fault attacks on two software countermeasures
play

FAULT ATTACKS ON TWO SOFTWARE COUNTERMEASURES Nicolas Moro 1,3 , - PowerPoint PPT Presentation

Dec 17, 2023 •234 likes •456 views

FAULT ATTACKS ON TWO SOFTWARE COUNTERMEASURES Nicolas Moro 1,3 , Karine Heydemann 3 , Amine Dehbaoui 2 , Bruno Robisson 1 , Emmanuelle Encrenaz 3 1 CEA Commissariat lEnergie Atomique et aux Energies Alternatives 2 ENSM.SE Ecole Nationale

  1. FAULT ATTACKS ON TWO SOFTWARE COUNTERMEASURES Nicolas Moro 1,3 , Karine Heydemann 3 , Amine Dehbaoui 2 , Bruno Robisson 1 , Emmanuelle Encrenaz 3 1 CEA Commissariat à l’Energie Atomique et aux Energies Alternatives 2 ENSM.SE Ecole Nationale Supérieure des Mines de Saint-Etienne 3 LIP6 - UPMC Laboratoire d’Informatique de Paris 6 Sorbonne Universités - Université Pierre et Marie Curie Amine Dehbaoui is now with Serma Technologies Experimental evaluation of two software countermeasures against fault attacks N. Moro, K. Heydemann, A. Dehbaoui, B. Robisson, E. Encrenaz IEEE HOST Symposium 2014, Arlington, VA, USA | Page 1 TRUDEVICE 2014 – MAY 29-30, PADERBORN, GERMANY

