research-article

Detecting Fault Injection Attacks with Runtime Verification

Authors:
Ali Kassem

Univ. Grenoble Alpes, Inria, CNRS, Grenoble INP, LIG, Grenoble, France

Univ. Grenoble Alpes, Inria, CNRS, Grenoble INP, LIG, Grenoble, France
View Profile

,
Yliès Falcone

Univ. Grenoble Alpes, Inria, CNRS, Grenoble INP, LIG, Grenoble, France

Univ. Grenoble Alpes, Inria, CNRS, Grenoble INP, LIG, Grenoble, France
View Profile

SPRO'19: Proceedings of the 3rd ACM Workshop on Software ProtectionNovember 2019Pages 65–76https://doi.org/10.1145/3338503.3357724

Published:15 November 2019Publication History

SPRO'19: Proceedings of the 3rd ACM Workshop on Software Protection

Pages 65–76

ABSTRACT

Fault injections are increasingly used to attack/test secure applications. In this paper, we define formal models of runtime monitors that can detect fault injections that result in test inversion attacks and arbitrary jumps in the control flow. Runtime verification monitors offer several advantages. The code implementing a monitor is small compared to the entire application code. Monitors have a formal semantics; and we prove that they effectively detect attacks. Each monitor is a module dedicated to detecting an attack and can be deployed as needed to secure the application. A monitor can run separately from the application or it can be weaved inside the application. Our monitors have been validated by detecting simulated attacks on a program that verifies a user PIN.

