fault attacks on embedded software threats design and
play

Fault Attacks on Embedded Software: Threats, Design, and Mitigation - PowerPoint PPT Presentation

May 14, 2023 •270 likes •1.01k views

Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Acknowledgements FAME Project Team https://sites.google.com/view/famechip Supported through National

  1. Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Acknowledgements FAME Project Team https://sites.google.com/view/famechip Supported through National Science Foundation Semiconductor Research Corporation Patrick Schaumont (VT) 1

  2. Objective The black‐box model input Fault Injection ? (Secure) ? ? SW ? output output’ correct faulty behavior behavior Fault Analysis Patrick Schaumont (VT) 2

  3. Objective The black‐box model The grey‐box model input Fault Injection ? (Secure) ? ? SW ? output output’ correct faulty behavior behavior Fault Analysis Patrick Schaumont (VT) 3

  4. Objective The black‐box model The grey‐box model input Fault Injection Fault (Secure) SW Injection (Secure) SW Manifestation Microprocessor Propagation Observation output output’ Mem Hierarchy Exploitation correct faulty behavior behavior Fault Analysis Patrick Schaumont (VT) 4

  5. Objective The black‐box model The grey‐box model input Fault Injection Fault (Secure) SW Injection (Secure) SW Manifestation Microprocessor Propagation Observation output output’ Mem Hierarchy Exploitation correct faulty behavior behavior • Make a systematic review of the fault‐attack process on embedded software Fault Analysis Patrick Schaumont (VT) 5

  6. Outline 1. Introducing the Fault Attack 2. Anatomy of a Fault Attack 3. Fault Injection Techniques 4. Manifestation and Propagation in the ISA 5. FAME – A Mitigation Technique for Microprocessors Patrick Schaumont (VT) 6

  7. Attacks on Embedded Software I/O CPU MEM • Embedded Software assumes execution is correct • (This presentation) Incorrect execution as starting point for attack ‐ Privilege Escalation ‐ Information Leakage Patrick Schaumont (VT) 7

  8. Privilege Escalation & Information Leakage • Privilege Escalation = Adversarial Control of Critical Decisions if (! access_allowed ) abort( ); • Information Leakage = Disclosure of Secret Data & Dependencies r1 if (key_bit) out = f(r1); else out = f(r0); key_bit leaks through out Patrick Schaumont (VT) 8

  9. Triggering Incorrect Execution I/O CPU MEM Attacker Attack Target Security Failure Input/Output Attacker Input/Output Data Software Bugs Memory Attacker Application/Task Image Lack of Mem Isolation Hardware Attacker Instruction Opcode Modification Instruction Execution Micro-Architecture Circuit Timing, Threshold Levels Environment Operating Conditions this talk Patrick Schaumont (VT) 9

  10. Outline 1. Introducing the Fault Attack 2. Anatomy of a Fault Attack 3. Fault Injection Techniques 4. Manifestation and Propagation in the ISA 5. FAME – A Mitigation Technique for Microprocessors Patrick Schaumont (VT) 10

  11. Anatomy of a Fault Attack 1. Fault Attack Design • Fault Target and Fault Model Defined by • Fault Injection Method Security (Attack) Objective • Fault Exploitation Method 2. Fault Attack Implementation • Fault Injection • Fault Manifestation Constrained by • Fault Propagation Implementation • Fault Observation • Fault Exploitation Patrick Schaumont (VT) 11

  12. Anatomy of a Fault Attack electrical transient Fault Injection Physical Level Patrick Schaumont (VT) 12

  13. Anatomy of a Fault Attack faulty bits Fault Manifestation Circuit Level electrical transient Fault Injection Physical Level Patrick Schaumont (VT) 13

  14. Anatomy of a Fault Attack Hardware faulty micro‐op Decode Execute Fault Propagation Datapath Control Micro‐Architecture D‐Fetch I‐Fetch Store Level Status Regs Instruction Memory Register File Data Mem Boot ROM faulty bits Fault Manifestation Circuit Level electrical transient Fault Injection Physical Level Patrick Schaumont (VT) 14

  15. Anatomy of a Fault Attack S P 1 int verify(S,P){ 1 Faulty int r; Application S,P 2 if (S = P) Control Flow 2 OS r = 1; 3 and/or else Data Flow Firmware 3 4 4 r = 0; r r 5 return r Fault Observation 5 } faulty instruction Software Instruction Set Architecture Hardware faulty micro‐op Decode Execute Fault Propagation Datapath Control Micro‐Architecture D‐Fetch I‐Fetch Store Level Status Regs Instruction Memory Register File Data Mem Boot ROM faulty bits Fault Manifestation Circuit Level electrical transient Fault Injection Physical Level Patrick Schaumont (VT) 15

