Security Architecture for Point-to-Point Splitting Protocols

International audienceThe security of industrial supervisory control and data acquisition systems (SCADA) has become a major concern since the Stuxnet worm in 2010. As these systems are connected to the physical world, this makes them possibly hazardous if a malicious attacker is able to take over their control. SCADA can live up to 40 years, are particularly hard to patch, and quite often have no security feature at all. Thus, rather than securing them, network segregation is often used to prevent attackers from entering the industrial system. In this paper, we propose a generic solution: embed a point-to-point splitting protocol within a physical device, thus able to physically isolate networks, perform deep packet inspection and also provide encryption if necessary. We obtain a kind of next generation firewall, encompassing at least both diode and firewall features, for which conformity to security policies can be ensured. Then we define a set of associated security properties for such devices and the requirements for such a device's security architecture and filtering rules. Finally, we propose a secure hardware implementation

IoT Components LifeCycle Based Security Analysis

International audienc

SPN-DPUF: Substitution-Permutation Network Based Secure Circuit for Digital PUF

International audienc

Conception and Evaluation of Secure Circuits for Strong Digital PUF

International audienc

Analyzing Software Security Against Complex Fault Models with Frama-C Value Analysis

International audienc

Fault Injection on Hidden Registers in a RISC-V Rocket Processor and Software Countermeasures

International audienc

Fault Injection on Hidden Registers in a RISC-V Rocket Processor and Software Countermeasures

To protect against hardware fault attacks, developers can use software countermeasures. They are generally designed to thwart software fault models such as instruction skip or memory corruption. However, these typical models do not take into account the actual implementation of a processor. By analyzing the processor microarchitecture, it is possible to bypass typical software countermeasures. In this paper, we analyze the vulnerability of a secure code from FISSC (Fault Injection and Simulation Secure Collection), by simulating fault injections in a RISC-V Rocket processor RTL description. We highlight the importance of hidden registers in the processor pipeline, which temporarily hold data during code execution. Secret data can be leaked by attacking these hidden registers. Software countermeasures against such attacks are also proposed

Cross-layer analysis of software fault models and countermeasures against hardware fault attacks in a RISC-V processor

Conference: ASHA Convention. Boston, MA. 2018.International audienceFault injection is a powerful technique for attacking digital systems. Software developers have to take into account hardware fault effects when system security is a concern. Software fault models have been developed in an attempt to predict these faults. However, these models are often designed independently of any hardware consideration and thus raise the problem of realism. The generality of these models often cannot account for the specificities of each architecture. As a consequence, software countermeasures based on such software fault models do not guarantee an effective protection against fault attacks. Processor microarchitecture should be precisely analysed to better understand faulty behaviours. A crosslayer approach can then be developed, using conjointly hardware and software characteristics to design stronger software countermeasures with reasonable overheads. To illustrate this assumption, this paper shows actual faulty behaviours observed in a RISC-V processor RTL simulation, and shows that they can bypass countermeasures designed to protect against faults predicted by typical software fault models

Impact of the Flicker Noise on the Ring Oscillator-based TRNGs

International audienceRing Oscillators (RO) are often used in true random number generators (TRNG). Their jittered clock signal, used as randomness source, originates from thermal and flicker noises. While thermal noise jitter is generally used as the main source of randomness, flicker noise jitter is not due to its autocorrelation. This work aims at qualitatively settling the issue of the influence of flicker noise in TRNGs, as its impact increases in newer technology nodes. For this, we built a RO behavioural model, which generates time series equivalent to a jittered RO signal. It is then used to generate the output of an elementary RO-TRNG. Despite general expectations, the autocorrelation inside the output bit stream is reduced when the amplitude of flicker noise increases. The model shows that this effect is caused by the sampling of the jittered signal by the second oscillator, which hides the behaviour of the absolute jitter, causes resetting of the perceived phase, and suppresses any memory effect. The inclusion of flicker noise as a legitimate noise source can increase the TRNG output bit rate by a factor of four for the same output entropy rate. This observation opens new perspectives towards more efficient stochastic models of the RO-TRNGs

On the Importance of Analysing Microarchitecture for Accurate Software Fault Models

International audienc