References

Martín Abadi, Mihai Budiu, Ú lfar Erlingsson, and Jay Ligatti. 2009. Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur., Vol. 13, 1 (2009), 4:1--4:40. https://doi.org/10.1145/1609956.1609960Google ScholarDigital Library
William Arthur, Ben Mehne, Reetuparna Das, and Todd M. Austin. 2015. Getting in control of your control flow with control-data isolation. In Proceedings of the 13th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO 2015, San Francisco, CA, USA, February 07-11, 2015,, Kunle Olukotun, Aaron Smith, Robert Hundt, and Jason Mars (Eds.). IEEE Computer Society, 79--90. https://doi.org/10.1109/CGO.2015.7054189Google Scholar
Christian Aumü ller, Peter Bier, Wieland Fischer, Peter Hofreiter, and Jean-Pierre Seifert. 2002. Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In Cryptographic Hardware and Embedded Systems - CHES 2002, Redwood Shores, USA, 2002, Revised Papers. 260--275.Google Scholar
Josep Balasch, Benedikt Gierlichs, and Ingrid Verbauwhede. 2011. An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs. In FDTC'11, Tokyo, Japan, September 29, 2011. 105--114.Google ScholarDigital Library
Hagai Bar-El, Hamid Choukri, David Naccache, Michael Tunstall, and Claire Whelan. 2006. The Sorcerer's Apprentice Guide to Fault Attacks. Proc. IEEE, Vol. 94, 2 (2006), 370--382. https://doi.org/10.1109/JPROC.2005.862424Google ScholarCross Ref
Alessandro Barenghi, Luca Breveglieri, Israel Koren, Gerardo Pelosi, and Francesco Regazzoni. 2010. Countermeasures against fault attacks on software implemented AES: effectiveness and cost. In Proceedings of the 5th Workshop on Embedded Systems Security, WESS 2010, Scottsdale, AZ, USA, October 24, 2010. ACM, 7. https://doi.org/10.1145/1873548.1873555Google ScholarDigital Library
Howard Barringer, Yliè s Falcone, Klaus Havelund, Giles Reger, and David E. Rydeheard. 2012. Quantified Event Automata: Towards Expressive and Efficient Runtime Monitors. In FM 2012: Formal Methods - 18th International Symposium, Paris, France, August 27--31, 2012. Proceedings (Lecture Notes in Computer Science),, Dimitra Giannakopoulou and Dominique Mé ry (Eds.), Vol. 7436. Springer, 68--84. https://doi.org/10.1007/978-3-642-32759-9_9Google Scholar
Thierno Barry, Damien Couroussé, and Bruno Robisson. 2016. Compilation of a Countermeasure Against Instruction-Skip Fault Attacks. In Proceedings of the Third Workshop on Cryptography and Security in Computing Systems, CS2@HiPEAC, Prague, Czech Republic, January 20, 2016.Google ScholarDigital Library
Ezio Bartocci, Yliès Falcone, Borzoo Bonakdarpour, Christian Colombo, Normann Decker, Klaus Havelund, Yogi Joshi, Felix Klaedtke, Reed Milewicz, Giles Reger, Grigore Rosu, Julien Signoles, Daniel Thoma, Eugen Zalinescu, and Yi Zhang. 2017. First international Competition on Runtime Verification: rules, benchmarks, tools, and final results of CRV 2014. International Journal on Software Tools for Technology Transfer (2017), 1--40. https://doi.org/10.1007/s10009-017-0454--5Google Scholar
Ezio Bartocci, Yliè s Falcone, Adrian Francalanza, and Giles Reger. 2018. Introduction to Runtime Verification. In Lectures on Runtime Verification - Introductory and Advanced Topics.Google Scholar
David Basin, Germano Caronni, Sarah Ereth, Matúvs Harvan, Felix Klaedtke, and Heiko Mantel. 2014. Scalable Offline Monitoring. In Runtime Verification: 5th International Conference, RV 2014. Proceedings, Borzoo Bonakdarpour and Scott A. Smolka (Eds.). Springer International Publishing, 31--47. https://doi.org/10.1007/978-3-319-11164-3_4Google Scholar
Alberto Battistello and Christophe Giraud. 2015. Fault Cryptanalysis of CHES 2014 Symmetric Infective Countermeasure. IACR Cryptology ePrint Archive, Vol. 2015 (2015), 500. http://eprint.iacr.org/2015/500Google Scholar
Pascal Berthomé, Karine Heydemann, Xavier Kauffmann-Tourkestansky, and Jean-Francc ois Lalande. 2012. High Level Model of Control Flow Attacks for Smart Card Functional Security. In ARES 2012, Czech Republic, 2012.Google Scholar
Tyler K. Bletsch, Xuxian Jiang, and Vincent W. Freeh. 2011. Mitigating code-reuse attacks with control-flow locking. In ACSAC'11, Orlando, 2011.Google ScholarDigital Library
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract). In Advances in Cryptology - EUROCRYPT '97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, 1997, Proceeding.Google Scholar
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 2001. On the Importance of Eliminating Errors in Cryptographic Computations. J. Cryptology, Vol. 14, 2 (2001).Google ScholarDigital Library