  16. Anatomy of a Fault Attack S P 1 int verify(S,P){ Fault Exploitation 1 Faulty int r; Application S,P 2 if (S = P) Control Flow 2 OS r = 1; 3 and/or else Data Flow Firmware 3 4 4 r = 0; r r 5 return r Fault Observation 5 } faulty instruction Software Instruction Set Architecture Hardware faulty micro‐op Decode Execute Fault Propagation Datapath Control Micro‐Architecture D‐Fetch I‐Fetch Store Level Status Regs Instruction Memory Register File Data Mem Boot ROM faulty bits Fault Manifestation Circuit Level electrical transient Fault Injection Physical Level Patrick Schaumont (VT) 16

  17. Outline 1. Introducing the Fault Attack 2. Anatomy of a Fault Attack 3. Fault Injection Techniques 4. Manifestation and Propagation in the ISA 5. FAME – A Mitigation Technique for Microprocessors Patrick Schaumont (VT) 17

  18. Fault‐injection Control Hardware‐controlled Software‐controlled Fault Injection Fault Injection Software Tasks Fault Injection Hardware CTL/Injection Victim Fault Control Injector Timing Physical Stress Physical Stress I/O CPU I/O CPU MEM MEM Patrick Schaumont (VT) 18

  19. Timing Vdd Temp logic clk nominal clock period critical path + slack Patrick Schaumont (VT) 19

  20. Artificial Timing Faults Vdd Temp logic clk shortened clock period • Overclocking • critical path Clock Glitching ‐ slack Timing Violation nominal clock period • Underfeeding • Voltage Glitching increased critical path • Overheating ‐ slack Patrick Schaumont (VT) 20

  21. Noise Injection ‐ EMFI Faraday’s Law E = ‐A . dB logic dt E clk Area A Field B di dt Patrick Schaumont (VT) 21

  22. Noise Injection ‐ EMFI Faraday’s Law E = ‐A . dB logic dt E clk Area A Field B di dt Patrick Schaumont (VT) 22

  23. Noise Injection – Laser Faults Glitches Single Event Upset Laser Beam Vdd on 1 0 Flip off Photocurrent Vss Laser Beam Patrick Schaumont (VT) 23

  24. Software‐Controlled Faults • DVFS Interface (CLKSCREW) f1 PLL Core1 f2 software controlled Programming timing violation by modified (V2,f2) Interface V1 PMIC Core2 V2 • Memory Disturbance software controlled leak charge @ repeated word access word row 0 row 1 bit row 2 row buffer Patrick Schaumont (VT) 24

  25. Fault Injection Portfolio Fault Injection Spatial Temporal Cost Intensity Precision Precision Overclocking Low Low Low Clock f Clock Glitching Low High Low Glitch Width Underfeeding Low Low Low Voltage Voltage Glitching Low High Low Glitch V/W Overheating Low Low Low Temperature Light Pulse Medium Medium Low Pulse W/Enrgy Laser Pulse High High High Pulse W/Enrgy EM Pulse Medium High High Probe Current DVFS Interface Low Medium Zero V/f Memory Disturbance High Medium Zero Disturbance f Patrick Schaumont (VT) 25

  26. Outline 1. Introducing the Fault Attack 2. Anatomy of a Fault Attack 3. Fault Injection Techniques 4. Manifestation and Propagation in the ISA 5. FAME – A Mitigation Technique for Microprocessors Patrick Schaumont (VT) 26

  27. Processor Micro‐architecture • Instruction Semantics & Syntax • Memory Model Programmer’s Model • Interrupt/Exception Interface Instruction Set Architecture Instruction Memory Fetch Control Micro‐Architecture Decode Flags Datapath Load Store Data Mem RegFile Patrick Schaumont (VT) 27

  28. Processor Micro‐architecture Faults • Instruction Semantics & Syntax Faulty Instruction • Memory Model Programmer’s Model • Interrupt/Exception Interface Propagation Instruction Set Architecture Manifestation Instruction Memory • Fault Location Fetch • Fault Effect • Control Fault Duration Micro‐Architecture • Fault Size Decode Flags Datapath Load Store Data Mem RegFile Patrick Schaumont (VT) 28

  29. Processor Micro‐architecture Faults Micro‐architecture Element Instruction‐memory Instruction‐fetch Instruction‐decode Operand‐fetch Execute Store Data‐memory Register File Status Flags Patrick Schaumont (VT) 29

