Formal verification of a software countermeasure against instruction skip attacks

Fault attacks against embedded circuits enabled to define many new attack paths against secure circuits. Every attack path relies on a specific fault model which defines the type of faults that the attacker can perform. On embedded processors, a fault model consisting in an assembly instruction skip can be very useful for an attacker and has been obtained by using several fault injection means. To avoid this threat, some countermeasure schemes which rely on temporal redundancy have been proposed. Nevertheless, double fault injection in a long enough time interval is practical and can bypass those countermeasure schemes. Some fine-grained countermeasure schemes have also been proposed for specific instructions. However, to the best of our knowledge, no approach that enables to secure a generic assembly program in order to make it fault-tolerant to instruction skip attacks has been formally proven yet. In this paper, we provide a fault-tolerant replacement sequence for almost all the instructions of the Thumb-2 instruction set and provide a formal verification for this fault tolerance. This simple transformation enables to add a reasonably good security level to an embedded program and makes practical fault injection attacks much harder to achieve

Simulation based estimation of branching models for LTR retrotransposons

Motivation: LTR retrotransposons are mobile elements that are able, like retroviruses, to copy and move inside eukaryotic genomes. In the present work, we propose a branching model for studying the propagation of LTR retrotransposons in these genomes. This model allows to take into account both positions and degradations of LTR retrotransposons copies. In our model, the duplication rate is also allowed to vary with the degradation level. Results: Various functions have been implemented in order to simulate their spread and visualization tools are proposed. Based on these simulation tools, we show that an accurate estimation of the parameters of this propagation model can be performed. We applied this method to the study of the spread of the transposable elements ROO, GYPSY, and DM412 on a chromosome of \textit{Drosophila melanogaster}. Availability: Our proposal has been implemented using Python software. Source code is freely available on the web at https://github.com/SergeMOULIN/retrotransposons-spread.Comment: 7 pages, 3 figures, 7 tables. Submit to "Bioiformatics" on March 1, 201

Experimental evaluation of two software countermeasures against fault attacks

Injection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection with glitches or electromagnetic pulses could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller. We provide some necessary conditions for an efficient implementation of those countermeasure schemes in practice. We also evaluate their efficiency and highlight their limitations. To the best of our knowledge, no experimental evaluation of the security of such instruction-level countermeasure schemes has been published yet.Comment: 6 pages, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), Arlington : United States (2014

La difficile articulation entre les espaces du quotidien chez les enfants sans logement

International audienceDe plus en plus d'enfants vivent avec leurs parents dans des structures d'hébergement collectif ou des hôtels sociaux, à défaut de pouvoir se loger. Ces familles pauvres font ainsi l'expérience d'un système où règne le provisoire, et qui se traduit en particulier par une forte instabilité résidentielle. À partir notamment d'une enquête sur un échantillon aléatoire de 232 enfants âgés de six à douze ans révolus, c'est-à-dire en âge d'être scolarisés en primaire, cet article montre que cet épisode sans domicile limite les pratiques et les relations sociales des enfants dans différents espaces du quotidien : le lieu d'hébergement, le quartier de résidence ou les environs de l'école

Numerical study of an optimization problem for mosaic active imaging

5International audienceIn this paper, we focus on the restoration of an image in mosaic active imaging. This emerging imaging technique consists in acquiring a mosaic of images (laser shots) by focusing a laser beam on a small portion of the target object and subsequently moving it to scan the whole field of view. To restore the whole image from such a mosaic, a prior work proposed a simplified forward model describing the acquisition process. It also provides a prior on the acquisition parameters. Together with a prior on the distribution of images, this leads to a MAP estimate alternating between the estimation of the restored image and the estimation of these parameters. The novelty of the current paper is twofold: (i) We provide a numerical study and argue that faster convergence can be achieved for estimating the acquisition parameters; (ii) we show that the results from this earlier work are improved when the laser shots are acquired according to a more compact pattern

Bayesian image restoration for mosaic active imaging

International audienceIn this paper, we focus on the restoration of images acquired with a new active imaging concept. This new instrument generates a mosaic of active imaging acquisitions. We first describe a simplified forward model of this so-called ''mosaic active imaging''. We also assume a prior on the distribution of images, using the \ac{TV}, and deduce a restoration algorithm. This algorithm iterates one step for the estimation of the restored image and one step for the estimation of the acquisition parameters. We then provide the details useful to the implementation of these two steps. In particular, we show that the image estimation can be performed with graph-cuts. This allows a fast resolution of this image estimation step. Finally, we detail numerical experiments showing that acquisitions made with a mosaic active imaging device can be restored even under severe noise levels, with few acquisitions

Proof of concept for microarray-based detection of DNA-binding oncogenes in cell extracts

The function of DNA-binding proteins is controlled not just by their abundance, but mainly at the level of their activity in terms of their interactions with DNA and protein targets. Moreover, the affinity of such transcription factors to their target sequences is often controlled by co-factors and/or modifications that are not easily assessed from biological samples. Here, we describe a scalable method for monitoring protein-DNA interactions on a microarray surface. This approach was designed to determine the DNA-binding activity of proteins in crude cell extracts, complementing conventional expression profiling arrays. Enzymatic labeling of DNA enables direct normalization of the protein binding to the microarray, allowing the estimation of relative binding affinities. Using DNA sequences covering a range of affinities, we show that the new microarray-based method yields binding strength estimates similar to low-throughput gel mobility-shift assays. The microarray is also of high sensitivity, as it allows the detection of a rare DNA-binding protein from breast cancer cells, the human tumor suppressor AP-2. This approach thus mediates precise and robust assessment of the activity of DNA-binding proteins and takes present DNA-binding assays to a high throughput leve

Fault attacks on two software countermeasures

Short version of the article "Experimental evaluation of two software countermeasures against fault attacks" presented at the 2014 IEEE Symposium on Hardware-Oriented Security and Trust (HOST) in May 2014.International audienceInjection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller