Abstract
Fault attacks on cryptographic software use faulty ciphertext to reverse engineer the secret encryption key. Although modern fault analysis algorithms are quite efficient, their practical implementation is complicated because of the uncertainty that comes with the fault injection process. First, the intended fault effect may not match the actual fault obtained after fault injection. Second, the logic target of the fault attack, the cryptographic software, is above the abstraction level of physical faults. The resulting uncertainty with respect to the fault effects in the software may degrade the efficiency of the fault attack, resulting in many more trial fault injections than the amount predicted by the theoretical fault attack. In this contribution, we highlight the important role played by the processor microarchitecture in the development of a fault attack. We introduce the microprocessor fault sensitivity model to systematically capture the fault response of a microprocessor pipeline. We also propose Microarchitecture-Aware Fault Injection Attack (MAFIA). MAFIA uses the fault sensitivity model to guide the fault injection and to predict the fault response. We describe two applications for MAFIA. First, we demonstrate a biased fault attack on an unprotected Advanced Encryption Standard (AES) software program executing on a seven-stage pipelined Reduced Instruction Set Computer (RISC) processor. The use of the microprocessor fault sensitivity model to guide the attack leads to an order of magnitude fewer fault injections compared to a traditional, blind fault injection method. Second, MAFIA can be used to break known software countermeasures against fault injection. We demonstrate this by systematically breaking a collection of state-of-the-art software fault countermeasures. These two examples lead to the key conclusion of this work, namely that software fault attacks become much more harmful and effective when an appropriate microprocessor fault sensitivity model is used. This, in turn, highlights the need for better fault countermeasures for software.
- Subidh Ali and Debdeep Mukhopadhyay. 2011. An improved differential fault analysis on AES-256. In Proc. of AFRICACRYPT’11. 332--347. Google ScholarCross Ref
- Josep Balasch, Benedikt Gierlichs, and Ingrid Verbauwhede. 2011. An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In Proc. of FDTC’11. 105--114. Google ScholarDigital Library
- Hagai Bar-El, Hamid Choukri, David Naccache, Michael Tunstall, and Claire Whelan. 2006. The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94, 2 (2006), 370--382. Google Scholar
- Alessandro Barenghi, Guido Bertoni, Emanuele Parrinello, and Gerardo Pelosi. 2009. Low voltage fault attacks on the RSA cryptosystem. In Proc. of FDTC’09. 23--31. Google ScholarDigital Library
- Alessandro Barenghi, Luca Breveglieri, Israel Koren, and David Naccache. 2012. Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures. Proc. IEEE 100, 11 (Nov 2012), 3056--3076. Google ScholarCross Ref
- Alessandro Barenghi, Luca Breveglieri, Israel Koren, Gerardo Pelosi, and Francesco Regazzoni. 2010. Countermeasures against fault attacks on software implemented AES: Effectiveness and cost. In Proc. of WESS’10. 7:1--7:10. Google ScholarDigital Library
- Alessandro Barenghi, Luca Breveglieri, Andrea Palomba, and Gerardo Pelosi. 2015. Fault sensitivity analysis at design time. In Trusted Computing for Embedded Systems. Springer, 175--186. Google ScholarCross Ref
- Fabrice Bellard. 2005. QEMU, A fast and portable dynamic translator. In Proc. of the USENIX Annual Technical Conference, FREENIX Track. 41--46.Google Scholar
- Nathan Binkert, Bradford Beckmann, Gabriel Black, Steven K. Reinhardt, Ali Saidi, Arkaprava Basu, Joel Hestness, Derek R. Hower, Tushar Krishna, Somayeh Sardashti, and others. 2011. The gem5 simulator. ACM SIGARCH Comput. Archit. News 39, 2 (2011), 1--7. Google ScholarDigital Library
- Franck Courbon, Philippe Loubet-Moundi, Jacques J. A. Fournier, and Assia Tria. 2014. Adjusting laser injections for fully controlled faults. In Proc. of COSADE’14. 229--242. Google ScholarCross Ref
- Sho Endo, Takeshi Sugawara, Naofumi Homma, Takafumi Aoki, and Akashi Satoh. 2011. An on-chip glitchy-clock generator for testing fault injection attacks. J. Cryptographic Eng. 1, 4 (2011), 265--270. Google ScholarCross Ref
- Claudio Ferretti, Silvia Mella, and Filippo Melzani. 2014. The role of the fault model in DFA against AES. In Proc. of HASP’14. 4:1--4:8. Google ScholarDigital Library
- Jiri Gaisler. 2016a. GRLIB IP library. Retrieved June 20, 2016 from http://www.gaisler.com/index.php/products/ipcores/soclibrary.Google Scholar
- Jiri Gaisler. 2016b. GRMON2 Debug Monitor. Retrieved June 20, 2016 from http://www.gaisler.com/index.php/products/debug-tools/grmon2.Google Scholar
- Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Yuval Yarom. 2015. ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels. Cryptology ePrint Archive, Report 2016/230. (2016). http://eprint.iacr.org/.Google Scholar
- Nahid Farhady Ghalaty, Bilgiday Yuce, Mostafa Taha, and Patrick Schaumont. 2014. Differential fault intensity analysis. In Proc. of FDTC’14. 49--58. Google ScholarDigital Library
- Brett Giller. 2015. Implementing Practical Electrical Glitching Attacks. Retrieved from https://www.blackhat.com/docs/eu-15/materials/eu-15-Giller-Implementing-Electrical-Glitching-Attacks.pdf.Google Scholar
- Christophe Giraud. 2005. DFA on AES. In Advanced Encryption Standard--AES. Springer, 27--41. Google ScholarDigital Library
- Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2015. Rowhammer. js: A Remote Software-induced Fault Attack in Javascript. arXiv preprint arXiv:1507.06955.Google Scholar
- Yu-ichi Hayashi, Naofumi Homma, Takaaki Mizuki, Takafumi Aoki, and Hideaki Sone. 2015. Fundamental study on fault occurrence mechanisms by intentional electromagnetic interference using impulses. In Proc. of APEMC’15. 585--588.Google Scholar
- Mehmet Sinan Inci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. Seriously, Get Off My Cloud! Cross-VM RSA Key Recovery in a Public Cloud. Cryptology ePrint Archive, Report 2015/898. (2015). http://eprint.iacr.org/.Google Scholar
- Marc Joye and Michael Tunstall. 2012. Fault Analysis in Cryptography. Springer. Google ScholarCross Ref
- Dusko Karaklajic, Jörn-Marc Schmidt, and Ingrid Verbauwhede. 2013. Hardware designer’s guide to fault attacks. IEEE Trans. VLSI Syst. 21, 12 (2013), 2295--2306. Google ScholarDigital Library
- Paul Kocher, Ruby Lee, Gary McGraw, Anand Raghunathan, and Srivaths Moderator-Ravi. 2004. Security as a new dimension in embedded system design. In Proc. of the DAC’04. 753--760.Google Scholar
- Thomas Korak and Michael Hoefler. 2014. On the effects of clock and power supply tampering on two microcontroller platforms. In Proc. of FDTC’14. 8--17. Google ScholarDigital Library
- Kerstin Lemke-Rust and Christof Paar. 2006. An adversarial model for fault analysis against low-cost cryptographic devices. In Proc. of FDTC’06. 131--143. Google ScholarDigital Library
- Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Toshinori Fukunaga, Junko Takahashi, and Kazuo Ohta. 2010. Fault sensitivity analysis. In Proc. of CHES’10. 320--334. Google ScholarCross Ref
- Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In Proc. of the IEEE Symposium on Security and Privacy. 605--622. Google ScholarDigital Library
- Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2007. Power analysis attacks - revealing the secrets of smart cards. Springer.Google Scholar
- Nicolas Moro, Amine Dehbaoui, Karine Heydemann, Bruno Robisson, and Emmanuelle Encrenaz. 2013a. Electromagnetic fault injection: Towards a fault model on a 32-bit microcontroller. In Proc. of FDTC’13. 77--88. Google ScholarDigital Library