  30. Processor Micro‐architecture Faults Micro‐architecture Element Instruction‐memory Function Operand Immediate Instruction‐fetch Different Different Different instruction source/dest Instruction‐decode value Operand‐fetch Execute Store Data‐memory Register File Status Flags Patrick Schaumont (VT) 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of

Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of

Introduction Threats Setups Attacks Countermeasures Conclusion 1 / 31 Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of Cryptographic Algorithms and Devices for Real-World Applications Sibenik,

849 views • 31 slides
Protecting the Control Flow of Embedded Processors against Fault Attacks Mario Werner 1 , Erich

Protecting the Control Flow of Embedded Processors against Fault Attacks Mario Werner 1 , Erich

W I S S E N T E C H N I K L E I D E N S C H A F T Protecting the Control Flow of Embedded Processors against Fault Attacks Mario Werner 1 , Erich Wenger 2 , and Stefan Mangard 1 , 1 Graz University of Technology 2 Infineon

552 views • 32 slides
EXPERIMENTAL EVALUATION OF TWO SOFTWARE COUNTERMEASURES AGAINST FAULT ATTACKS Nicolas Moro 1,3 ,

EXPERIMENTAL EVALUATION OF TWO SOFTWARE COUNTERMEASURES AGAINST FAULT ATTACKS Nicolas Moro 1,3 ,

EXPERIMENTAL EVALUATION OF TWO SOFTWARE COUNTERMEASURES AGAINST FAULT ATTACKS Nicolas Moro 1,3 , Karine Heydemann 3 , Amine Dehbaoui 2 , Bruno Robisson 1 , Emmanuelle Encrenaz 3 1 CEA Commissariat lEnergie Atomique et aux Energies

679 views • 22 slides
Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @

Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @

Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @ Security Evaluation Kudelski Security Lab @ Kudelski IoT Embedded systems Hardware attacks security research Glitch / EM Reverse

889 views • 51 slides
FAULT ATTACKS ON TWO SOFTWARE COUNTERMEASURES Nicolas Moro 1,3 , Karine Heydemann 3 , Amine

FAULT ATTACKS ON TWO SOFTWARE COUNTERMEASURES Nicolas Moro 1,3 , Karine Heydemann 3 , Amine

FAULT ATTACKS ON TWO SOFTWARE COUNTERMEASURES Nicolas Moro 1,3 , Karine Heydemann 3 , Amine Dehbaoui 2 , Bruno Robisson 1 , Emmanuelle Encrenaz 3 1 CEA Commissariat lEnergie Atomique et aux Energies Alternatives 2 ENSM.SE Ecole Nationale

456 views • 22 slides
Design Optimization of Time- and Cost-Constrained Fault-Tolerant Distributed Embedded Systems

Design Optimization of Time- and Cost-Constrained Fault-Tolerant Distributed Embedded Systems

Design Optimization of Time- and Cost-Constrained Fault-Tolerant Distributed Embedded Systems Viaceslav Izosimov, Paul Pop, Petru Eles, Zebo Peng Embedded Systems Lab (ESLAB) Linkping University, Sweden 1/21 1 of 14 Motivation Faults

408 views • 21 slides
Embedding Crypto in SoCs: Threats and Protections Arnaud Tisserand CNRS, Lab-STICC laboratory

Embedding Crypto in SoCs: Threats and Protections Arnaud Tisserand CNRS, Lab-STICC laboratory

Embedding Crypto in SoCs: Threats and Protections Arnaud Tisserand CNRS, Lab-STICC laboratory GDR SoC17, Bordeaux Summary Introduction & Cryptographic Background Side Channel Attacks Fault Injection Attacks Protections

1.87k views • 166 slides
Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, Robert Primas ASIACRYPT 2018 IAIK - Graz University of Technology www.tugraz.at

1.01k views • 78 slides
Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats Fault Tolerance Fault Injection for Fault Tolerance Assessment Basic and classic techniques Decision Mechanisms Implementation

962 views • 61 slides
ECE 3574: Applied Software Design Embedded Programming in C++ Today we are going to look at what

ECE 3574: Applied Software Design Embedded Programming in C++ Today we are going to look at what

ECE 3574: Applied Software Design Embedded Programming in C++ Today we are going to look at what subset of C++ is suitable for embedded programming. What is different about embedded systems programming? C or C++? Memory Management

210 views • 17 slides
On the Design of Fault-Tolerance in a Decentralized Software Platform for Power Systems Purboday

On the Design of Fault-Tolerance in a Decentralized Software Platform for Power Systems Purboday

