Automatic methods for protection of cryptographic hardware against fault attacks

Since several years, the number of electronic devices in use has been strongly rising, especially in the field of embedded systems. From automotive applications or smartphones, to smaller area and power restricted embedded systems, such as Internet of Things (IoT) devices or smart cards, the wide availability of these systems induces a need for data protection. The implementation of hardware cryptographic primitives on Application Specific Integrated Circuit (ASIC) or Field Programmable Gate Array (FPGA) aims to fulfil the security requirements, while providing faster and lower power encryption than software based solutions on microprocessors, especially in the case of constrained resources. However, cryptographic solutions can be attacked, even if the encryption scheme is proven secure. One possible way to do so is through physical attacks, such as Side-Channel Analysis (SCA), for example by analysing their power consumption, or fault injection attacks, which disturb the computation in a way that allows an attacker to recover the secret key. As such, it is of the utmost relevance to implement cryptographic algorithms in a way that minimises the risk of physical attacks, as well as implement some counter-measures to prevent them, for instance Error Correcting Codes (ECC). Moreover, the evaluation of aforementioned cryptographic hardware and counter-measures is not generally done automatically, but rather empirically. This results in a need for the automation of both counter-measures generation and physical hardware checking against attacks. This thesis will focus on the automation of both aspects. Firstly, Error Detecting Code (EDC), as well as ECC, counter-measures are presented. Their goal is to stop faults from disturbing the encryption process. A discussion on the differences between natural (i.e induced by natural factors such as ageing or cosmic rays) and malicious faults is given in a subsequent chapter, as well as an analysis of the limitations of the evaluation of ECC. This is followed by the presentation of new architectures based on a new class of robust EDC, aimed at preventing multiple faults. They are scalable by construction, and as such it is possible to automatically choose an appropriate EDC implementation with regards to the constraint of the protected hardware. The architectures ensure the detection of faults injected by a strong adversary (who has the ability to inject precise faults on a temporal and spatial level), as well as the correction of low-multiplicity faults. The structure of the implementation, an inner-outer code based construction, and more specifically an efficient decoding method are further detailed, as well as some additional tweaks. Finally, the implementation is validated against physical fault injection on a SAKURA-G FPGA platform, and the results further reinforce the need for such architectures. The second part of the thesis will consider attack scenarios, and more precisely fault attacks. The automatic evaluation of hardware implementations of cryptographic primitives will be the main focus. In this regard, this thesis considers a particular type of fault attacks, hardware based Algebraic Fault Attacks (AFA). AFAs are at the border between mathematical cryptanalysis and physical fault injection attacks. They combine information from fault disturbed encryptions with some cipher description, in order to build an attack and recover the secret key. This work considers the hardware implementations of different ciphers as the source of algebraic information. In such regards, a framework for automated creation of AFAs has been developed in collaboration with the chair of computer architecture of the University of Freiburg. The framework takes the description of the cipher, in Hardware Description Language (HDL) or gate level, as well as a defined fault model as inputs, and through a series of steps, builds an attack in order to recovers the secret key. The detailed steps are presented in this thesis. The automatic generation of attack scenario for a considered cipher allows for an evaluation of any cipher implementation, including any potential changes or optimisation made against different attack scenarios. The framework itself was tested on a variety of different Substitution and Permutation Network (SPN), and some counter-measures. Physical realisation of fault attacks are also considered, from an implementation of the SAKURA-G FPGA platform, as well as software simulations of an idealised fault model. The constructed attacks were successful and the results are discussed, as well as the implication of multiple fault injections for solving. Finally, some counter-measures are considered, in order to validate or invalidate their effectiveness against AFAs

Small Scale AES Toolbox: Algebraic and Propositional Formulas, Circuit-Implementations and Fault Equations

Cryptography is one of the key technologies ensuring security in the digital domain. As such, its primitives and implementations have been extensively analyzed both from a theoretical, cryptoanalytical perspective, as well as regarding their capabilities to remain secure in the face of various attacks. One of the most common ciphers, the Advanced Encryption Standard (AES) (thus far) appears to be secure in the absence of an active attacker. To allow for the testing and development of new attacks or countermeasures a small scale version of the AES with a variable number of rounds, number of rows, number of columns and data word size, and a complexity ranging from trivial up to the original AES was developed. In this paper we present a collection of various implementations of the relevant small scale AES versions based on hardware (VHDL and gate-level), algebraic representations (Sage and CoCoA) and their translations into propositional formulas (in CNF). Additionally, we present fault attack equations for each version. Having all these resources available in a single and well structured package allows researchers to combine these different sources of information which might reveal new patterns or solving strategies. Additionally, the fine granularity of difficulty between the different small scale AES versions allows for the assessment of new attacks or the comparison of different attacks

Locking-enabled security analysis of cryptographic circuits

Hardware implementations of cryptographic primitives require protection against physical attacks and supply chain threats. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In this article, we study the consequences of applying logic locking, a popular design-for-trust solution against intellectual property piracy and overproduction, to cryptographic circuits. We show that the ability to unlock the circuit incorrectly gives the adversary new powerful attack options. We introduce LEDFA (locking-enabled differential fault analysis) and demonstrate for several ciphers and families of locking schemes that fault attacks become possible (or consistently easier) for incorrectly unlocked circuits. In several cases, logic locking has made circuit implementations prone to classical algebraic attacks with no fault injection needed altogether. We refer to this “zero-fault” version of LEDFA by the term LEDA, investigate its success factors in-depth and propose a countermeasure to protect the logic-locked implementations against LEDA. We also perform test vector leakage assessment (TVLA) of incorrectly unlocked AES implementations to show the effects of logic locking regarding side-channel leakage. Our results indicate that logic locking is not safe to use in cryptographic circuits, making them less rather than more secure

TRANSMISSION BI-DIRECTIONNELLE À 100 GB/S AVEC ADAPTATION DE MODE DANS UNE FIBRE ANTI-RÉSONANTE À CAPILLAIRES IMBRIQUÉS

International audienceUne transmission Ethernet bi-directionnelle à 100 Gb/s dans la bande O dans une fibre anti-résonante à capillaires imbriqués est démontrée pour la première fois à notre connaissance.Le couplage dans la fibre est optimisé grâce à une fibre micro-lentillée à gradient d’indice

Risk Factors of Extended-Spectrum β-Lactamase Producing Enterobacteriaceae Occurrence in Farms in Reunion, Madagascar and Mayotte Islands, 2016–2017

In South Western Indian ocean (IO), Extended-Spectrum β-Lactamase producing Enterobacteriaceae (ESBL-E) are a main public health issue. In livestock, ESBL-E burden was unknown. The aim of this study was estimating the prevalence of ESBL-E on commercial farms in Reunion, Mayotte and Madagascar and genes involved. Secondly, risk factors of ESBL-E occurrence in broiler, beef cattle and pig farms were explored. In 2016–2017, commercial farms were sampled using boot swabs and samples stored at 4 °C before microbiological analysis for phenotypical ESBL-E and gene characterization. A dichotomous questionnaire was performed. Prevalences observed in all production types and territories were high, except for beef cattle in Reunion, which differed significantly. The most common ESBL gene was blaCTX-M-1. Generalized linear models explaining ESBL-E occurrence varied between livestock production sectors and allowed identifying main protective (e.g., water quality control and detergent use for cleaning) and risk factors (e.g., recent antibiotic use, other farmers visiting the exploitation, pet presence). This study is the first to explore tools for antibiotic resistance management in IO farms. It provides interesting hypothesis to explore about antibiotic use in IO territories and ESBL-E transmission between pig, beef cattle and humans in Madagascar