Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC - - PowerPoint PPT Presentation

introduction to fault attacks
SMART_READER_LITE
LIVE PREVIEW

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC - - PowerPoint PPT Presentation

Feb 16, 2024 291 likes •577 views

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia Laguna, Sardinia (Italy) 19 October 2015 Introduction to Fault Attacks 19 October 2015 What are fault attacks? Active attacks against

slide-1
SLIDE 1

Josep Balasch

Introduction to Fault Attacks

KU Leuven ESAT / COSIC

IACR Summer School 2015

Chia Laguna, Sardinia (Italy) 19 October 2015

Introduction to Fault Attacks 19 October 2015

slide-2
SLIDE 2
  • Active attacks against cryptographic

implementations

  • Electronic devices are subject to (usually)

rare faults

  • Software
  • Hardware
  • Reason: combination of strange events
  • A fault can cause errors
  • An errors can be exploited to expose

secrets

2

What are fault attacks?

Introduction to Fault Attacks

error input

  • utput
slide-3
SLIDE 3
  • Single Event Upsets (SEU)
  • Random bit flips occurring in storage elements

3

History

Introduction to Fault Attacks

1950s 1960s 1970s 1980s

Ground nuclear testing anomalies in electronic monitoring equipment Aerospace industry problems in space electronics: soft-fails IBM research effects of alpha particles

  • n semiconductor

electronics

[ZL79]

slide-4
SLIDE 4
  • #1: Hacking community vs. DirecTV (late 90s)
  • PayTV technology, broadcast only
  • Smart-card based subscription model
  • Phone line to communicate with provider
  • Hacking community:
  • Read/write access to smart cards
  • Change to unlimited subscription model
  • Reply from DirecTV
  • Possibility to update cards

through broadcast channel

  • Disable hacked cards by

inserting an inifinite loop

4

From accidental faults to intentional faults

Introduction to Fault Attacks

… // booting inf_loop: JMP inf_loop … // continue

slide-5
SLIDE 5
  • Reply from the hacker community
  • Unlooper: device that was able to unlock the card

5 Introduction to Fault Attacks

Smart-card slot PC interface spike generator clock generator

… // booting inf_loop: JMP inf_loop … // continue

From accidental faults to intentional faults

slide-6
SLIDE 6
  • #2: The Bellcore Attack [BDL97]
  • Target: implementations of RSA with CRT
  • Main operation: s = md mod n , where d is private key
  • Security of RSA: intractability of factoring large integers (n = p·q)
  • RSA-CRT allows to speed-up

computations:

  • Attack steps:

1. Input m, collect s 2. Input m, inject any fault on sp or sq, collect ŝ 3. Compute gcd(s- ŝ,n) to factorize RSA modulus

  • Devastating effects
  • Today countermeasures extensively studied and deployed

6 Introduction to Fault Attacks

sp = mp

dP mod p

sq = mq

dQ mod q

s = (((sq-sp)·pinv) mod q)·p + sp

From accidental faults to intentional faults

slide-7
SLIDE 7
  • The embedded design space

7

The fault attack jungle

Introduction to Fault Attacks

[VKS11] CRYPTOGRAPHIC PRIMITIVES ARITHMETIC RTL: ALU, REGs, MEM LOGIC: Gates, FFs TRANSISTORS PROTOCOLS FAULT INJECTION FAULT EXPLOITATION FAULT MODEL

slide-8
SLIDE 8

1. Granularity: how many bits dare affected by the fault? 1. Single bit 2. Few bits 3. Word 2. Modification (aka fault type) 1. Stuck-at, e.g. zero or one 2. Flip 3. Random 3. Control: on the fault location and on timing 1. Precise 2. Loose 3. None 4. Duration or effect of the fault 1. Transient 2. Permanent 3. Destructive

8

The fault model

Introduction to Fault Attacks

slide-9
SLIDE 9
  • Non-invasive
  • No physical damage to device
  • Modify working conditions
  • Moderate knowledge/equipment
  • Semi-invasive
  • Chip decapsulation
  • Milling, etching, cleaning
  • Affordable equipment
  • Invasive
  • Establish electrical contact to chip
  • Modification, destruction, ...
  • Expensive equipment, e.g.

semiconductor diagnostics

9

Categories of fault injection

Introduction to Fault Attacks

src: Bridge Technology src: ZEISS src: AirClean Systems src: Dr. Sergei Skobogoratov

slide-10
SLIDE 10
  • Most popular form of non-invasive attacks
  • Both precise timing control, single or multiple
  • Clock glitches
  • Temporal overclocking
  • Critical path violations
  • Voltage spikes
  • Temporal switch to

higher (or lower) voltages

10

Glitches and spikes

Introduction to Fault Attacks

[KQ07] [SH08] [BGV11]

slide-11
SLIDE 11
  • Effects on program flow
  • Replacement of instructions

(sometimes skipping)