Guillaume Bouffard, Bhagyalekshmy N. Thampi, and Jean-Louis Lanet. 2013. Detecting Laser Fault Injection for Smart Cards Using Security Automata. In SSCC 2013, India, 2013. Proceedings.Google Scholar
Mathieu Ciet and Marc Joye. 2005. Practical Fault Countermeasures for Chinese Remaindering Based RSA (Extended Abstract). In IN PROC. FDTC'05. 124--131.Google Scholar
Christian Colombo and Gordon J. Pace. 2013. Fast-Forward Runtime Monitoring -- An Industrial Case Study. In Runtime Verification: Third International Conference, RV 2012, Istanbul, Turkey, September 25-28, 2012, Revised Selected Papers, Shaz Qadeer and Serdar Tasiran (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 214--228. https://doi.org/10.1007/978-3-642-35632-2_22Google Scholar
Amine Dehbaoui, Amir-Pasha Mirbaha, Nicolas Moro, Jean-Max Dutertre, and Assia Tria. 2013. Electromagnetic Glitch on the AES Round Counter. In COSADE'13, Revised Selected Papers. 17--31.Google Scholar
Louis Dureuil, Guillaume Petiot, Marie-Laure Potet, Aude Crohen, and Philippe De Choudens. 2016. FISSC: a Fault Injection and Simulation Secure Collection. In International Conference on Computer Safety, reliability and Security (LNCS), Vol. 9922. Springer Berlin / Heidelberg, Trondheim, Norway, 3-11. https://doi.org/10.1007/978-3-319-45477-1_1Google ScholarCross Ref
Antoine El-Hokayem and Yliè s Falcone. 2018. Bringing Runtime Verification Home. In Runtime Verification - 18th International Conference, RV 2018, Limassol, Cyprus, November 10-13, 2018, Proceedings (Lecture Notes in Computer Science),, Christian Colombo and Martin Leucker (Eds.), Vol. 11237. Springer, 222--240. https://doi.org/10.1007/978--3-030-03769--7_13Google Scholar
Sho Endo, Naofumi Homma, Yu-ichi Hayashi, Junko Takahashi, Hitoshi Fuji, and Takafumi Aoki. 2014. A Multiple-Fault Injection Attack by Adaptive Timing Control Under Black-Box Conditions and a Countermeasure. In Constructive Side-Channel Analysis and Secure Design - 5th International Workshop, COSADE 2014, Paris, France, April 13-15, 2014. Revised Selected Papers. 214--228.Google Scholar
A. Ersoz, D. M. Andrews, and E. J. McCluskey. 1985. The watchdog task: Concurrent error detection using assertions. Technical Report CRC -- 85--8. Stanford University.Google Scholar
Yliè s Falcone. 2010. You Should Better Enforce Than Verify. In Runtime Verification - First International Conference, RV 2010. Proceedings (Lecture Notes in Computer Science), Howard Barringer, Yliè s Falcone, Bernd Finkbeiner, Klaus Havelund, Insup Lee, Gordon J. Pace, Grigore Rosu, Oleg Sokolsky, and Nikolai Tillmann (Eds.), Vol. 6418. Springer, 89--105. https://doi.org/10.1007/978-3-642-16612-9_9Google ScholarDigital Library
Yliè s Falcone, Klaus Havelund, and Giles Reger. 2013. A Tutorial on Runtime Verification. In Engineering Dependable Software Systems. 141--175.Google Scholar
Yliè s Falcone, Leonardo Mariani, Antoine Rollet, and Saikat Saha. 2018. Runtime Failure Prevention and Reaction. In Lectures on Runtime Verification - Introductory and Advanced Topics, Ezio Bartocci and Yliè s Falcone (Eds.). Lecture Notes in Computer Science, Vol. 10457. Springer, 103--134. https://doi.org/10.1007/978-3-319-75632-5_4Google Scholar
Yliè s Falcone, Laurent Mounier, Jean-Claude Fernandez, and Jean-Luc Richier. 2011. Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Formal Methods in System Design, Vol. 38, 3 (2011), 223--262. https://doi.org/10.1007/s10703-011-0114-4Google ScholarDigital Library
Arnaud Fontaine, Pierre Chifflier, and Thomas Coudray. 2015. PICON: Control Flow Integrity on LLVM IR. SSTIC (2015).Google Scholar
Laurie Genelle, Christophe Giraud, and Emmanuel Prouff. 2009. Securing AES Implementation against Fault Attacks. In Sixth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, Lausanne, 2009.Google ScholarDigital Library
Klaus Havelund and Allen Goldberg. 2005. Verify Your Runs. In Verified Software: Theories, Tools, Experiments, First IFIP TC 2/WG 2.3 Conference, VSTTE 2005, Zurich, Switzerland, October 10--13, 2005, Revised Selected Papers and Discussions (Lecture Notes in Computer Science),, Bertrand Meyer and Jim Woodcock (Eds.), Vol. 4171. Springer, 374--383. https://doi.org/10.1007/978-3-540-69149-5_40Google Scholar
Burton S. Kaliski Jr. and Matthew J. B. Robshaw. 1997. Comments on some new attacks on cryptographic devices. RSA Laboratories Bulletin 5 (July 1997).Google Scholar
