LFI and PEM in different DUAs of two different technologies, specifically PIC16F687 and ARM Cortex-M0 LPC1114FN28102. Attacks performed on on-chip peripherals such as Universal Asynchronous Receiver/Transmitter (UART) and debug circuity reveal new vulnerabilities. This research is important for understanding attacks in order to design countermeasures for securing future hardware
    corecore