  2. INTRODUCTION AND MOTIVATIONS Concern: Security of embedded programs against fault attacks  Many software countermeasures  Defined by respect to a fault model  Often based on redundancy principles  Some recent schemes propose to add this redundancy at assembly level C an we evaluate the practical effectiveness of some assembly-level countermeasures against fault attacks ? 1 – Provide an experimental evaluation on single isolated instructions 2 – Provide an experimental evaluation on complex codes Page 2 of 22 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  3. OUTLINE I. Experimental setup II. Preliminaries about the fault model III. Evaluation on simple codes IV. Evaluation on a FreeRTOS implementation V. Conclusion Page 3 of 22 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  4. EXPERIMENTAL SETUP Pulsed electromagnetic fault injection  Transient and local effect of the fault injection  Standard circuits not protected against this technique  Solenoid used as an injection antenna  Up to 210V sent on the injection antenna, pulses width longer than 10ns Microcontroller based on an ARM Cortex-M3 - 130nm CMOS technology, ARMv7-M architecture - Frequency 56 MHz, clock period 17.8 ns - 16/32 bits Thumb-2 RISC instruction set - Keil ULINKpro JTAG probe to debug the microcontroller - 3-stage pipeline (Fetch – Decode – Execute), no prefetch The Definitive Guide to the ARM Cortex-M3 – Joseph Yiu, Newnes, 2009 Page 4 of 22 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  5. EXPERIMENTAL SETUP  The experiment is driven by the computer  The target code is runned on the microcontroller  The pulse generator sends a voltage pulse Debug  The microcontroller is stopped Generator control  The microcontroller’s internal data is harvested Pulse generator Motorized stage Trigger signal Main experimental parameters control • Position of the injection antenna (fixed for this work) Pulse • Electric parameters of the pulse (fixed for this work) • Injection time of the pulse • Motorized Executed code on the microcontroller X Y Z stage Hardware exceptions UsageFault exceptions for illegal instructions are triggered  Used to identify the impacted instruction for a given injection time Page 5 of 22 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  6. OUTLINE I. Experimental setup II. Preliminaries about the fault model III. Evaluation on simple assembly codes IV. Evaluation on a FreeRTOS implementation V. Conclusion Page 6 of 22 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  7. FAULT INJECTION ON A SINGLE 16-BIT LDR INSTRUCTION ldr r0, [pc,#40]  loads a 32-bit word into a register from the Flash memory Instruction Instruction decode fetch (data fetch) Pulse Hamming voltage weight (V) in r0 Injection time (ns), by steps of 200ps Page 7 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  8. FAULT INJECTION ON A SINGLE 16-BIT LDR INSTRUCTION ldr r0, [pc,#40]  loads a 32-bit word into a register from the Flash memory Consequences regarding the instruction flow (instruction fetch)  Instructions replacements  Instruction skips under certain conditions (~ 20-30% of time) Consequences regarding the data flow (instruction decode)  Corruption of the ldr instructions from the Flash memory Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller N. Moro, A. Dehbaoui, K. Heydemann, B. Robisson, E.Encrenaz - FDTC Workshop, Santa-Barbara, 2013 Page 8 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  9. OUTLINE I. Experimental setup II. Preliminaries about the fault model III. Evaluation on simple assembly codes IV. Evaluation on a FreeRTOS implementation V. Conclusion Page 9 of 22 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  10. GENERAL METHODOLOGY  Two fault injection attemps, every 200 ps  During a time inteval defined by hardware instructions ldr r0, [pc, #40] ldr r1, [pc, #38] cmp r0, r1 ldr r0, [pc, #34] bne <error> 150 ns 300 ns 1500 fault injection attempts 3000 fault injection attemps 180 faulty outputs 210 faulty outputs / 50 faulty o. Relevant metric to evaluate the countermeasures ? Replacement sequences add some instructions  longer execution time  more fault injections to do  different number of results to compare From a security point of view, effectiveness = reduction of faulty outputs Page 10 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  11. FAULT TOLERANCE COUNTERMEASURE  Fault tolerance against one instruction skip bl <function>  Formally verified using model-checking tools  A replacement sequence for every instruction adr r1, <return_label>  No protection for the data flow adr r1, <return_label> add lr, r1, #1  Experiment performed on the bl instruction add lr, r1, #1 b <function> b <function>  In the tested code, the subroutine modifies r0 return_label Formal verification of a software countermeasure against instruction skip fault attacks N. Moro, K. Heydemann, E.Encrenaz, B. Robisson - Journal of Cryptographic Engineering, Springer, 2014 Page 11 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  12. FAULT INJECTION RESULTS  Fewer faults by forcing the 32-bit encoding of instructions (orange curve)  The countermeasure is not effective with 16-bit instructions (blue curve)  The combination 32-bit inst + countermeasure is very effective (green curve) Page 12 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  13. FAULT DETECTION COUNTERMEASURE  Detects any single fault (instruction skips, replacements, data flow)  Proposed for a restricted set of instructions (ALU, load-store)  Tested for a ldr instruction from the Flash memory ldr r0, [pc, #40] ldr r1, [pc, #38] ldr r0, [pc, #34] cmp r0, r1 bne <error> Countermeasures against fault attacks on software implemented AES A. Barenghi, L. Breveglieri, I.Koren, G. Pelosi, F. Regazzoni – WESS Workshop, New-York, 2010 Page 13 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  14. FAULT DETECTION COUNTERMEASURE  Faults for 16-bit and 32-bit encodings, some due to the corruption of the data transfer  The FD countermeasure is not effective with a 16-bit encoding (blue curve)  However, countermeasure + 32-bit encoding  very effective (green curve) Page 14 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  15. OUTLINE I. Experimental setup II. Preliminaries about the fault model III. Evaluation on simple assembly codes IV. Evaluation on a FreeRTOS implementation V. Conclusion Page 15 of 22 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  16. FREERTOS AND TARGET CODES  Portable RTOS written in C, multitasking operating system Fault tolerance countermeasure  Changes priv. mode msr control, r3 msr psp, r0 • At the OS initialization mov r0, #0 add lr, r1, #1 • The systems starts in privileged mode msr basepri, r0 ldr lr, =0xfffffffd • Then it switches to unprivileged mode prvRestoreContextOfFirstTask function  An attacker may try to stay in privileged mode To evaluate the effectiveness, we observe the number of faults in the control register Page 16 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  17. FAULT TOLERANCE COUNTERMEASURE  Not very good effectiveness for the fault tolerance countermeasure on this code  The protected msr instruction is maybe too specific or the fault model too simplistic  Further experiments are required to deeply analyze the effectiveness of this CM Page 17 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  18. FREERTOS AND TARGET CODES Fault detection countermeasure  uxPriority in r0 ldr r0, [r0, #0] str r0, [sp, #0] movs r3, #0 Arguments • During task creation movs r2, #128 for the movs r1, #0 • Each task has its own priority level function ldr r0, =address_fct bl <xTaskGenericCreate> • The priority level is loaded from the Flash Code before calling xTaskGenericCreate  An attacker may try to change a priority level To evaluate the effectiveness, we observe the number of faults in this priority level (in the xTaskGenericCreate function) Page 18 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

  19. FAULT DETECTION COUNTERMEASURE  The countermeasure when only applied to ldr instructions still misses some faults  The countermeasure is very effective on this code when applied to every instruction  However, not all the instructions can be protected with this countermeasure  This countermeasure must be combined with other techniques against faults Page 19 of 22 27 MAI 2014 TRUDEVICE Workshop 2014 May 29-30 - Paderborn, Germany

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EXPERIMENTAL EVALUATION OF TWO SOFTWARE COUNTERMEASURES AGAINST FAULT ATTACKS Nicolas Moro 1,3 ,

