109 research outputs found
Differential Analysis of Round-Reduced AES Faulty Ciphertexts
International audienceThis paper describes new Round Reduction analysis attacks on an Advanced Encryption Standard (AES) implemen- tation by laser fault injection. The previous round reduction attacks require both of spatial and temporal accuracies in order to execute only one, two or nine rounds. We present new attacks by more flexible fault injection conditions. Our experiments are carried out on an 8-bit microcontroller which embeds a software AES with pre-calculated round keys. Faults are injected either into the round counter itself or into the reference of its total round number. The attacks may result to the use of a faulty round key at the last one or two executed rounds. The cryptanalysis of the obtained round-reduced faulty ciphertexts resorts to the differentiation techniques used by Differential Fault Analysis
Impact of Low-bitwidth Quantization on the Adversarial Robustness for Embedded Neural Networks
As the will to deploy neural networks models on embedded systems grows, and
considering the related memory footprint and energy consumption issues, finding
lighter solutions to store neural networks such as weight quantization and more
efficient inference methods become major research topics. Parallel to that,
adversarial machine learning has risen recently with an impressive and
significant attention, unveiling some critical flaws of machine learning
models, especially neural networks. In particular, perturbed inputs called
adversarial examples have been shown to fool a model into making incorrect
predictions. In this article, we investigate the adversarial robustness of
quantized neural networks under different threat models for a classical
supervised image classification task. We show that quantization does not offer
any robust protection, results in severe form of gradient masking and advance
some hypotheses to explain it. However, we experimentally observe poor
transferability capacities which we explain by quantization value shift
phenomenon and gradient misalignment and explore how these results can be
exploited with an ensemble-based defense
Investigation of Near-Field Pulsed EMI at IC Level
International audienceThis article describes the use of a near-field electromagnetic pulse EMP injection technique in order to perform a hardware cryptanalysis of the AES algorithm. This characterization technique is based on the fact that conductors, such as the rails of a Power Distribution Network PDN which is one of the primary EMI risk factors, act as antennas for the radiated EMP energy. This energy induces high electrical currents in the PDN responsible for the violation of the integrated circuit's timing constraints. This modification of the chip's behavior is then exploited in order to recover the AES key by using cryptanalysis techniques based on Differential Fault Analysis (DFA)
Fault Injection and Safe-Error Attack for Extraction of Embedded Neural Network Models
Model extraction emerges as a critical security threat with attack vectors
exploiting both algorithmic and implementation-based approaches. The main goal
of an attacker is to steal as much information as possible about a protected
victim model, so that he can mimic it with a substitute model, even with a
limited access to similar training data. Recently, physical attacks such as
fault injection have shown worrying efficiency against the integrity and
confidentiality of embedded models. We focus on embedded deep neural network
models on 32-bit microcontrollers, a widespread family of hardware platforms in
IoT, and the use of a standard fault injection strategy - Safe Error Attack
(SEA) - to perform a model extraction attack with an adversary having a limited
access to training data. Since the attack strongly depends on the input
queries, we propose a black-box approach to craft a successful attack set. For
a classical convolutional neural network, we successfully recover at least 90%
of the most significant bits with about 1500 crafted inputs. These information
enable to efficiently train a substitute model, with only 8% of the training
dataset, that reaches high fidelity and near identical accuracy level than the
victim model.Comment: Accepted at SECAI Workshop, ESORICS 202
A Closer Look at Evaluating the Bit-Flip Attack Against Deep Neural Networks
Deep neural network models are massively deployed on a wide variety of
hardware platforms. This results in the appearance of new attack vectors that
significantly extend the standard attack surface, extensively studied by the
adversarial machine learning community. One of the first attack that aims at
drastically dropping the performance of a model, by targeting its parameters
(weights) stored in memory, is the Bit-Flip Attack (BFA). In this work, we
point out several evaluation challenges related to the BFA. First of all, the
lack of an adversary's budget in the standard threat model is problematic,
especially when dealing with physical attacks. Moreover, since the BFA presents
critical variability, we discuss the influence of some training parameters and
the importance of the model architecture. This work is the first to present the
impact of the BFA against fully-connected architectures that present different
behaviors compared to convolutional neural networks. These results highlight
the importance of defining robust and sound evaluation methodologies to
properly evaluate the dangers of parameter-based attacks as well as measure the
real level of robustness offered by a defense.Comment: Extended version from IEEE IOLTS'2022 short pape
A unified formalism for side-channel and fault attacks on cryptographic circuits
National audienceSecurity is a key component for information technologies and communication. Security is a very large research area involved in the whole information technology, related to both hardware and software. This paper focuses on hardware security, and more specifically on hardware cryptanalysis whose aim is to extract confidential information (such as encryption keys) from cryptographic circuits. Many physical cryptanalysis techniques have been proposed in the last ten years but they always belong to one of those very distinct categories: fault and side channel attacks. In this article, a formal link between these two categories is proposed. To the best of our knowledge, this is the first time that a wide class of attacks is described in such a generic manner
Fault Injection on Embedded Neural Networks: Impact of a Single Instruction Skip
With the large-scale integration and use of neural network models, especially
in critical embedded systems, their security assessment to guarantee their
reliability is becoming an urgent need. More particularly, models deployed in
embedded platforms, such as 32-bit microcontrollers, are physically accessible
by adversaries and therefore vulnerable to hardware disturbances. We present
the first set of experiments on the use of two fault injection means,
electromagnetic and laser injections, applied on neural networks models
embedded on a Cortex M4 32-bit microcontroller platform. Contrary to most of
state-of-the-art works dedicated to the alteration of the internal parameters
or input values, our goal is to simulate and experimentally demonstrate the
impact of a specific fault model that is instruction skip. For that purpose, we
assessed several modification attacks on the control flow of a neural network
inference. We reveal integrity threats by targeting several steps in the
inference program of typical convolutional neural network models, which may be
exploited by an attacker to alter the predictions of the target models with
different adversarial goals.Comment: Accepted at DSD 2023 for AHSA Special Sessio
Electrical modeling of the photoelectric effect induced by a pulsed laser applied to an SRAM cell
International audienceThis abstract presents an electrical model of an SRAM cell exposed to a pulsed Photoelectrical Laser Stimulation (PLS), based on our past model of MOS transistor under laser illumination. The validity of our model is assessed by the very good correlation obtained between measurements and electrical simulation. These simulations are capable to explain some specific points. For example, in theory, a SRAM cell under PLS have four sensitive areas. But in measurements only three areas were revealed. A hypothesis was presented in this paper and confirm by electrical simulation. The specific topology of the cell masks one sensitive area. Therefore the electrical model could be used as a tool of characterization of a CMOS circuits under PLS
Electromagnetic glitch on the AES round counter
International audienceThis article presents a Round Addition Analysis on a software implementation of the Advanced Encryption Standard (AES) algorithm. The round keys are computed on-the-fly during each encryption. A non-invasive transient fault injection is achieved on the AES round counter. The attack is performed by injecting a very short electromagnetic glitch on a 32-bit microcontroller based on the arm Cortex-M3 processor. Using this experimental setup, we are able to disrupt the round counter increment at the end of the penultimate round and execute one additional round. This faulty execution enables us to recover the encryption key with only two pairs of corresponding correct and faulty ciphertexts
- …