Dusko Karaklajic, Jö rn-Marc Schmidt, and Ingrid Verbauwhede. 2013. Hardware Designer's Guide to Fault Attacks. IEEE Trans. VLSI Syst., Vol. 21, 12 (2013).Google ScholarDigital Library
Ramesh Karri, Grigori Kuznetsov, and Michael Gö ssel. 2003. Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers. In CHES'03, Proceedings.Google Scholar
Ali Kassem, Yliè s Falcone, and Pascal Lafourcade. 2017. Formal analysis and offline monitoring of electronic exams. Formal Methods in System Design, Vol. 51, 1 (2017), 117--153. https://doi.org/10.1007/s10703-017-0280-0Google ScholarDigital Library
Eugene Kuleshov. 2007. Using the ASM framework to implement common Java bytecode transformation patterns.Google Scholar
Dilip S. V. Kumar, Arthur Beckers, Josep Balasch, Benedikt Gierlichs, and Ingrid Verbauwhede. 2018. An In-Depth and Black-Box Characterization of the Effects of Laser Pulses on ATmega328P. In CARDIS 2018, France, 2018, Revised Selected Papers.Google Scholar
Jean-Francc ois Lalande, Karine Heydemann, and Pascal Berthomé. 2014. Software Countermeasures for Control Flow Integrity of Smart Card C Codes. In Computer Security - ESORICS 2014, Poland, 2014. Proceedings, Part II.Google ScholarDigital Library
Martin Leucker and Christian Schallhart. 2009. A brief account of runtime verification. J. Log. Algebr. Program., Vol. 78, 5 (2009), 293--303. https://doi.org/10.1016/j.jlap.2008.08.004Google ScholarCross Ref
Tim Lindholm, Frank Yellin, Gilad Bracha, and Alex Buckley. 2013. The Java Virtual Machine Specification, Java SE 7 Edition.Google Scholar
Davia J. Lu. 1980. Watchdog Processors and VLSI.Google Scholar
Aamer Mahmood, Edward J. McCluskey, and Aydin Ersoz. 1985. Concurrent System-Level Error Detection Using a Watchdog Processor. In Proceedings International Test Conference 1985, Philadelphia, PA, USA, November 1985. 145--152.Google Scholar
Luis Mastrangelo and Matthias Hauswirth. 2014. JNIF: Java Native Instrumentation Framework. In Proceedings of the 2014 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and Tools (PPPJ '14). ACM, New York, NY, USA, 194--199. https://doi.org/10.1145/2647508.2647516Google ScholarCross Ref
Nicolas Moro, Karine Heydemann, Emmanuelle Encrenaz, and Bruno Robisson. 2014. Formal verification of a software countermeasure against instruction skip attacks. J. Cryptographic Engineering, Vol. 4, 3 (2014), 145--156. https://doi.org/10.1007/s13389-014-0077--7Google ScholarCross Ref
Bogdan Nicolescu, Yvon Savaria, and Raoul Velazco. 2003. SIED: Software Implemented Error Detection. In DFT 2003, USA, Proceedings.Google Scholar
B. Nicolescu, Y. Savaria, and R. Velazco. 2004. Software detection mechanisms providing full coverage against single bit-flip faults. IEEE Transactions on Nuclear Science, Vol. 51, 6 (Dec 2004).Google ScholarCross Ref
Sikhar Patranabis, Abhishek Chakraborty, and Debdeep Mukhopadhyay. 2017. Fault Tolerant Infective Countermeasure for AES. J. Hardware and Systems Security, Vol. 1, 1 (2017), 3--17. https://doi.org/10.1007/s41635-017-0006--1Google ScholarCross Ref
Mathias Payer, Antonio Barresi, and Thomas R. Gross. 2015. Fine-Grained Control-Flow Integrity Through Binary Hardening. In Detection of Intrusions and Malware, and Vulnerability Assessment - 12th International Conference, DIMVA 2015, Milan, Italy, July 9--10, 2015, Proceedings (Lecture Notes in Computer Science), Magnus Almgren, Vincenzo Gulisano, and Federico Maggi (Eds.), Vol. 9148. Springer, 144--164. https://doi.org/10.1007/978-3-319-20550-2_8Google Scholar
Nirmal R. Saxena and Edward J. McCluskey. 1990. Control-Flow Checking Using Watchdog Assists and Extended-Precision Checksums. IEEE Trans. Computers, Vol. 39, 4 (1990).Google ScholarDigital Library
Jö rn-Marc Schmidt and Christoph Herbst. 2008. A Practical Fault Attack on Square and Multiply. In Fifth International Workshop on Fault Diagnosis and Tolerance in Cryptography, 2008, FDTC 2008, Washington, USA, 10 August 2008.Google ScholarDigital Library
Ahmadou Al Khary Séré, Julien Iguchi-Cartigny, and Jean-Louis Lanet. 2011. Evaluation of Countermeasures Against Fault Attacks on Smart Cards.Google Scholar
Hovav Shacham. 2007. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28--31, 2007, Peng Ning, Sabrina De Capitani di Vimercati, and Paul F. Syverson (Eds.). ACM, 552--561. https://doi.org/10.1145/1315245.1315313Google ScholarDigital Library
Bilgiday Yuce, Patrick Schaumont, and Marc Witteman. 2018. Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation. J. Hardware and Systems Security, Vol. 2, 2 (2018).Google ScholarCross Ref

