6,317 research outputs found
Classification of Quantum Computer Fault Injection Attacks
The rapid growth of interest in quantum computing has brought about the need
to secure these powerful machines against a range of physical attacks. As qubit
counts increase and quantum computers achieve higher levels of fidelity, their
potential to execute novel algorithms and generate sensitive intellectual
property becomes more promising. However, there is a significant gap in our
understanding of the vulnerabilities these computers face in terms of security
and privacy attacks. Among the potential threats are physical attacks,
including those orchestrated by malicious insiders within data centers where
the quantum computers are located, which could compromise the integrity of
computations and resulting data. This paper presents an exploration of
fault-injection attacks as one class of physical attacks on quantum computers.
This work first introduces a classification of fault-injection attacks and
strategies, including the domain of fault-injection attacks, the fault targets,
and fault manifestations in quantum computers. The resulting classification
highlights the potential threats that exist. By shedding light on the
vulnerabilities of quantum computers to fault-injection attacks, this work
contributes to the development of robust security measures for this emerging
technology.Comment: 7 pages, 4 figure
SCRAMBLE-CFI: Mitigating Fault-Induced Control-Flow Attacks on OpenTitan
Secure elements physically exposed to adversaries are frequently targeted by
fault attacks. These attacks can be utilized to hijack the control-flow of
software allowing the attacker to bypass security measures, extract sensitive
data, or gain full code execution. In this paper, we systematically analyze the
threat vector of fault-induced control-flow manipulations on the open-source
OpenTitan secure element. Our thorough analysis reveals that current
countermeasures of this chip either induce large area overheads or still cannot
prevent the attacker from exploiting the identified threats. In this context,
we introduce SCRAMBLE-CFI, an encryption-based control-flow integrity scheme
utilizing existing hardware features of OpenTitan. SCRAMBLE-CFI confines, with
minimal hardware overhead, the impact of fault-induced control-flow attacks by
encrypting each function with a different encryption tweak at load-time. At
runtime, code only can be successfully decrypted when the correct decryption
tweak is active. We open-source our hardware changes and release our LLVM
toolchain automatically protecting programs. Our analysis shows that
SCRAMBLE-CFI complementarily enhances security guarantees of OpenTitan with a
negligible hardware overhead of less than 3.97 % and a runtime overhead of 7.02
% for the Embench-IoT benchmarks.Comment: Accepted at GLSVLSI'2
Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections
International audienceIn the domain of smart cards, secured devices must be protected against high level attack potential [1]. According to norms such as the Common Criteria [2], the vulnerability analysis must cover the current state-of-the-art in term of attacks. Nowadays, a very classical type of attack is fault injection, conducted by means of laser based techniques. We propose a global approach, called Lazart, to evaluate code robustness against fault injections targeting control flow modifications. The originality of Lazart is twofolds. First, we encompass the evaluation process as a whole: starting from a fault model, we produce (or establish the absence of) attacks, taking into consideration software countermeasures. Furthermore, according to the near state-of-the-art, our methodology takes into account multiple transient fault injections and their combinatory. The proposed approach is supported by an effective tool suite based on the LLVM format [3] and the KLEE symbolic test generator [4]
SCFI: State Machine Control-Flow Hardening Against Fault Attacks
Fault injection (FI) is a powerful attack methodology allowing an adversary
to entirely break the security of a target device. As finite-state machines
(FSMs) are fundamental hardware building blocks responsible for controlling
systems, inducing faults into these controllers enables an adversary to hijack
the execution of the integrated circuit. A common defense strategy mitigating
these attacks is to manually instantiate FSMs multiple times and detect faults
using a majority voting logic. However, as each additional FSM instance only
provides security against one additional induced fault, this approach scales
poorly in a multi-fault attack scenario.
In this paper, we present SCFI: a strong, probabilistic FSM protection
mechanism ensuring that control-flow deviations from the intended control-flow
are detected even in the presence of multiple faults. At its core, SCFI
consists of a hardened next-state function absorbing the execution history as
well as the FSM's control signals to derive the next state. When either the
absorbed inputs, the state registers, or the function itself are affected by
faults, SCFI triggers an error with no detection latency. We integrate SCFI
into a synthesis tool capable of automatically hardening arbitrary unprotected
FSMs without user interaction and open-source the tool. Our evaluation shows
that SCFI provides strong protection guarantees with a better area-time product
than FSMs protected using classical redundancy-based approaches. Finally, we
formally verify the resilience of the protected state machines using a
pre-silicon fault analysis tool
Spartan Daily, March 20, 2003
Volume 120, Issue 40https://scholarworks.sjsu.edu/spartandaily/9836/thumbnail.jp
A Practical Second-Order Fault Attack against a Real-World Pairing Implementation
Several fault attacks against pairing-based
cryptography have been described theoretically in recent
years. Interestingly, none of these have been practically
evaluated. We accomplished this task and prove that fault
attacks against pairing-based cryptography are indeed
possible and are even practical — thus posing a serious
threat. Moreover, we successfully conducted a second-order fault attack against an open source implementation
of the eta pairing on an AVR XMEGA A1. We injected
the first fault into the computation of the Miller Algorithm
and applied the second fault to skip the final exponentiation completely. We introduce a low-cost setup that
allowed us to generate multiple independent faults in one
computation. The setup implements these faults by clock
glitches which induce instruction skips. With this setup we
conducted the first practical fault attack against a complete
pairing computation
COUNTERINSURGENCY OPERATIONS IN THE WEST AFRICA SAHEL REGION: LESSONS FOR GHANA ARMY SPECIAL OPERATIONS FORCES IN NORTHERN GHANA
The thesis assesses the capabilities of the Ghana Army special operations forces (SOF) and how they can be employed to support counterinsurgency (COIN) operations in Ghanaian regions that are threatened by the spread of insurgency in Africa’s Sahel region. The porosity of borders between northern Ghana and Burkina Faso in the Sahel, the similarity of situations between the Sahel and northern Ghana, and the quick spread of the Sahel insurgency to other parts of West Africa have made northern Ghana highly susceptible to the jihadist insurgency. The study analyzes secondary materials and data and finds that, in addition to the latent issues in the Sahel countries, the over-securitization of COIN operations in the Sahel, notably by France, has yielded unimpressive results. From the analysis, the thesis draws useful lessons for Ghana. While best COIN practices require an effective combination of kinetic and non-kinetic strategies, COIN operations in the Sahel have generally been kinetic. This has led to some pundits describing COIN operations in the Sahel as a “security traffic jam.” Based on lessons from the Sahel crisis, assessed capabilities of the Ghana Army SOF, and within a framework of comprehensive COIN operations, the thesis recommends specific tasks for the Ghana Army SOF to support COIN operations in northern Ghana.Lieutenant Colonel, Ghana ArmyApproved for public release. Distribution is unlimited
- …