- Nicolas Moro, Karine Heydemann, Emmanuelle Encrenaz, and Bruno Robisson. 2013b. Formal verification of a software countermeasure against instruction skip attacks. Cryptology ePrint Archive, Report 2013/679. Retrieved from http://eprint.iacr.org/.Google Scholar
- Martin Otto. 2005. Fault Attacks and Countermeasures. Ph.D. Dissertation. University of Paderborn.Google Scholar
- Gilles Piret and Jean-Jacques Quisquater. 2003. A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In Proc. of CHES’03. 77--88. Google ScholarCross Ref
- Roberta Piscitelli, Shivam Bhasin, and Francesco Regazzoni. 2015. Fault attacks, injection techniques and tools for simulation. In Proc. of DTIS’15. 1--6. Google ScholarCross Ref
- Kazuo Sakiyama, Yang Li, Mitsugu Iwamoto, and Kazuo Ohta. 2012. Information-theoretic approach to optimal differential fault analysis. IEEE Trans. on Inf. Forensics Security 7, 1 (2012), 109--120. Google ScholarDigital Library
- Akashi Satoh. 2013. SAKURA specifications. (2013). Retrieved June 20, 2016 from http://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-G_Spec_Ver1.0_English.pdf.Google Scholar
- Takeshi Sugawara, Daisuke Suzuki, and Toshihiro Katashita. 2012. Circuit simulation for fault sensitivity analysis and its application to cryptographic LSI. In Proc. of FDTC’12. 16--23. Google ScholarDigital Library
- Niek Timmers, Albert Spruyt, and Marc Witteman. 2016. Controlling PC on ARM using fault injection. In Proc. of FDTC’16. 25--35. Google ScholarCross Ref
- Jasper G. J. Van Woudenberg, Marc F Witteman, and Federico Menarini. 2011. Practical optical fault injection on secure microcontrollers. In Proc. of FDTC’11. IEEE, 91--99.Google ScholarDigital Library
- Bilgiday Yuce, Nahid F. Ghalaty, Chinmay Deshpande, Conor Patrick, Leyla Nazhandali, and Patrick Schaumont. 2016a. FAME: Fault-attack aware microprocessor extensions for hardware fault detection and software fault response. In Proc. of HASP’16. 8. Google ScholarDigital Library
- Bilgiday Yuce, Nahid Farhady Ghalaty, Harika Santapuri, Chinmay Deshpande, Conor Patrick, and Patrick Schaumont. 2016b. Software fault resistance is futile: Effective single-glitch attacks. In Proc. of FDTC’16. 47--58. Google ScholarCross Ref
- Bilgiday Yuce, Nahid Farhady Ghalaty, and Patrick Schaumont. 2015a. Improving fault attacks on embedded software using RISC pipeline characterization. In Proc. of FDTC’15. 97--108. Google ScholarDigital Library
- Bilgiday Yuce, Nahid Farhady Ghalaty, and Patrick Schaumont. 2015b. TVVF: Estimating the vulnerability of hardware cryptosystems against timing violation attacks. In Proc. of HOST’15. 72--77. Google ScholarCross Ref
- Loic Zussa, Jean-Max Dutertre, Jessy Clédiere, Bruno Robisson, Assia Tria, and others. 2012. Investigation of timing constraints violation as a fault injection means. In Proc. of DCIS’12.Google Scholar
Index Terms
- Analyzing the Fault Injection Sensitivity of Secure Embedded Software
Recommendations
Faults, Injection Methods, and Fault Attacks
In a fault attack, errors are induced during the computation of a cryptographic algorithm, and the faulty results are exploited to extract information about the secret key in embedded systems. Fault attacks can break an unprotected system more quickly ...
Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller
FDTC '13: Proceedings of the 2013 Workshop on Fault Diagnosis and Tolerance in CryptographyInjection of transient faults as a way to attack cryptographic implementations has been largely studied in the last decade. Several attacks that use electromagnetic fault injection against hardware or software architectures have already been presented. ...
On Fault Representativeness of Software Fault Injection
The injection of software faults in software components to assess the impact of these faults on other components or on the system as a whole, allowing the evaluation of fault tolerance, is relatively new compared to decades of research on hardware fault ...
Comments