Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller

Moro, Nicolas; Dehbaoui, Amine; Heydemann, Karine; Robisson, Bruno; Encrenaz, Emmanuelle

doi:10.1109/fdtc.2013.9

Cited by 155 publications

(134 citation statements)

References 26 publications

Supporting

Mentioning

132

Contrasting

Order By: Relevance

“…The replacement of a whole instruction by a jump at any location of the program. The executed instruction becomes a jump to an unexpected target [9,24]. The same effect is obtained if the target address of a jump is changed by corrupting the instruction encoding or, in case of indirect jump, if computation of the target address is disrupted.…”

Section: Fault Modelsmentioning

confidence: 69%

“…For example, electromagnetic pulse injections can induce a clock glitch on the bus during transmission of instruction from the Flash memory resulting in an instruction replacement [24]. Such an instruction replacement can provoke a control flow disruption in the two following cases:…”

Section: Fault Modelsmentioning

confidence: 99%

“…Several works [24,2] have shown that attacks can induce instruction replacements. For example, electromagnetic pulse injections can induce a clock glitch on the bus during transmission of instruction from the Flash memory resulting in an instruction replacement [24].…”

Section: Fault Modelsmentioning

confidence: 99%

“…Malicious users aim to get access to these secrets by performing attacks on the secure elements. Fault attacks consists in disrupting the circuit's behavior by using a laser beam or applying voltage, clock or electromagnetic glitches [5,6,24]. Their goal is to alter the correct progress of the algorithm and, by analyzing the deviation of the corrupted behavior with respect to the original one, to retrieve the secret information [14].…”

mentioning

confidence: 99%

See 3 more Smart Citations

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

Lalande

Heydemann

Berthomé

2014

Computer Security - ESORICS 2014

Self Cite

View full text Add to dashboard Cite

Abstract. Fault attacks can target smart card programs in order to disrupt an execution and gain an advantage over the data or the embedded functionalities. Among all possible attacks, control flow attacks aim at disrupting the normal execution flow. Identifying harmful control flow attacks as well as designing countermeasures at software level are tedious and tricky for developers. In this paper, we propose a methodology to detect harmful intra-procedural jump attacks at source code level and to automatically inject formally-proven countermeasures. The proposed software countermeasures defeat 100% of attacks that jump over at least two C source code statements or beyond. Experiments show that the resulting code is also hardened against unexpected function calls and jump attacks at assembly level.Keywords: control flow integrity, fault attacks, smart card, source level IntroductionSmart cards or more generally secure elements are essential building blocks for many security-critical applications. They are used for securing host applications and sensitive data such as cryptographic keys, biometric data, pin counters, etc. Malicious users aim to get access to these secrets by performing attacks on the secure elements. Fault attacks consists in disrupting the circuit's behavior by using a laser beam or applying voltage, clock or electromagnetic glitches [5,6,24]. Their goal is to alter the correct progress of the algorithm and, by analyzing the deviation of the corrupted behavior with respect to the original one, to retrieve the secret information [14]. For java card, fault attacks target particular components of the virtual machine [3,4,9].Many protections have therefore been proposed to counteract attacks. Fault detection is generally based on spatial, temporal or information redundancy at hardware or software level. In java card enabled smart cards, software components of the virtual machine can perform security checks [18,20,10].In practice, developers of security-critical applications often manually add countermeasures into an application code. This operation requires knowledge about the target code vulnerabilities. Both these tasks are time-consuming with direct impact on the certification of the product. One harmful consequence of fault attacks is control flow disruption which may bypass some implemented countermeasures. It is difficult for programmers to investigate all possible control flow disruption in order to detect sensitive parts of the code and then investigate how to add countermeasures inside these sensitive parts. Moreover, secure smart cards have strong security requirements that have to be certified by an independent qualified entity before being placed on the market. Certification can rely on a review of source code and the implemented software countermeasures. The effectiveness of software security countermeasures is then guaranteed by the use of a certified compiler [21]. Injecting control flow integrity checks at compile time would require to certify the modified compiler. To avoid this diff...

show abstract

Section: Fault Modelsmentioning

confidence: 69%

Section: Fault Modelsmentioning

confidence: 99%

Section: Fault Modelsmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

Lalande

Heydemann

Berthomé

2014

Computer Security - ESORICS 2014

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, they are more vulnerable to FA [10] [11] [12] compared to cryptographic chips. In fact, the latter have a specific architecture with specifically designed countermeasures to FA.…”

Section: A Fault Injection Attacks On Microcontrollersmentioning

confidence: 99%

An RTOS-based Fault Injection Simulator for Embedded Processors

Alimi¹,

Lahbib²,

Machhout³

et al. 2017

ijacsa

View full text Add to dashboard Cite

Abstract-Evaluating embedded systems vulnerability to faults injection attacks has gained importance in recent years due to the rising threats they bring to chips security. The task is particularly important for micro-controllers since they have lower resistance to fault attacks compared to hardware-based cryptosystems. This paper reviews recent embedded fault injection simulators from literature and presents an embedded high-level fault injection mechanism based on a Real-Time Operating System (RTOS). The approach aims to be architecture-independent and portable to 32-bit microcontrollers and embedded processors. The proposed mechanism, primarily targets realistic fault attack scenarios on memory locations, is adapted to timed and event-based fault injection. A Differential Fault Attack (DFA) was mounted on a popular ARM-based micro-controller running FreeRTOS to illustrate the proposed mechanism. The aim is also to bridge the embedded fault injection simulation mechanism efficiently to a computerbased cryptanalysis and to highlight the importance of physically protecting the memory and integrating data-specific countermeasures.

show abstract

An automated and scalable formal process for detecting fault injection vulnerabilities in binaries

Given-Wilson

Heuser²,

Jafri

et al. 2018

Concurrency and Computation

View full text Add to dashboard Cite

Fault injection has increasingly been used both to attack software applications, and to test system robustness. Detecting fault injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes an extension of a recently published general model checking based process to detect fault injection vulnerabilities in binaries. This new extension makes the general process scalable to real-world implementions which is demonstrated by detecting vulnerabilities in different cryptographic implementations.

show abstract

Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller

Cited by 155 publications

References 26 publications

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

An RTOS-based Fault Injection Simulator for Embedded Processors

An automated and scalable formal process for detecting fault injection vulnerabilities in binaries

Contact Info

Product

Resources

About