countermeasure
play

COUNTERMEASURE AGAINST INSTRUCTION SKIP ATTACKS Karine Heydemann 1 - PowerPoint PPT Presentation

Jan 19, 2023 •388 likes •645 views

FORMAL VERIFICATION OF A SOFTWARE COUNTERMEASURE AGAINST INSTRUCTION SKIP ATTACKS Karine Heydemann 1 , Nicolas Moro 1,2 , Emmanuelle Encrenaz 1 , Bruno Robisson 2 1 LIP6 - UPMC Laboratoire dInformatique de Paris 6 Universit Pierre et Marie

  1. FORMAL VERIFICATION OF A SOFTWARE COUNTERMEASURE AGAINST INSTRUCTION SKIP ATTACKS Karine Heydemann 1 , Nicolas Moro 1,2 , Emmanuelle Encrenaz 1 , Bruno Robisson 2 1 LIP6 - UPMC Laboratoire d’Informatique de Paris 6 Université Pierre et Marie Curie 2 CEA Commissariat à l’Energie Atomique et aux Energies Alternatives PROOFS 2013 – AUGUST 24, SANTA BARBARA, USA | PAGE 1

  2. CONTEXT AND MOTIVATIONS  Target: Fault attacks on embedded programs  Fault model: assembly instruction skip  A large set of harmful attacks may be possible with such a fault model How can we ensure a correct execution of the embedded program with a possible instruction skip fault ? 1 – Provide a fault-tolerant replacement sequence for each instruction 2 – Provide a formal proof for this fault tolerance PROOFS 2013 – Santa Barbara, USA 9 OCTOBRE 2013 | PAGE 2

  3. OUTLINE I. Considered fault model II. Countermeasure scheme III. Formal proof of fault tolerance IV. Application to an AES implementation V. Conclusion PROOFS 2013 – Santa Barbara, USA | PAGE 3

  4. FAULT INJECTION ATTACKS Perturbation C M K 010110000110011 Comparison 0110010101100001 110101000101101 Faulty ciphertext  Modify the circuit’s environment to change its computation  Many physical ways to inject such faults into a circuit  Every fault injection means has a specific fault model I – Considered fault model PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 4

  5. INSTRUCTION SKIP FAULT MODEL  We assume an attacker can skip an assembly instruction  Observed for different architectures and injection means Fault injection means Reference Clock glitches Balasch et al. (FDTC 2011) Voltage underfeeding Barenghi et al. (J. Syst. Soft. 2013) Electromagnetic pulses Dehbaoui et al. (FDTC 2012) Laser Trichina et al. (FDTC 2010)  In our own experiments , instruction skips are specific cases of instruction replacements (FDTC 2013) I – Considered fault model PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 5

  6. HOW TO DEAL WITH DOUBLE FAULTS ?  Double faults are practical under some specific constraints (a few tens of clock cycles, at a few KHz frequency) Function f Function f Comparison t  We assume performing a double fault on two consecutive clock cycles is significantly harder to do in practice  Usual redundancy countermeasures need to be adapted I – Considered fault model PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 6

  7. OUTLINE I. Considered fault model II. Countermeasure scheme III. Formal proof of fault tolerance IV. Application to an AES implementation V. Conclusion PROOFS 2013 – Santa Barbara, USA | PAGE 7

  8. COUNTERMEASURE SCHEME : APPROACH  Propose a fault-tolerant replacement scheme for each assembly instruction of the whole instruction set  Each encoding has its own fault-tolerant replacement sequence ARM Thumb2 instruction set -16/32 bit RISC instruction set - 151 instructions - Each instruction has up to 4 encodings (depends on the operands, the registers used, conditional execution, …) II – Countermeasure scheme PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 8

  9. THREE CLASSES OF INSTRUCTIONS Class Examples mov r1,r8 Idempotent instructions add r3,r1,r2 add r1,r1,#1 Separable instructions push {r4,r5,r6} bl <function> Specific instructions IT blocks Standard code Code with replacement sequences ADD R1, R1, #1 ADD R12, R1, #1 CMP R1, #9 ADD R12, R1, #1 B <label> MOV R1, R12 MOV R1, R12 CMP R1, #9 CMP R1, #9 B <label> B <label> II – Countermeasure scheme PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 9

