Modelling Smart Card Security Protocols in SystemC TLM

Smart cards are an example of advanced chip technology. They allow information transfer between the card holder and the system over secure networks, but they contain sensitive data related to both the card holder and the system, that has to be kept private and confidential. The objective of this work is to create an executable model of a smart card system, including the security protocols and transactions, and to examine the strengths and determine the weaknesses by running tests on the model. The security objectives have to be considered during the early stages of systems development and design, an executable model will give the designer the advantage of exploring the vulnerabilities early, and therefore enhancing the system security. The Unified Modeling Language (UML) 2.0 is used to model the smart card security protocol. The executable model is programmed in SystemC with the Transaction Level Modeling (TLM) extensions. The final model was used to examine the effectiveness of a number of authentication mechanisms with different probabilities of failure. In addition, a number of probable attacks on the current security protocol were modeled to examine the vulnerabilities. The executable model shows that the smart card system security protocols and transactions need further improvement to withstand different types of security attacks

Mitigating smart card fault injection with link-time code rewriting: a feasibility study

We present a feasibility study to protect smart card software against fault-injection attacks by means of binary code rewriting. We implemented a range of protection techniques in a link-time rewriter and evaluate and discuss the obtained coverage, the associated overhead and engineering effort, as well as its practical usability

Link-time smart card code hardening

This paper presents a feasibility study to protect smart card software against fault-injection attacks by means of link-time code rewriting. This approach avoids the drawbacks of source code hardening, avoids the need for manual assembly writing, and is applicable in conjunction with closed third-party compilers. We implemented a range of cookbook code hardening recipes in a prototype link-time rewriter and evaluate their coverage and associated overhead to conclude that this approach is promising. We demonstrate that the overhead of using an automated link-time approach is not significantly higher than what can be obtained with compile-time hardening or with manual hardening of compiler-generated assembly code

Integrated Evaluation Platform for Secured Devices

International audienceIn this paper, we describe the structure of a FPGAsmart card emulator. The aim of such an emulator is to improvethe behaviour of the whole architecture when faults occur. Withinthis card, an embedded Advanced Encryption Standard (AES)protected against DFA is inserted as well as a fault injectionblock. We also present the microprocessor core which controlsthe whole card

SystemC-based Minimum Intrusive Fault Injection Technique with Improved Fault Representation

In this paper, we propose a new SystemC-based fault injection technique that has improved fault representation in visible and on-the-fly data and signal registers. The technique is minimum intrusive since it only requires replacing the original data or signal types to fault injection enabler types. We compare the proposed simulation technique with recently reported SystemC-based techniques and show that our technique has fast simulation speed, better fault representation, while maintaining simplicity and minimum intrusion. We demonstrate fault injection capabilities in a behavioural SystemC description of MPEG-2 decoder using proposed technique and show that up to 98.9% fault representation within data and signal registers can be achieved

Differential Behavioral Analysis

International audienceThis paper describes an attack on cryptographic devices calledDifferential Behavioral Analysis (or DBA). This is an hybrid attackbetween two already powerful attacks: differential power analysis(DPA) for the statistical treatment and safe-error attack for the fault type. DBA, simulated on an algorithmic model of AES appears to be very efficient. The attacker is able to recover the entire secret keywith byte-wise \textquotedblleft stuck-at'' faults injected repetitively. A theorical as well as a more realistic approach are presented

Efficient Simulation of Structural Faults for the Reliability Evaluation at System-Level

In recent technology nodes, reliability is considered a part of the standard design ¿ow at all levels of embedded system design. While techniques that use only low-level models at gate- and register transfer-level offer high accuracy, they are too inefficient to consider the overall application of the embedded system. Multi-level models with high abstraction are essential to efficiently evaluate the impact of physical defects on the system. This paper provides a methodology that leverages state-of-the-art techniques for efficient fault simulation of structural faults together with transaction-level modeling. This way it is possible to accurately evaluate the impact of the faults on the entire hardware/software system. A case study of a system consisting of hardware and software for image compression and data encryption is presented and the method is compared to a standard gate/RT mixed-level approac