EXPERIMENTAL EVALUATION OF TWO SOFTWARE COUNTERMEASURES AGAINST FAULT ATTACKS Nicolas Moro 1,3 ,

EXPERIMENTAL EVALUATION OF TWO SOFTWARE COUNTERMEASURES AGAINST FAULT ATTACKS Nicolas Moro 1,3 , Karine Heydemann 3 , Amine Dehbaoui 2 , Bruno Robisson 1 , Emmanuelle Encrenaz 3 1 CEA Commissariat lEnergie Atomique et aux Energies

679 views • 22 slides
Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, Robert Primas ASIACRYPT 2018 IAIK - Graz University of Technology www.tugraz.at

1.01k views • 78 slides
On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

Physical Attacks New Attacks on Classical Countermeasures Extended Countermeasures On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 , Thomas ROCHE 1 , Adrian THILLARD 1 1 ANSSI (French Network and

358 views • 25 slides
Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of

Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of

Introduction Threats Setups Attacks Countermeasures Conclusion 1 / 31 Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of Cryptographic Algorithms and Devices for Real-World Applications Sibenik,

849 views • 31 slides
Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir

Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir

Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir 2 , Sylvain Guilley 1 , Fran Pablo Rauzy 1 , Pierre-Yves Strub 2 1 Telecom ParisTech 2 IMDEA Software Institute Crypto Seminar Day @ IMDEA

101 views • 9 slides
Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com Outline Motivation &amp; general mechanisms Side-channel countermeasures Fault countermeasures Conclusions 2 Design and Security of

549 views • 40 slides
MOBILE DATA CHARGING: NEW ATTACKS NEW ATTACKS AND COUNTERMEASURES AND COUNTERMEASURES Chunyi

MOBILE DATA CHARGING: NEW ATTACKS NEW ATTACKS AND COUNTERMEASURES AND COUNTERMEASURES Chunyi

MOBILE DATA CHARGING: NEW ATTACKS NEW ATTACKS AND COUNTERMEASURES AND COUNTERMEASURES Chunyi Peng Chunyi Peng , Chi-Yu Li, Guan-Hua Tu, Songwu Lu, Lixia Zhang University of California, Los Angeles ACM CCS12 ACM CCS'12 C Peng (UCLA)

480 views • 27 slides
Countermeasures Against High-Order Fault-Injection Attacks on CRT-RSA Pablo Rauzy Sylvain

Countermeasures Against High-Order Fault-Injection Attacks on CRT-RSA Pablo Rauzy Sylvain

Countermeasures Against High-Order Fault-Injection Attacks on CRT-RSA Pablo Rauzy Sylvain Guilley rauzy@enst.fr guilley@enst.fr pablo.rauzy.name perso.enst.fr/ guilley Telecom ParisTech CNRS LTCI / COMELEC / SEN FDTC 2014 Eleventh

460 views • 43 slides
I n p u t sanitization); drop table slides New attacks and countermeasures: SQL

I n p u t sanitization); drop table slides New attacks and countermeasures: SQL

This time Continuing with Software Getting insane with Security I n p u t sanitization); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web architecture Client

1.22k views • 102 slides
A Formal Proof of Countermeasures against Fault Injection Attacks on CRT-RSA Pablo Rauzy Sylvain

A Formal Proof of Countermeasures against Fault Injection Attacks on CRT-RSA Pablo Rauzy Sylvain

A Formal Proof of Countermeasures against Fault Injection Attacks on CRT-RSA Pablo Rauzy Sylvain Guilley rauzy@enst.fr sylvain.guilley@enst.fr pablo.rauzy.name perso.enst.fr/~guilley Telecom ParisTech LTCI / COMELEC / SEN August 24, 2013

711 views • 47 slides
Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs marc.joye@thomson.net CryptoPuces 2009 Porquerolles, June 26, 2009 Outline Elliptic Curve Cryptography Inducing Faults Fault Attacks Countermeasures

363 views • 24 slides
Attacks and Countermeasures for White-box Designs Alex Biryukov, Aleksei Udovenko CSC and SnT,

Attacks and Countermeasures for White-box Designs Alex Biryukov, Aleksei Udovenko CSC and SnT,

Attacks and Countermeasures for White-box Designs Alex Biryukov, Aleksei Udovenko CSC and SnT, University of Luxembourg December 5, 2018 Plan 1 Introduction 2 Attacks on Masked White-box Implementations 3 Countermeasures 4 Algebraic Security 0

797 views • 53 slides
HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference Mangard et. al, &quot;Power Analysis Attacks, Revealing the Secrets of Smart Cards&quot;, Springer, 2009 Power analysis attacks are effective because the

479 views • 19 slides
channel and fault attacks Jasper van Woudenberg @jzvw January 10, 2019 1 Our vision

channel and fault attacks Jasper van Woudenberg @jzvw January 10, 2019 1 Our vision

Practicing the art and science of side channel and fault attacks Jasper van Woudenberg @jzvw January 10, 2019 1 Our vision certificate recommendations countermeasures 2 Where we are today Science Art Bit of both certificate 2 weeks