  10. IDEMPOTENT INSTRUCTIONS  Instructions that have the same effect if executed once or twice  Simple instruction duplication Instruction Replacement sequence mov r1,r8 mov r1,r8 mov r1,r8 (copies r8 into r1) ldr r1, [r8, r2] ldr r1, [r8, r2] ldr r1, [r8, r2] (loads the value at the address r8+r2 into r1) str r3, [r2, #10] str r3, [r2, #10] str r3, [r2, #10] (stores r3 at the address r2+10) add r3,r1,r2 add r3,r1,r2 add r3,r1,r2 (puts r1+r2 into r3)  Doubles the code size , doubles the execution time II – Countermeasure scheme PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 10

  11. SEPARABLE INSTRUCTIONS  Not idempotent, with a source register also destination … but can be replaced by a sequence of idempotent instructions ADD R1, R1, #1 PUSH {r1, r2, r3, lr} (equivalent to STMDB sp!, {r1,r2,r3,lr} ) ADD r12, r1, #1 STMDB sp, {r1, r2, r3, lr} ADD r12, r1, #1 STMDB sp, {r1, r2, r3, lr} MOV r1, r12 SUB r12, sp, #16 SUB r12, sp, #16 MOV r1, r12 MOV sp, r12 MOV sp, r12  Variable o verhead cost in code size and performance  Need for an available free register II – Countermeasure scheme PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 11

  12. SPECIFIC INSTRUCTIONS  Some instructions cannot be easily replaced by such a sequence  Branch instructions can be duplicated, but not subroutine calls (otherwise those subroutines would be executed twice) bl <function> ADR r12, <return_label> Puts the return address into r12 ADR r12, <return_label> ADD lr, r12, 1 Updates the return pointer (LR) ADD lr, r12, 1 B <function> B <function> Branches to the subroutine code return_label: … II – Countermeasure scheme PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 12

  13. OTHER VERY SPECIFIC SITUATIONS mrs r12 , APSR Instructions that read and write the flags mrs r12 , APSR  A replacement sequence can be found adcs r1 , r2 , r3 msr APSR, r12 if the flags are not alive msr APSR, r12 adcs r1 , r2 , r3  Otherwise: • forbid the use of those instructions • use a fault detection sequence IT blocks for conditional execution  Convert IT blocks into branch-based if/then/else structures  Then apply the individual countermeasure scheme  A more tricky replacement is possible by keeping the IT structure but it can quickly become very costly II – Countermeasure scheme PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 13

  14. OVERVIEW OF THE COUNTERMEASURE  A fault-tolerant replacement sequence for all the instructions (except for the ones that read and write the flags)  Can be directly applied as a transformation to an assembly code  Can we prove the replacement sequences are fault-tolerant ?  Can we prove they are equivalent to the initial instructions ? We use a model-checking approach for such a proof II – Countermeasure scheme PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 14

  15. OUTLINE I. Considered fault model II. Countermeasure scheme III. Formal proof of fault tolerance IV. Application to an AES implementation V. Conclusion PROOFS 2013 – Santa Barbara, USA | PAGE 15

  16. MODEL-CHECKING APPROACH  Model-checking aims at ensuring an implementation satisfies a specification  Specifications can be expressed with temporal logic formulas Specification Implementation (CTL) (Verilog) Model-checker (Vis) PASSED FAILED III – Formal proof of fault tolerance PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 16

  17. MODEL-CHECKING APPROACH  Model-checking approach at an instruction scale  Specific construction of a state machine with an instruction and its replacement sequence  We need to prove that the output state of a replacement sequence is equivalent to the output state of the initial instruction Same input state (memory, registers, flags) Possible fault Replacement injection Instruction sequence Same output state ? III – Formal proof of fault tolerance PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 17

  18. MODEL-CHECKING APPROACH  Each instruction is a function that maps a registers and memory configuration to a new registers and memory configuration  A sequence of instructions is modeled as a transition system  States are registers and memory configurations  Transitions mimic the state transformations applied by the instructions  Each instructions has specific properties that need to be proved III – Formal proof of fault tolerance PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 18

  19. PROOF SYSTEM FOR THE BL INSTRUCTION P1 : AF(BL.PC = PC1 + CM(BL).PC = PC1) Any path finally goes to a final state P2 : AG( ((BL.PC = PC1) *(CM(BL).PC = PC1)) => ((BL.cpt = 1) * CM(BL).cpt = BL.cpt))) In a final state the number of calls to the function is equal to one III – Formal proof of fault tolerance PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 19

