Detecting Laser Fault Injection for Smart Cards Using Security Automata

Bouffard, Guillaume; Thampi, Bhagyalekshmy N.; Lanet, Jean‐Louis

doi:10.1007/978-3-642-40576-1_3

Cited by 6 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We identified two previously proposed approaches that use a step counter to protect a code region [48,49]. The former targets computation disruption, whereas the latter combines counters with a signature approach at the assembly code level to ensure tolerance to hardware faults.…”

Section: Code Integrity and Control-flow Securingmentioning

confidence: 99%

Formally verified software countermeasures for control-flow integrity of smart card C code

Heydemann¹,

Lalande²,

Berthomé³

2019

Computers & Security

View full text Add to dashboard Cite

Fault attacks can target smart card programs to disrupt an execution and take control of the data or the embedded functionalities. Among all possible attacks, control-flow attacks aim at disrupting the normal execution flow. Identifying harmful control-flow attacks and designing countermeasures at the software level are tedious and tricky for developers. In this paper, we propose a methodology to detect harmful inter-and intra-procedural jump attacks at the source code level and automatically inject formally proven countermeasures into a C code. The proposed software countermeasures protect the integrity of individual statements at the granularity of single C statements. They support many control-flow constructs of the C language. The countermeasure scheme can detect an attack early either inside a control-flow construct or only at its exit. The secured source code defeats 100% of attacks that jump over at least two C source code statements. Experiments showed that the resulting code is also hardened against unexpected function calls and jump attacks at the assembly code level. Securing a source code automatically and extensively with our scheme degrades the performance. The performance overhead of our countermeasures on three well-known encryption algorithms available in C ranged from +41% to +138% on an x86 platform and from +45% to +217% on an ARM-v7 platform. However, combining code rewriting with hardening of sensitive code regions identified by the weakness detection step enables an application to be fully hardened while limiting the overhead.

show abstract

Section: Code Integrity and Control-flow Securingmentioning

confidence: 99%

Formally verified software countermeasures for control-flow integrity of smart card C code

Heydemann¹,

Lalande²,

Berthomé³

2019

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Basic block signature computations and checks can then be carried out by the virtual machine, as proposed by [18]. A transition automaton, in which each state corresponds to a basic block and each transition corresponds to allowed control flow, can also be built by analyzing the bytecode [10]. Calls to setState(), added to the source code, instruct the virtual machine to check the integrity of the control flow by comparing the current state with the allowed ones according to the automaton.…”

Section: Code Securing and Control Flow Securingmentioning

confidence: 99%

“…Two previously proposed approaches also use a step counter to protect a code region [10,25]. The former targets computation disruption while the latter combined counters with a signature approach at assembly level to ensure tolerance to hardware fault.…”

Section: Code Securing and Control Flow Securingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…Fault detection is generally based on spatial, temporal or information redundancy at hardware or software level. In java card enabled smart cards, software components of the virtual machine can perform security checks [18,20,10].In practice, developers of security-critical applications often manually add countermeasures into an application code. This operation requires knowledge about the target code vulnerabilities.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

Lalande

Heydemann

Berthomé

2014

Computer Security - ESORICS 2014

View full text Add to dashboard Cite

Abstract. Fault attacks can target smart card programs in order to disrupt an execution and gain an advantage over the data or the embedded functionalities. Among all possible attacks, control flow attacks aim at disrupting the normal execution flow. Identifying harmful control flow attacks as well as designing countermeasures at software level are tedious and tricky for developers. In this paper, we propose a methodology to detect harmful intra-procedural jump attacks at source code level and to automatically inject formally-proven countermeasures. The proposed software countermeasures defeat 100% of attacks that jump over at least two C source code statements or beyond. Experiments show that the resulting code is also hardened against unexpected function calls and jump attacks at assembly level.Keywords: control flow integrity, fault attacks, smart card, source level IntroductionSmart cards or more generally secure elements are essential building blocks for many security-critical applications. They are used for securing host applications and sensitive data such as cryptographic keys, biometric data, pin counters, etc. Malicious users aim to get access to these secrets by performing attacks on the secure elements. Fault attacks consists in disrupting the circuit's behavior by using a laser beam or applying voltage, clock or electromagnetic glitches [5,6,24]. Their goal is to alter the correct progress of the algorithm and, by analyzing the deviation of the corrupted behavior with respect to the original one, to retrieve the secret information [14]. For java card, fault attacks target particular components of the virtual machine [3,4,9].Many protections have therefore been proposed to counteract attacks. Fault detection is generally based on spatial, temporal or information redundancy at hardware or software level. In java card enabled smart cards, software components of the virtual machine can perform security checks [18,20,10].In practice, developers of security-critical applications often manually add countermeasures into an application code. This operation requires knowledge about the target code vulnerabilities. Both these tasks are time-consuming with direct impact on the certification of the product. One harmful consequence of fault attacks is control flow disruption which may bypass some implemented countermeasures. It is difficult for programmers to investigate all possible control flow disruption in order to detect sensitive parts of the code and then investigate how to add countermeasures inside these sensitive parts. Moreover, secure smart cards have strong security requirements that have to be certified by an independent qualified entity before being placed on the market. Certification can rely on a review of source code and the implemented software countermeasures. The effectiveness of software security countermeasures is then guaranteed by the use of a certified compiler [21]. Injecting control flow integrity checks at compile time would require to certify the modified compiler. To avoid this diff...

show abstract

Evolving attackers against wireless sensor networks using genetic programming

Mrugala

Tuptuk

Hailes

2017

IET wirel. sens. syst.

View full text Add to dashboard Cite

Recent hardware developments have made it possible for the Internet of Things (IoT) to be built. A wide variety of industry sectors, including manufacturing, utilities, agriculture, transportation, and healthcare are actively seeking to incorporate IoT technologies in their operations. The increased connectivity and data sharing that give IoT systems their advantages also increase their vulnerability to attack. In this study, the authors explore the automated generation of attacks using genetic programming (GP), so that defences can be tested objectively in advance of deployment. In the authors' system, the GPgenerated attackers targeted publish-subscribe communications within a wireless sensor networks that was protected by an artificial immune intrusion detection system (IDS) taken from the literature. The GP attackers successfully suppressed more legitimate messages than the hand-coded attack used originally to test the IDS, whilst reducing the likelihood of detection. Based on the results, it was possible to reconfigure the IDS to improve its performance. Whilst the experiments were focussed on establishing a proof-of-principle rather than a turnkey solution, they indicate that GP-generated attackers have the potential to improve the protection of systems with large attack surfaces, in a way that is complementary to traditional testing and certification.

show abstract

Detecting Laser Fault Injection for Smart Cards Using Security Automata

Cited by 6 publications

References 13 publications

Formally verified software countermeasures for control-flow integrity of smart card C code

Formally verified software countermeasures for control-flow integrity of smart card C code

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

Evolving attackers against wireless sensor networks using genetic programming

Contact Info

Product

Resources

About