  • Tampering with loops

and conditional statements

  • Change of program counter
  • Effects on data flow
  • Computation errors
  • Corrupted memory pointers
  • No bit transitions on data bus

11

Glitches and spikes

Introduction to Fault Attacks

[BGV11]

slide-12
SLIDE 12
  • Underpowering
  • Reduce supply voltage
  • Transient vs. Permanent
  • Increase propagation delay
  • f combinational logic
  • Temperature
  • Device on heating plate
  • Errors appear for a short

window

  • Low-controlability
  • Low-frequency
  • Cooling: data retention

12

Other Non-invasive Methods

Introduction to Fault Attacks

[HS13] [BGVLV12]

src:: EMSE

slide-13
SLIDE 13
  • Semiconductors are inherently

sensitive to light

  • Effect of optical pulses
  • Switching a transistor
  • The chip die needs to be exposed
  • Semi-invasive method
  • Example of fault injection setups:
  • Photo flash in micro-probing

station

  • Laser beam on XY table, with

microscope view and camera

13

Optical Fault Injection

Introduction to Fault Attacks

src: Opto

[SA02]

slide-14
SLIDE 14
  • Many configurable parameters
  • Position (X,Y coordinates)
  • Wavelength
  • Spot size
  • Energy / Peak power
  • Pulse vs. Continuous
  • Repetition rate
  • ...
  • Search space grows exponentially !
  • Many fault models possible

14

Optical Fault Injection

Introduction to Fault Attacks

[WWM11]

1200 nm 20µ x 20µ 10µ 250 nm 9µ x 4µ 1µ 90 nm 3µ x 1.5µ 1µ

[CLFT14]

src: Dr. Sergei Skobogoratov, Semi-invasive attakcs, page 98

slide-15
SLIDE 15
  • Injection of faults via the EM channel
  • Induction of Eddy current
  • Camera flash-gun connected

to an active probe

  • Spark-gap transmitter
  • EM Pulses with micro probes
  • Effects:
  • Switching transistors
  • Critical path violations
  • (Non-) and semi- invasive

approach

15

EM Fault Injection

Introduction to Fault Attacks

[QS3]

slide-16
SLIDE 16

16

Back to the PIN example

Introduction to Fault Attacks

  • Assume the function check(…) runs in constant time
  • Attacker can target the main function with an active attack
  • “Skip” conditional statement
  • E.g. by glitches/spikes during condition check
  • Prevent the counter increase
  • E.g. by disconnecting power supply

MAIN FUNCTION … IF check(…) == -1 COUNTER++ ELSE COUNTER = 0 …

slide-17
SLIDE 17
  • Ask for a cryptographic computation twice
  • With any input and no fault (reference)
  • With the same input and fault injection
  • Infer information about the key from the output differential
  • Sometimes a single fault injection is enough!
  • Recall #2: Bellcore attack

17

Differential Fault Analysis

Introduction to Fault Attacks

slide-18
SLIDE 18
  • DFA – Differential Fault Analysis
  • Similar to classical differential cryptanalysis
  • 2/3 faulty encryptions, 4 key bytes, 216 complexity

18

Fault analysis on block ciphers

Introduction to Fault Attacks

[BS97] SB_9 beginning Round 9 00 MC_9 f

ISB(x1+K1)+ISB(x1+F1+K1)= 2[ISB(x2+K2)+ISB(x2+F2+K2)] ISB(x2+K2)+ISB(x2+F2+K2)= ISB(x3+K3)+ISB(x3+F3+K3) ISB(x4+K4)+ISB(x4+F4+K4)= 3[ISB(x2+K2)+ISB(x2+F2+K2)]

f' f' 2f' f' f' 3f' F1 F2 F3 F4 F1 F2 F3 F4 SR_9 SB_10 SR_10

slide-19
SLIDE 19
  • CFA – Collision Fault Analysis
  • Stuck-at fault model assumed, e.g. zero
  • Target operations in first round(s)
  • Attack steps:
  • 1. Random plaintext, fault @SB_1:

ciphertext Ĉ

  • 2. Random plaintext, no faults:

ciphertext C

  • 3. When Ĉ == C, recover key byte:

SB(P1 xor K1_11) = 0x00

19

Fault analysis on block ciphers

Introduction to Fault Attacks

ciphertext ARK_0 plaintext f f f f f f f f f f f f f f f f ... 00 SB_1 [H04]

slide-20
SLIDE 20
  • IFA – Ineffective Fault Analysis
  • Stuck-at fault model assumed, e.g. zero
  • Target operations in first round(s)

1. Random plaintext, no faults: ciphertext C 2. Same plaintext, fault @SB_1: ciphertext Ĉ 3. When Ĉ == C, recover key byte:

SB(P1 xor K1_11) = 0x00

  • Differences with CFA:
  • Larger number of faults, not required to know the ciphertext !