Index Terms

Recommendations

Faults, Injection Methods, and Fault Attacks

In a fault attack, errors are induced during the computation of a cryptographic algorithm, and the faulty results are exploited to extract information about the secret key in embedded systems. Fault attacks can break an unprotected system more quickly ...
Read More
QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks
DSD '15: Proceedings of the 2015 Euromicro Conference on Digital System Design

Physical attacks, such as fault attacks, pose a decisive threat for the security of devices in the Internet of Things. An important class of countermeasures for fault attacks is fault tolerant software that is applicable for systems based on COTS ...
Read More
Adversarial Reachability for Program-level Security Analysis
Programming Languages and Systems
Abstract
Many program analysis tools and techniques have been developed to assess program vulnerability. Yet, they are based on the standard concept of reachability and represent an attacker able to craft smart legitimate input, while in practice attackers ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SPRO'19: Proceedings of the 3rd ACM Workshop on Software Protection
November 2019
87 pages
ISBN:9781450368353
DOI:10.1145/3338503
General Chair:
Paolo Falcarin
University of East London, UK
,
Program Chair:
Michael 'MiZu' Zunke
Thales Group, Germany
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 15 November 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
attacker model
detection
fault injection
monitor
quantified event automata
runtime verification
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate8of14submissions,57%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 6
  Total Citations
  View Citations
- 139
  Total Downloads
- Downloads (Last 12 months)15
- Downloads (Last 6 weeks)4
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Detecting Fault Injection Attacks with Runtime Verification

SPRO'19: Proceedings of the 3rd ACM Workshop on Software Protection

ABSTRACT

References

Cited By

Index Terms

Recommendations

Faults, Injection Methods, and Fault Attacks

QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks

Adversarial Reachability for Program-level Security Analysis

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Detecting Fault Injection Attacks with Runtime Verification

SPRO'19: Proceedings of the 3rd ACM Workshop on Software Protection

ABSTRACT

References

Cited By

Index Terms

Recommendations

Faults, Injection Methods, and Fault Attacks

QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks

Adversarial Reachability for Program-level Security Analysis

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media