Formal verification of a software countermeasure against instruction skip attacks

Fault attacks against embedded circuits enabled to define many new attack paths against secure circuits. Every attack path relies on a specific fault model which defines the type of faults that the attacker can perform. On embedded processors, a fault model consisting in an assembly instruction skip can be very useful for an attacker and has been obtained by using several fault injection means. To avoid this threat, some countermeasure schemes which rely on temporal redundancy have been proposed. Nevertheless, double fault injection in a long enough time interval is practical and can bypass those countermeasure schemes. Some fine-grained countermeasure schemes have also been proposed for specific instructions. However, to the best of our knowledge, no approach that enables to secure a generic assembly program in order to make it fault-tolerant to instruction skip attacks has been formally proven yet. In this paper, we provide a fault-tolerant replacement sequence for almost all the instructions of the Thumb-2 instruction set and provide a formal verification for this fault tolerance. This simple transformation enables to add a reasonably good security level to an embedded program and makes practical fault injection attacks much harder to achieve

Experimental evaluation of two software countermeasures against fault attacks

Injection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection with glitches or electromagnetic pulses could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller. We provide some necessary conditions for an efficient implementation of those countermeasure schemes in practice. We also evaluate their efficiency and highlight their limitations. To the best of our knowledge, no experimental evaluation of the security of such instruction-level countermeasure schemes has been published yet.Comment: 6 pages, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), Arlington : United States (2014

Sécurisation de programmes assembleur face aux attaques visant les processeurs embarqués

This thesis focuses on the security of embedded programs against fault injection attacks. Due to the spreadings of embedded systems in our common life, development of countermeasures is important.First, a fault model based on practical experiments with a pulsed electromagnetic fault injection technique has been built. The experimental results show that the injected faults were due to the corruption of the bus transfers between the Flash memory and the processor’s pipeline. Such faults enable to perform instruction replacements, instruction skips or to corrupt some data transfers from the Flash memory.Although replacing an instruction with another very specific one is very difficult to control, skipping an instruction seems much easier to perform in practice and has been observed very frequently. Furthermore many simple attacks can carried out with an instruction skip. A countermeasure that prevents such instruction skip attacks has been designed and formally verified with model-checking tool. The countermeasure replaces each instruction by a sequence of instructions. However, this countermeasure does not protect the data loads from the Flash memory. To do this, it can be combined with another assembly-level countermeasure that performs a fault detection. A first experimental test of these two countermeasures has been achieved, both on isolated instructions and complex codes from a FreeRTOS implementation. The proposed countermeasure appears to be a good complement for this detection countermeasure and allows to correct some of its flaws.Cette thèse s'intéresse à la sécurité des programmes embarqués face aux attaques par injection de fautes. La prolifération des composants embarqués et la simplicité de mise en œuvre des attaques rendent impérieuse l'élaboration de contre-mesures.Un modèle de fautes par l'expérimentation basé sur des attaques par impulsion électromagnétique a été élaboré. Les résultats expérimentaux ont montré que les fautes réalisées étaient dues à la corruption des transferts sur les bus entre la mémoire Flash et le pipeline du processeur. Ces fautes permettent de réaliser des remplacements ou des saut d'instructions ainsi que des modifications de données chargées depuis la mémoire Flash. Le remplacement d'une instruction par une autre bien spécifique est très difficile à contrôler ; par contre, le saut d'une instruction ciblée a été observé fréquemment, est plus facilement réalisable, et permet de nombreuses attaques simples. Une contre-mesure empêchant ces attaques par saut d'instruction, en remplaçant chaque instruction par une séquence d'instructions, a été construite et vérifiée formellement à l'aide d'outils de model-checking. Cette contre-mesure ne protège cependant pas les chargements de données depuis la mémoire Flash. Elle peut néanmoins être combinée avec une autre contre-mesure au niveau assembleur qui réalise une détection de fautes. Plusieurs expérimentations de ces contre-mesures ont été réalisées, sur des instructions isolées et sur des codes complexes issus d'une implémentation de FreeRTOS. La contre-mesure proposée se révèle être un très bon complément pour cette contre-mesure de détection et permet d'en corriger certains défauts

Fault attacks on two software countermeasures

Short version of the article "Experimental evaluation of two software countermeasures against fault attacks" presented at the 2014 IEEE Symposium on Hardware-Oriented Security and Trust (HOST) in May 2014.International audienceInjection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller

Electromagnetic glitch on the AES round counter

International audienceThis article presents a Round Addition Analysis on a software implementation of the Advanced Encryption Standard (AES) algorithm. The round keys are computed on-the-fly during each encryption. A non-invasive transient fault injection is achieved on the AES round counter. The attack is performed by injecting a very short electromagnetic glitch on a 32-bit microcontroller based on the arm Cortex-M3 processor. Using this experimental setup, we are able to disrupt the round counter increment at the end of the penultimate round and execute one additional round. This faulty execution enables us to recover the encryption key with only two pairs of corresponding correct and faulty ciphertexts

Can the impact of bed closure in intensive care units be reliably monitored?