  20. ADCS INSTRUCTION mrs r12 , APSR Saves the flags mrs r12 , APSR adcs r1 , r2 , r3 msr APSR, r12 Restores the flags msr APSR, r12 adcs r1 , r2 , r3  Flags are not equal if a fault targets the last ADCS instruction  LIGHT_RESULT releases this constraint # MC: formula passed --- AG(AF(adcs.pc=PC1)) # MC: formula passed --- AG(AF(cm(adcs).pc=PC1)) # MC: formula passed --- AG(((adcs.pc=PC1 * cm(adcs).pc=PC1) -> LIGHT_RESULT=1)) # MC: formula failed --- AG(((adcs.pc=PC1 * cm(adcs).pc=PC1) -> RESULT=1)) III – Formal proof of fault tolerance PROOFS 2013 – Santa Barbara, USA OCTOBER 9, 2013 | PAGE 20

  21. OUTLINE I. Considered fault model II. Countermeasure scheme III. Formal proof of fault tolerance IV. Application to an AES implementation V. Conclusion PROOFS 2013 – Santa Barbara, USA | PAGE 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Confusion / dilution countermeasure #UDT2019 Objective Two types of anti torpedo countermeasure

Confusion / dilution countermeasure #UDT2019 Objective Two types of anti torpedo countermeasure

Confusion / dilution countermeasure #UDT2019 Objective Two types of anti torpedo countermeasure exist : Hard kill countermeasure The aim is to home in, on torpedo and to destroy or disabling torpedo by blast or physically smashing into.

168 views • 14 slides
Return-to-libc Attacks Outline Non-executable Stack countermeasure How to defeat the

Return-to-libc Attacks Outline Non-executable Stack countermeasure How to defeat the

Return-to-libc Attacks Outline Non-executable Stack countermeasure How to defeat the countermeasure Tasks involved in the attack Function Prologue and Epilogue Launching attack Non-executable Stack Running shellcode in C

516 views • 27 slides
Spill Prevention Control &amp; Spill Prevention Control &amp; Countermeasure Countermeasure

Spill Prevention Control &amp; Spill Prevention Control &amp; Countermeasure Countermeasure

Spill Prevention Control &amp; Spill Prevention Control &amp; Countermeasure Countermeasure (SPCC) Presentation (SPCC) Presentation Prepared by: Environmental Advisors and Engineers, Inc. Environmental Advisors and Engineers 19211 W. 64 th

616 views • 36 slides
Approach to Stress Reduction and Exercise Countermeasure Effectiveness Before, During &amp; in

Approach to Stress Reduction and Exercise Countermeasure Effectiveness Before, During &amp; in

Yoga Therapy as a Complementary Approach to Stress Reduction and Exercise Countermeasure Effectiveness Before, During &amp; in Post-flight Rehabilitation Joan Vernikos CEO, Third Age LLC Dilip Sarkar Chair, School of Integrative Medicine

490 views • 15 slides
Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and

Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and

Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and Formal Verification work co-funded by the PRINCE project Sabine Azzi, Bruno Barras, Maria Christofi , David Vigilant PROOFS workshop 2015, September

493 views • 45 slides
COUNTERMEASURE AGAINST INSTRUCTION SKIP ATTACKS Karine Heydemann 1 , Nicolas Moro 1,2 , Emmanuelle

COUNTERMEASURE AGAINST INSTRUCTION SKIP ATTACKS Karine Heydemann 1 , Nicolas Moro 1,2 , Emmanuelle

FORMAL VERIFICATION OF A SOFTWARE COUNTERMEASURE AGAINST INSTRUCTION SKIP ATTACKS Karine Heydemann 1 , Nicolas Moro 1,2 , Emmanuelle Encrenaz 1 , Bruno Robisson 2 , 1 LIP6 - UPMC Laboratoire dInformatique de Paris 6 Universit Pierre et

479 views • 25 slides
CYBERDYNE: Automatic bug-finding at scale Peter Goodman COUNTERMEASURE 2016 Cyberdyne

CYBERDYNE: Automatic bug-finding at scale Peter Goodman COUNTERMEASURE 2016 Cyberdyne

CYBERDYNE: Automatic bug-finding at scale Peter Goodman COUNTERMEASURE 2016 Cyberdyne (ex)terminates bugs Finds bug in binaries Combines different techniques Coverage-guided fuzzing Symbolic execution Trail of Bits |