20

Fault analysis on block ciphers

Introduction to Fault Attacks

ciphertext ARK_0 plaintext ... 00 SB_0 [BS03] [C07] f f f f f f f f f f f f f f f f

slide-21
SLIDE 21

You cannot prevent the adversary from trying to mount an attack

  • But you can try to make it more difficult !
  • Typical countermeasures against fault attacks:
  • Hardening hardware:
  • "Hide" sensitive parts of the chip:
  • glue logic, bus scrambling, memory encryption, ...
  • metal layers (passive shielding)
  • Add filters and/or security sensors:
  • power, clock
  • light, temperature, wire mesh (active shielding)

21

Countermeasures

Introduction to Fault Attacks

slide-22
SLIDE 22
  • Hardening computations:
  • Information redundancy
  • Addition of parities, linear codes
  • Ring embeddings
  • Infective computations
  • Hiding countermeasures
  • Branchless implementations
  • Parallel execution or inverse execution

... but second-order fault attacks are possible

22

Countermeasures

Introduction to Fault Attacks

slide-23
SLIDE 23
  • Fault attacks are a very powerful tool
  • Specialized equipment available to wider class of

adversaries

  • There is no 100% protection
  • With enough resources and time,

attacks can be mounted

  • Arms-race attacks vs. countermeasures

23

Conclusions

Introduction to Fault Attacks

slide-24
SLIDE 24

[BDL97] D. Boneh, R. DeMillo, and R. Lipton, “On the importance of checking cryptographic protocols for faults”, CRYPTO, 1997. [BGV11] J. Balasch, B. Gierlichs, and I. Verbauwhede, “An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs”, FDTC, 2011. [BGVLV12] J. Balasch, B. Gierlichs, R. Verdult, L. Batina, I. Verbauwhede, “Power Analysis of Atmel CryptoMemory - Recovering Keys from Secure EEPROMs”, CT-RSA, 2012. [BS97] E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems”, CRYPTO, 1997. [BS03] J. Blömer and J.-P. Seifert, “Fault Based Cryptanalysis of the Advanced Encryption Standard (AES)”, FC, 2003. [C07] C. Clavier, “Secret External Encodings Do Not Prevent Transient Fault Analysis”, CHES, 2007. [CLFT14] F. Courbon, P. Loubet-Moundi, J. Fournier, A. Tria, “Adjusting laser injections for fully controlled faults”, COSADE, 2014.

24

Bibliography

Introduction to Fault Attacks

slide-25
SLIDE 25

[HS13] M. Hutter, J.-M. Schmidt, “The Temperature Side Channel and Heating Fault Attacks”, CARDIS, 2013. [HSP08] M. Hutter, J.-M. Schmidt, T.Plos, “RFID and its Vulnerability to Faults”, CHES, 2008. [H04] L. Hemme, “A Differential Fault Attack Against Early Rounds of (Triple-) DES”, CHES, 2004. [KQ07] C. H. Kim and J.-J. Quisquater, “Fault attacks for CRT based RSA: new attacks, new results, and new countermeasures”, WISTP, 2007. [QS03] J.-J. Quisquater and D. Samyde, “Eddy current for Magnetic Analysis with Active Sensor”, Esmart, 2002. [SH08] J.-M. Schmidt and C. Herbst, “A Practical Fault Attack on Square and Multiply”, FDTC, 2008. [SA02] S. Skorobogatov, R. Anderson, “Optical Fault Induction Attacks”, CHES, 2002. [WWM11] J.van Woudenberg, M. Witteman and F. Menarini, “Practical optical fault injection on secure microcontrollers”, FDTC, 2011.

25

Bibliography

Introduction to Fault Attacks

slide-26
SLIDE 26

[VKS11] I. Verbauwhede, D. Karaklajid, and J.-M. Schmidt, “The Fault Attack Jungle - A Classification Model to Guide You”, FDTC, 2011. [ZL79] J.F. Ziegler and W.A. Landford, “Effect of cosmic rays on computer memories”, Science, 1979.

26

Bibliography

Introduction to Fault Attacks

slide-27
SLIDE 27

27

Thanks for your attention!

QUESTIONS ?

Josep Balasch: josep.balasch@esat.kuleuven.be

Introduction to Fault Attacks