524 research outputs found
Design and evaluation of countermeasures against fault injection attacks and power side-channel leakage exploration for AES block cipher
Differential Fault Analysis (DFA) and Power Analysis (PA) attacks, have become the main
methods for exploiting the vulnerabilities of physical implementations of block ciphers, currently used in
a multitude of applications, such as the Advanced Encryption Standard (AES). In order to minimize these
types of vulnerabilities, several mechanisms have been proposed to detect fault attacks. However, these
mechanisms can have a signi cant cost, not fully covering the implementations against fault attacks or not
taking into account the leakage of the information exploitable by the power analysis attacks. In this paper,
four different approaches are proposed with the aim of protecting the AES block cipher against DFA. The
proposed solutions are based on Hamming code and parity bits as signature generators for the internal state of
the AES cipher. These allow to detect DFA exploitable faults, from bit to byte level. The proposed solutions
have been applied to a T-box based AES block cipher implemented on Field Programmable Gate Array
(FPGA). Experimental results suggest a fault coverage of 98.5% and 99.99% with an area penalty of 9%
and 36% respectively, for the parity bit signature generators and a fault coverage of 100% with an area
penalty of 18% and 42% respectively when Hamming code signature generator is used. In addition, none
of the proposed countermeasures impose a frequency degradation, in respect to the unprotected cipher. The
proposed work goes further in the evaluation of the proposed DFA countermeasures by evaluating the impact
of these structures in terms of power side-channel. The obtained results suggest that no extra information
leakage is produced that can be exploited by PA. Overall, the proposed DFA countermeasures provide a
high fault coverage protection with a low cost in terms of area and power consumption and no PA security
degradation
High Speed AES Algorithm to Detect Fault Injection Attacks and Implementation using FPGA
Information security is an essential issue in communication system. Advance Encryption Standard (AES) is utilized as a part of many embedded applications to give data security. Different counter measures are present in AES against fault injection attacks. Plain text and key of 128-bit is given as an input to the system and encryption and decryption operations are performed. Flag error shows the status of fault. Fault is produced randomly during encryption and decryption. For this reason, round transformation is broken into two sections and a pipeline stage is inserted in between. After fault detection one operation is performed that is redundancy check. Detected error or fault is corrected using redundancy check. The scheme is implemented using FPGA
Design of a duplicated fault-detecting AES chip and yet using clock set-up time violations to extract 13 out of 16 bytes of the secret key
International audienceThe secret keys manipulated by cryptographic circuits can be extracted using fault injections associated with differential cryptanalysis techniques [1]. Such faults can be induced by different means such as lasers, voltage glitches, electromagnetic perturbations or clock skews. Several counter-measures have been proposed such as random delay insertions, circuit duplications or error correcting codes. In this paper, we focus on an AES chip in which the circuit duplication principle has been implemented to detect fault injection. We show that faults based on clock set-up time violations can nevertheless be used to defeat the implemented counter-measure
FPGA based remote code integrity verification of programs in distributed embedded systems
The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems
ASSESSING AND IMPROVING THE RELIABILITY AND SECURITY OF CIRCUITS AFFECTED BY NATURAL AND INTENTIONAL FAULTS
The reliability and security vulnerability of modern electronic systems have emerged as concerns due to the increasing natural and intentional interferences. Radiation of high-energy charged particles generated from space environment or packaging materials on the substrate of integrated circuits results in natural faults. As the technology scales down, factors such as critical charge, voltage supply, and frequency change tremendously that increase the sensitivity of integrated circuits to natural faults even for systems operating at sea level. An attacker is able to simulate the impact of natural faults and compromise the circuit or cause denial of service. Therefore, instead of utilizing different approaches to counteract the effect of natural and intentional faults, a unified countermeasure is introduced. The unified countermeasure thwarts the impact of both reliability and security threats without paying the price of more area overhead, power consumption, and required time.
This thesis first proposes a systematic analysis method to assess the probability of natural faults propagating the circuit and eventually being latched. The second part of this work focuses on the methods to thwart the impact of intentional faults in cryptosystems. We exploit a power-based side-channel analysis method to analyze the effect of the existing fault detection methods for natural faults on fault attack. Countermeasures for different security threats on cryptosystems are investigated separately. Furthermore, a new micro-architecture is proposed to thwart the combination of fault attacks and side-channel attacks, reducing the fault bypass rate and slowing down the key retrieval speed. The third contribution of this thesis is a unified countermeasure to thwart the impact of both natural faults and attacks. The unified countermeasure utilizes dynamically alternated multiple generator polynomials for the cyclic redundancy check (CRC) codec to resist the reverse engineering attack
Serberus: Protecting Cryptographic Code from Spectres at Compile-Time
We present Serberus, the first comprehensive mitigation for hardening
constant-time (CT) code against Spectre attacks (involving the PHT, BTB, RSB,
STL and/or PSF speculation primitives) on existing hardware. Serberus is based
on three insights. First, some hardware control-flow integrity (CFI)
protections restrict transient control-flow to the extent that it may be
comprehensively considered by software analyses. Second, conformance to the
accepted CT code discipline permits two code patterns that are unsafe in the
post-Spectre era. Third, once these code patterns are addressed, all Spectre
leakage of secrets in CT programs can be attributed to one of four classes of
taint primitives--instructions that can transiently assign a secret value to a
publicly-typed register. We evaluate Serberus on cryptographic primitives in
the OpenSSL, Libsodium, and HACL* libraries. Serberus introduces 21.3% runtime
overhead on average, compared to 24.9% for the next closest state-of-the-art
software mitigation, which is less secure.Comment: Authors' version; to appear in the Proceedings of the IEEE Symposium
on Security and Privacy (S&P) 202
faulTPM: Exposing AMD fTPMs' Deepest Secrets
Trusted Platform Modules constitute an integral building block of modern
security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are
subject to an ever-increasing academic challenge. While discrete TPMs - as
found in higher-end systems - have been susceptible to attacks on their exposed
communication interface, more common firmware TPMs (fTPMs) are immune to this
attack vector as they do not communicate with the CPU via an exposed bus. In
this paper, we analyze a new class of attacks against fTPMs: Attacking their
Trusted Execution Environment can lead to a full TPM state compromise. We
experimentally verify this attack by compromising the AMD Secure Processor,
which constitutes the TEE for AMD's fTPMs. In contrast to previous dTPM
sniffing attacks, this vulnerability exposes the complete internal TPM state of
the fTPM. It allows us to extract any cryptographic material stored or sealed
by the fTPM regardless of authentication mechanisms such as Platform
Configuration Register validation or passphrases with anti-hammering
protection. First, we demonstrate the impact of our findings by - to the best
of our knowledge - enabling the first attack against Full Disk Encryption
solutions backed by an fTPM. Furthermore, we lay out how any application
relying solely on the security properties of the TPM - like Bitlocker's TPM-
only protector - can be defeated by an attacker with 2-3 hours of physical
access to the target device. Lastly, we analyze the impact of our attack on FDE
solutions protected by a TPM and PIN strategy. While a naive implementation
also leaves the disk completely unprotected, we find that BitLocker's FDE
implementation withholds some protection depending on the complexity of the
used PIN. Our results show that when an fTPM's internal state is compromised, a
TPM and PIN strategy for FDE is less secure than TPM-less protection with a
reasonable passphrase.Comment: *Both authors contributed equally. We publish all code necessary to
mount the attack under https://github.com/PSPReverse/ftpm_attack. The
repository further includes several intermediate results, e.g., flash memory
dumps, to retrace the attack process without possessing the target boards and
required hardware tool
- …