Objective: To assess the properties of various indicators aimed at monitoring the impact on the activity and patient outcome of a bed closure in a surgical intensive care unit (ICU). Design: Comparison before and after the intervention. Setting: A surgical ICU at a university hospital. Patients: All patients admitted to the unit over two periods of 10months. Intervention: Closure of one bed out of 17. Measurements and results: Activity and outcome indicators in the ICU and the structures upstream from it (emergency department, operative theater, recovery room) and downstream from it (intermediate care units). After the bed closure, the monthly medians of admitted patients and ICU hospital days increased from 107 (interquartile range 94-112) to 113 (106-121, P=0.07) and from 360 (325-443) to 395 (345-436, P=0.48), respectively, along with the linear trend observed in our institution. All indicators of workload, patient severity, and outcome remained stable except for SAPS II score, emergency admissions, and ICU readmissions, which increased not only transiently but also on a mid-term basis (10months), indicating that the process of patient care delivery was no longer predictable. Conclusions: Health care systems, including ICUs, are extraordinary flexible, and can adapt to multiple external constraints without altering commonly used activity and outcome indicators. It is therefore necessary to set up multiple indicators to be able to reliably monitor the impact of external interventions and intervene rapidly when the system is no longer under contro

Specific phenolic compounds and sensory properties of a new dealcoholized red wine with pomegranate (Punica granatum L.) extract

The pomegranate (Punica granatum L.) fruit has a long history of human consumption and possesses notable antioxidant and cardiovascular properties. This work evaluated the feasibility to provide a new functional beverage based on a dealcoholized red wine matrix supplemented by a pomegranate extract. The potential bioactive compounds in the pomegranate extract, punicalagin A and B and ellagic acid, were analyzed during the downstream process in order to evaluate the functional dose in the final beverage. The addition of pomegranate extract to the dealcoholized red wine resulted in a product with more intense yeast odor, acidity, yeast flavor, and astringency and with a less intense berry flavor. Consumer acceptance of the product was also investigated and the results revealed the existence of a niche of consumers willing to consume dealcoholized wine enriched with pomegranate extract. After tasting, 50% and 40% of those consumers initially interested by this product concept declared to be interested to purchase the control sample and the functional beverage, respectively. The daily consumption of two servings of 250 mL of this new pomegranate-enriched dealcoholized wine provides 82 mg of total ellagitannins, corresponding to the sum of punicalagin A and B and ellagic acid

ElectroMagnetic Analysis and Fault Injection onto Secure Circuits

International audienceImplementation attacks are a major threat to hardware cryptographic implementations. These attacks exploit the correlation existing between the computed data and variables such as computation time, consumed power, and electromagnetic (EM) emissions. Recently, the EM channel has been proven as an effective passive and active attack technique against secure implementations. In this paper, we review the recent results obtained on this subject, with a particular focus on EM as a fault injection tool

Identification and Characterization of a Novel Family of Cysteine-Rich Peptides (MgCRP-I) from Mytilus galloprovincialis

We report the identification of a novel gene family (named MgCRP-I) encoding short secreted cysteine-rich peptides in the Mediterranean mussel Mytilus galloprovincialis. These peptides display a highly conserved pre-pro region and a hypervariable mature peptide comprising six invariant cysteine residues arranged in three intramolecular disulfide bridges. Although their cysteine pattern is similar to cysteines-rich neurotoxic peptides of distantly related protostomes such as cone snails and arachnids, the different organization of the disulfide bridges observed in synthetic peptides and phylogenetic analyses revealed MgCRP-I as a novel protein family. Genome- and transcriptome-wide searches for orthologous sequences in other bivalve species indicated the unique presence of this gene family in Mytilus spp. Like many antimicrobial peptides and neurotoxins, MgCRP-I peptides are produced as pre-propeptides, usually have a net positive charge and likely derive from similar evolutionary mechanisms, that is, gene duplication and positive selection within the mature peptide region; however, synthetic MgCRP-I peptides did not display significant toxicity in cultured mammalian cells, insecticidal, antimicrobial, or antifungal activities. The functional role of MgCRP-I peptides in mussel physiology still remains puzzling

Climate Change and Management Impacts on Soybean N Fixation, Soil N Mineralization, N2O Emissions, and Seed Yield

Limited knowledge about how nitrogen (N) dynamics are affected by climate change, weather variability, and crop management is a major barrier to improving the productivity and environmental performance of soybean-based cropping systems. To fill this knowledge gap, we created a systems understanding of agroecosystem N dynamics and quantified the impact of controllable (management) and uncontrollable (weather, climate) factors on N fluxes and soybean yields. We performed a simulation experiment across 10 soybean production environments in the United States using the Agricultural Production Systems sIMulator (APSIM) model and future climate projections from five global circulation models. Climate change (2020–2080) increased N mineralization (24%) and N2O emissions (19%) but decreased N fixation (32%), seed N (20%), and yields (19%). Soil and crop management practices altered N fluxes at a similar magnitude as climate change but in many different directions, revealing opportunities to improve soybean systems’ performance. Among many practices explored, we identified two solutions with great potential: improved residue management (short-term) and water management (long-term). Inter-annual weather variability and management practices affected soybean yield less than N fluxes, which creates opportunities to manage N fluxes without compromising yields, especially in regions with adequate to excess soil moisture. This work provides actionable results (tradeoffs, synergies, directions) to inform decision-making for adapting crop management in a changing climate to improve soybean production systems