998 views • 41 slides
Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor

Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor

Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Acknowledgements FAME Project Team https://sites.google.com/view/famechip Supported through National

1.01k views • 72 slides
Automated combination of tolerance and control flow integrity countermeasures against multiple

Automated combination of tolerance and control flow integrity countermeasures against multiple

Automated combination of tolerance and control flow integrity countermeasures against multiple fault attacks on embedded systems Thierno Barry PhD Candidate in security of Embedded Systems at CEA ( the French Atomic Energy Commission )

681 views • 18 slides
Merging of Exceptional Points in Classical Waves: Acoustics and photonic crystals Kun Ding ,

Merging of Exceptional Points in Classical Waves: Acoustics and photonic crystals Kun Ding ,

Merging of Exceptional Points in Classical Waves: Acoustics and photonic crystals Kun Ding , Guancong Ma, Meng Xiao, Z. Q. Zhang, and C. T. Chan Department of Physics and Institute for Advanced Study, The Hong Kong University of Science and

665 views • 32 slides
Hybrid Quantum Mechanics / Molecular Mechanics (QM/MM) Approaches - Partitioning the system:

Hybrid Quantum Mechanics / Molecular Mechanics (QM/MM) Approaches - Partitioning the system:

Hybrid Quantum Mechanics / Molecular Mechanics (QM/MM) Approaches - Partitioning the system: QM/MM Hamiltonian and calculation of forces Mauro Boero Institut de Physique et Chimie des Matriaux de Strasbourg University of Strasbourg - CNRS,

659 views • 33 slides
On NP-Hardness of the Paired de Bruijn Sound Cycle Problem Fedor Tsarev Evgeny Kapun Genome

On NP-Hardness of the Paired de Bruijn Sound Cycle Problem Fedor Tsarev Evgeny Kapun Genome

On NP-Hardness of the Paired de Bruijn Sound Cycle Problem Fedor Tsarev Evgeny Kapun Genome Assembly Algorithms Laboratory University ITMO, St. Petersburg, Russia September 2, 2013 Genome assembly models Shortest common superstring

604 views • 21 slides
CCured: Type-safe Retrofitting of Legacy Code By Necula, McPeak, Weimer Presented By: Philip

CCured: Type-safe Retrofitting of Legacy Code By Necula, McPeak, Weimer Presented By: Philip

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CCured: Type-safe Retrofitting of Legacy Code By Necula,

284 views • 24 slides
MODEL ON A 32-BIT MICROCONTROLLER Nicolas Moro 1,3 , Amine Dehbaoui 2 , Karine Heydemann 3 , Bruno

MODEL ON A 32-BIT MICROCONTROLLER Nicolas Moro 1,3 , Amine Dehbaoui 2 , Karine Heydemann 3 , Bruno

ELECTROMAGNETIC FAULT INJECTION: TOWARDS A FAULT MODEL ON A 32-BIT MICROCONTROLLER Nicolas Moro 1,3 , Amine Dehbaoui 2 , Karine Heydemann 3 , Bruno Robisson 1 , Emmanuelle Encrenaz 3 1 CEA Commissariat lEnergie Atomique et aux Energies

785 views • 24 slides
RNA: A molecule for many uses seen with the eyes of a physicist Peter Schuster Institut fr

RNA: A molecule for many uses seen with the eyes of a physicist Peter Schuster Institut fr

RNA: A molecule for many uses seen with the eyes of a physicist Peter Schuster Institut fr Theoretische Chemie, Universitt Wien, Austria and The Santa Fe Institute, Santa Fe, New Mexico, USA CAS-MPG Partner Institute for Computational

1.08k views • 79 slides
Kinetic Folding and Evolution of RNA Peter Schuster Institut fr Theoretische Chemie,

Kinetic Folding and Evolution of RNA Peter Schuster Institut fr Theoretische Chemie,

Kinetic Folding and Evolution of RNA Peter Schuster Institut fr Theoretische Chemie, Universitt Wien, Austria and The Santa Fe Institute, Santa Fe, New Mexico, USA Biophysik Kolloquium Humboldt-Universitt Berlin, 05.07.2006 Recent

1.14k views • 100 slides
Data Requirement for Species Tree from Multiple Gene Trees (Dasarathy, Nowak, Roch 2015) Daewon

Data Requirement for Species Tree from Multiple Gene Trees (Dasarathy, Nowak, Roch 2015) Daewon

Data Requirement for Species Tree from Multiple Gene Trees (Dasarathy, Nowak, Roch 2015) Daewon Seo Mar. 14. 2017 Introduction Incomplete Lineage Sorting (ILS), . Gene tree topologies could be different from species tree Two

237 views • 11 slides

More recommend