808 views • 64 slides
IDS Active Response Mechanisms: Countermeasure Subsytem for Prelude IDS Krzysztof Zaraska July

IDS Active Response Mechanisms: Countermeasure Subsytem for Prelude IDS Krzysztof Zaraska July

IDS Active Response Mechanisms: Countermeasure Subsytem for Prelude IDS Krzysztof Zaraska July 9, 2002 1 Introduction The number of security vulnerabilities in popular software forces system ad- ministrators to constantly keep track of new

586 views • 19 slides
from Electronic Devices Using Interceptor, Its Countermeasure Masahiro Analog Kinugawa Daisuke

from Electronic Devices Using Interceptor, Its Countermeasure Masahiro Analog Kinugawa Daisuke

August 26 th , 2019 CHES, Atlanta, U.S Electromagnetic Information Extortion from Electronic Devices Using Interceptor, Its Countermeasure Masahiro Analog Kinugawa Daisuke Digital Fujimoto Yuichi EM EM Hayashi 1 Conventional EM information

377 views • 35 slides
Modelling Approach and Preliminary Results for Countermeasure Exercise Jan. 2011 EMRAS-2,

Modelling Approach and Preliminary Results for Countermeasure Exercise Jan. 2011 EMRAS-2,

Modelling Approach and Preliminary Results for Countermeasure Exercise Jan. 2011 EMRAS-2, Vienna, IAEA Won Tae Hwang Contents Overview of METRO-K (Korean Urban Radioactive Contamination Model) Modelling Approach on Deposition

364 views • 25 slides
Study On Deep Water Exit Speed Prediction Of Torpedo Countermeasure Decoys UDT 2020 Paper Study

Study On Deep Water Exit Speed Prediction Of Torpedo Countermeasure Decoys UDT 2020 Paper Study

UDT 2020 Study On Deep Water Exit Speed Prediction Of Torpedo Countermeasure Decoys UDT 2020 Paper Study on deep water exit speed prediction of torpedo countermeasure decoys Diren ABAT [1] , mer BATMAZ [2] Defense Systems Technologies Division

69 views • 5 slides
A Countermeasure Against Power Analysis Attacks for FSR-Based Stream Ciphers Shohreh Sharif

A Countermeasure Against Power Analysis Attacks for FSR-Based Stream Ciphers Shohreh Sharif

A Countermeasure Against Power Analysis Attacks for FSR-Based Stream Ciphers Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems, School of ICT, KTH - Royal Institute of Technology, Stockholm Email:{shsm,dubrova}@kth.se

457 views • 17 slides
RI Department of Health Medical Countermeasure Dispensing During Emergencies in Rhode Island

RI Department of Health Medical Countermeasure Dispensing During Emergencies in Rhode Island

RI Department of Health Medical Countermeasure Dispensing During Emergencies in Rhode Island 2014-2015 Disclosure Statement CONFLICT OF INTEREST The planners and presenters have declared no conflict of interest. COMMERCIAL

144 views • 13 slides
Analyzing the Shuffling Side-Channel Countermeasure for Lattice-Based Signatures Peter Pessl

Analyzing the Shuffling Side-Channel Countermeasure for Lattice-Based Signatures Peter Pessl

S C I E N C E P A S S I O N T E C H N O L O G Y Analyzing the Shuffling Side-Channel Countermeasure for Lattice-Based Signatures Peter Pessl IAIK, Graz University of Technology, Austria Indocrypt 2016, December 12

522 views • 25 slides
Injection and a Proven Countermeasure PROOFS2015, Saint Malo, France Shoei Nashimoto, Naofumi

Injection and a Proven Countermeasure PROOFS2015, Saint Malo, France Shoei Nashimoto, Naofumi

17 September 2015 Buffer Overflow Attack with Multiple Fault Injection and a Proven Countermeasure PROOFS2015, Saint Malo, France Shoei Nashimoto, Naofumi Homma, Yu-ichi Hayashi and Takafumi Aoki Tohoku University, Japan GSIS, TOHOKU

535 views • 27 slides
Return-to-libc Attacks Instructor: Fengwei Zhang 1 SUSTech CS 315 Computer Security Outline

Return-to-libc Attacks Instructor: Fengwei Zhang 1 SUSTech CS 315 Computer Security Outline

