Multi-Level Formal Analysis, A New Direction for Fault Injection Attack?

Abstract

International audience<p>Fault injection attack is an extremely pow-erful technique to extract secrets from an embeddedsystem. Since their introduction, a large number ofcountermeasures have been proposed. Unfortunately,they suffer from two major drawbacks: a very high coston system performance, and a security frequently ques-tioned. The first point can be explained by their design,based on techniques from Reliability domain, which re-sult in solutions protecting against fault models eitherhighly improbable in a context of attack, or that donot permit secret extraction. At the opposite, the sec-ond point is due to the use of an incomplete attackermodel for the security evaluation at design step. In thispaper, we propose a new approach: multi-level formalverification, based on models encompassing the capabil-ities of the attacker, the susceptibility to faults of thehardware platform hosting the implementation, and theconstraints imposed by the algorithm used for secretextraction. We first explain that the success of a faultinjection attack depends solely on races between signals,which can be analyzed automatically. Then, we performa multi-level evaluation on a hardware implementationof AES-128, which shows that the overhead of a coun-termeasure can be divided by eight while maintainingan almost identical level of security. Finally, we extendthe model to electromagnetic injection.</p