On the Design of Fault-Tolerance in a Decentralized Software Platform for Power Systems Purboday Ghosh, Scott Eisele, Abhishek Dubey, Mary Metelko, Istvan Madari, Peter Volgyesi, Gabor Karsai Institute for Software-Integrated Systems,

487 views • 23 slides
Attacks August 28, 2019 Conference on Cryptographic Hardware and Atlanta, USA Embedded Systems

Attacks August 28, 2019 Conference on Cryptographic Hardware and Atlanta, USA Embedded Systems

Shaping th the Glit litch: Claudio Bozzato 4 Riccardo Focardi 12 Francesco Palmarini 13 Optimizing Volt ltage 1 Ca Foscari University of Venice, 2 Cryptosense, Fault In Inje jection 3 Yarix, 4 Talos Attacks August 28, 2019 Conference on

369 views • 35 slides
Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir

Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir

Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir 2 , Sylvain Guilley 1 , Fran Pablo Rauzy 1 , Pierre-Yves Strub 2 1 Telecom ParisTech 2 IMDEA Software Institute Crypto Seminar Day @ IMDEA

101 views • 9 slides
Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia Laguna, Sardinia (Italy) 19 October 2015 Introduction to Fault Attacks 19 October 2015 What are fault attacks? Active attacks against

571 views • 27 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Accessing Middleware from Qt, QML or HTML5 basysKom... introducing ourselves l Embedded Software

Accessing Middleware from Qt, QML or HTML5 basysKom... introducing ourselves l Embedded Software

Accessing Middleware from Qt, QML or HTML5 basysKom... introducing ourselves l Embedded Software Engineering Partner for the development of innovative quality products l Expertise in... Embedded R&D Embedded architecture design,

588 views • 33 slides
Differential Fault Analysis of HC-128 Aleksandar Kircanski and Amr M. Youssef AFRICACRYPT 2010

Differential Fault Analysis of HC-128 Aleksandar Kircanski and Amr M. Youssef AFRICACRYPT 2010

Differential Fault Analysis of HC-128 Differential Fault Analysis of HC-128 Aleksandar Kircanski and Amr M. Youssef AFRICACRYPT 2010 May 03-06, 2010, Stellenbosch, South Africa Differential Fault Analysis of HC-128 Outline Fault analysis

374 views • 24 slides
Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults Chong Hee KIM

Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults Chong Hee KIM

Outline Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults Chong Hee KIM Information Security Group Universit e Catholique de Louvain, Belgium August 21, 2010 Chong Hee KIM, Universit e Catholique de Louvain

797 views • 76 slides
DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #2: IN-MEMORY

DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #2: IN-MEMORY

DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #2: IN-MEMORY DATABASES 2 TODAYS AGENDA Background In-Memory DBMS Architectures Early Notable In-Memory DBMSs 3 LAST CLASS History of DBMSs In a way

1.08k views • 69 slides
FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan

FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan

FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan Liu 1 , Yang Cao 2 , Masatoshi Yoshikawa 2 , Hong Chen 1 1 Renmin University of China, 2 Kyoto University DASFAA, 2020 Federated Learning Overview

370 views • 35 slides
JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK

JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK

JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK 2018, Kolkata, India 15 Nov 2018 Table of Contents 1. Introduction to Fault Attacks 2. Persistent Fault Analysis (PFA) 3. PFA on Fault

588 views • 19 slides
Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M.

Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M.

Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M. Eichlseder, T. Korak, V. Lomn e, F. Mendel ASK 2016 The research leading to these results has received funding from the European Unions Horizon

551 views • 26 slides
Flip a bit, grab a key: Symbolic execution edition Jasper van Woudenberg @jzvw CTO Riscure

Flip a bit, grab a key: Symbolic execution edition Jasper van Woudenberg @jzvw CTO Riscure

Flip a bit, grab a key: Symbolic execution edition Jasper van Woudenberg @jzvw CTO Riscure North America public Concrete execution r1 = 0xBE; r2 = 0x08 mov r1,r2 add r1,0x10 r1 = 0x18; r2 = 0x08 public 2 Symbolic execution r1 = 0xBE;

470 views • 31 slides
Using Modular Extension to Provably Protect Edwards Curves Against Fault Attacks Margaux

Using Modular Extension to Provably Protect Edwards Curves Against Fault Attacks Margaux

Using Modular Extension to Provably Protect Edwards Curves Against Fault Attacks Margaux Dugardin, Sylvain Guilley, Martin Moreau, Zakaria Najm, Pablo Rauzy PROOFS 2016 - Santa Barbara, CA Introduction Eve Communications Alice Bob Channel

726 views • 60 slides

More recommend