Formal verification of a software countermeasure against instruction skip attacks

Fault attacks against embedded circuits enabled to define many new attack paths against secure circuits. Every attack path relies on a specific fault model which defines the type of faults that the attacker can perform. On embedded processors, a fault model consisting in an assembly instruction skip can be very useful for an attacker and has been obtained by using several fault injection means. To avoid this threat, some countermeasure schemes which rely on temporal redundancy have been proposed. Nevertheless, double fault injection in a long enough time interval is practical and can bypass those countermeasure schemes. Some fine-grained countermeasure schemes have also been proposed for specific instructions. However, to the best of our knowledge, no approach that enables to secure a generic assembly program in order to make it fault-tolerant to instruction skip attacks has been formally proven yet. In this paper, we provide a fault-tolerant replacement sequence for almost all the instructions of the Thumb-2 instruction set and provide a formal verification for this fault tolerance. This simple transformation enables to add a reasonably good security level to an embedded program and makes practical fault injection attacks much harder to achieve

Differential Behavioral Analysis

International audienceThis paper describes an attack on cryptographic devices calledDifferential Behavioral Analysis (or DBA). This is an hybrid attackbetween two already powerful attacks: differential power analysis(DPA) for the statistical treatment and safe-error attack for the fault type. DBA, simulated on an algorithmic model of AES appears to be very efficient. The attacker is able to recover the entire secret keywith byte-wise \textquotedblleft stuck-at'' faults injected repetitively. A theorical as well as a more realistic approach are presented

Physical functions : the common factor of side-channel and fault attacks ?

International audienceSecurity is a key component for information technologies and communication. Among the security threats, a very important one is certainly due to vulnerabilities of the integrated circuits that implement cryptographic algorithms. These electronic devices (such as smartcards) could fall into the hands of malicious people and then could be sub-ject to "physical attacks". These attacks are generally classified into two categories : fault and side-channel attacks. One of the main challenges to secure circuits against such attacks is to propose methods and tools to estimate as soundly as possible, the efficiency of protections. Numer-ous works attend to provide tools based on sound statistical techniques but, to our knowledge, only address side-channel attacks. In this article, a formal link between fault and side-channel attacks is presented. The common factor between them is what we called the 'physical' function which is an extension of the concept of 'leakage function' widely used in side-channel community. We think that our work could make possible the re-use (certainly modulo some adjustments) for fault attacks of the strong theoretical background developed for side-channel attacks. This work could also make easier the combination of side-channel and fault attacks and thus, certainly could facilitate the discovery of new attack paths. But more importantly, the notion of physical functions opens from now new challenges about estimating the protection of circuits

Experimental evaluation of two software countermeasures against fault attacks

Injection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection with glitches or electromagnetic pulses could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller. We provide some necessary conditions for an efficient implementation of those countermeasure schemes in practice. We also evaluate their efficiency and highlight their limitations. To the best of our knowledge, no experimental evaluation of the security of such instruction-level countermeasure schemes has been published yet.Comment: 6 pages, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), Arlington : United States (2014

Compiler-based Countermeasure Against Fault Attacks

International audiencePhysical attacks especially fault attacks represent one themajor threats against embedded systems. In the state ofthe art, software countermeasures against fault attacks areeither applied at the source code level where it will verylikely be removed at compilation time, or at assembly levelwhere several transformations need to be performed on theassembly code and lead to considerable overheads both interms of code size and execution time. This paper presentsthe use of compiler techniques to efficiently automate theapplication of software countermeasures against instruction-skip fault attacks. We propose a modied LLVM compilerthat considers our security objectives throughout the compi-lation process. Experimental results illustrate the effective-ness of this approach on AES implementations running onan ARM-based microcontroller in terms of security overheadcompared to existing solutions

Investigation of Near-Field Pulsed EMI at IC Level

International audienceThis article describes the use of a near-field electromagnetic pulse EMP injection technique in order to perform a hardware cryptanalysis of the AES algorithm. This characterization technique is based on the fact that conductors, such as the rails of a Power Distribution Network PDN which is one of the primary EMI risk factors, act as antennas for the radiated EMP energy. This energy induces high electrical currents in the PDN responsible for the violation of the integrated circuit's timing constraints. This modification of the chip's behavior is then exploited in order to recover the AES key by using cryptanalysis techniques based on Differential Fault Analysis (DFA)

Runtime Code Polymorphism as a Protection against Physical Attacks

International audienceWe present a generic framework for runtime code polymorphism,applicable to a large class of computing platforms up to embeddedsystems with low computing resources (e.g. microcontrollers withfew kilo-bytes of memory). Code polymorphism is dened as the abilityto change the observable behaviour of a software component withoutchanging its functional properties. In our framework, code polymorphismis achieved thanks to runtime code generation, which oers many leversfor code transformations: we describe the use of random register allocation,random instruction selection, instruction shuing and insertion ofnoise instructions.We evaluate the eectiveness of our framework againstdierential power analysis and its overhead impact. As compared to areference implementation of AES where the cipher key could be recoveredby DPA in less than 50 traces in average, in our implementation thekey cipher could not be extracted after 10000 traces. Our experimentalevaluation shows a moderate impact in terms of performance overhead

Fault attacks on two software countermeasures

Short version of the article "Experimental evaluation of two software countermeasures against fault attacks" presented at the 2014 IEEE Symposium on Hardware-Oriented Security and Trust (HOST) in May 2014.International audienceInjection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller

A unified formalism for side-channel and fault attacks on cryptographic circuits

National audienceSecurity is a key component for information technologies and communication. Security is a very large research area involved in the whole information technology, related to both hardware and software. This paper focuses on hardware security, and more specifically on hardware cryptanalysis whose aim is to extract confidential information (such as encryption keys) from cryptographic circuits. Many physical cryptanalysis techniques have been proposed in the last ten years but they always belong to one of those very distinct categories: fault and side channel attacks. In this article, a formal link between these two categories is proposed. To the best of our knowledge, this is the first time that a wide class of attacks is described in such a generic manner

Experimental validation of a Bulk Built-In Current Sensor for detecting laser-induced currents

International audience—Bulk Built-In Current Sensors (BBICS) were developed to detect the transient bulk currents induced in the bulk of integrated circuits when hit by ionizing particles or pulsed laser. This paper reports the experimental evaluation of a complete BBICS architecture, designed to simultaneously monitor PMOS and NMOS transistors, under Photoelectric Laser Stimulation (PLS). The obtained results are the first experimental proof of the efficiency of BBICS in laser fault injection detection attempts. Furthermore, this paper highlights the importance of BBICS tapping in a sensitive area (logical gates) for improved laser detection. It studies the performances of this BBICS architecture and suggests modifications for its future implementation