Return-to-libc Attacks Instructor: Fengwei Zhang 1 SUSTech CS 315 Computer Security Outline Non-executable Stack countermeasure How to defeat the countermeasure Tasks involved in the attack Function Prologue and Epilogue

266 views • 22 slides
Accountability for the Cloud Walid Benghabrit, Ronan-Alexandre Cherrueau , Jean-Claude Royer

Accountability for the Cloud Walid Benghabrit, Ronan-Alexandre Cherrueau , Jean-Claude Royer

Accountability for the Cloud Walid Benghabrit, Ronan-Alexandre Cherrueau , Jean-Claude Royer &amp; Mario Sdholt Ascola team Inria, Mines Nantes, Lina Journe Cloud, Nantes France September 19, 2014 Accountability General Definition

779 views • 40 slides
Formal Approaches to Mission Planning using Temporal Logics Sertac Karaman 1 Laboratory for

Formal Approaches to Mission Planning using Temporal Logics Sertac Karaman 1 Laboratory for

Formal Approaches to Mission Planning using Temporal Logics Sertac Karaman 1 Laboratory for Information and Decision Systems Massachusetts Institute of Technology MACCCS Review, UMich, 2008 1 joint work with Emilio Frazzoli, Ricardo Sanfelice,

459 views • 41 slides
HeadStart Kent Knowledge Seminar 2 21 st January 2015 Measuring Outcomes Time Agenda Who 9.30

HeadStart Kent Knowledge Seminar 2 21 st January 2015 Measuring Outcomes Time Agenda Who 9.30

HeadStart Kent Knowledge Seminar 2 21 st January 2015 Measuring Outcomes Time Agenda Who 9.30 9.40 Introductions (around the table and presenters) Florence/Angela 9.40 9.45 Recap of Learning from Seminar 1 Alex Hassett Key Messages:

654 views • 49 slides
Wetlands and Poverty Eradication TWA 2, Task 2.6 STRP Inter-sessional workshop February

Wetlands and Poverty Eradication TWA 2, Task 2.6 STRP Inter-sessional workshop February

Wetlands and Poverty Eradication TWA 2, Task 2.6 STRP Inter-sessional workshop February 21-26, 2010 Ritesh Kumar (Lead), Sonali Senaratna, Randy Milton, Matthew McCartney, Pierre Horwitz, Rob McInnes, Seb Buckton, Dave Pritchard, Laurent

323 views • 28 slides
Real Matters Overview August 2017 Jason Smith Chief Executive Officer Bill Herman Chief

Real Matters Overview August 2017 Jason Smith Chief Executive Officer Bill Herman Chief

Real Matters Overview August 2017 Jason Smith Chief Executive Officer Bill Herman Chief Financial Officer Caution Regarding Forward-Looking Statements This presentation contains forward-looking statements that relate to our current

389 views • 25 slides
ENGIE ENERGA CHILE S.A. Presentation to investors Full year 2017 Results AGENDA Snapshots

ENGIE ENERGA CHILE S.A. Presentation to investors Full year 2017 Results AGENDA Snapshots

ENGIE ENERGA CHILE S.A. Presentation to investors Full year 2017 Results AGENDA Snapshots Key messages Looking forward Financial update Addenda 2 Engie Energa Chile - Presentation to Investors 4Q 2017 SNAPSHOT: ENGIE S.A. ENGIE: A

842 views • 44 slides
ENGIE ENERGA CHILE S.A. Presentation to investors 1H 2017 Results AGENDA Highlights Industry

ENGIE ENERGA CHILE S.A. Presentation to investors 1H 2017 Results AGENDA Highlights Industry

ENGIE ENERGA CHILE S.A. Presentation to investors 1H 2017 Results AGENDA Highlights Industry and Company Projects Financial Results Highlights FINANCIAL SUMMARY 1H2017 EBITDA reached US$140 million as operating cost savings offset the

813 views • 42 slides
GeoSTAR A New Approach for a Geostationary Microwave Sounder Bjorn 13th Lambrigtsen

GeoSTAR A New Approach for a Geostationary Microwave Sounder Bjorn 13th Lambrigtsen

GEOSTAR GEOSTATIONARY SYNTHETIC THINNED APERTURE RADIOMETER GeoSTAR A New Approach for a Geostationary Microwave Sounder Bjorn 13th Lambrigtsen International TOVS Study Conference Jet Propulsion Laboratory Ste. Adle, Canada

568 views • 21 slides

More recommend