FaultMeter: Quantitative Fault Attack Assessment of Block Cipher Software

Keerthi, K; Rebeiro, Chester

doi:10.46586/tches.v2023.i2.212-240

Cited by 2 publications

(1 citation statement)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The target audience for this paper is developers of general-purpose software and not specifically cryptographic implementations. Although many fault simulators [1,5,6,14,[16][17][18]24,[26][27][28][29]31,33] can verify the implementations of cryptographic algorithms, we exclude them in this work because there is already an overview of such tools [4]. We found four fault simulators in the public domain suitable for such a developer, namely FiSim [25], ZOFI [23], ARMORY [13] and ARCHIE [12].…”

Section: Introductionmentioning

confidence: 99%

SoK: Assisted Fault Simulation

Adhikary,

Buhan

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Fault injection attacks have caused implementations to behave unexpectedly, resulting in a spectacular bypass of security features and even the extraction of cryptographic keys. Clearly, developers want to ensure the robustness of the software against faults and eliminate production weaknesses that could lead to exploitation. Several fault simulators have been released that promise cost-effective evaluations against fault attacks. In this paper, we set out to discover how suitable such tools are, for a developer who wishes to create robust software against fault attacks. We found four open-source fault simulators that employ different techniques to navigate faults, which we objectively compare and discuss their benefits and drawbacks. Unfortunately, none of the four open-source fault simulators employ artificial intelligence (AI) techniques. However, AI was successfully applied to improve the fault simulation of cryptographic algorithms, though none of these tools is open source. We suggest improvements to open-source fault simulators inspired by the AI techniques used by cryptographic fault simulators.

show abstract

Section: Introductionmentioning

confidence: 99%

SoK: Assisted Fault Simulation

Adhikary,

Buhan

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

`FortiFix` : A Fault Attack Aware Compiler Framework for Crypto Implementations

Rebeiro

2024

ACM Trans. Des. Autom. Electron. Syst.

View full text Add to dashboard Cite

Fault attacks are one of the most powerful forms of cryptanalytic attack on embedded systems, that can corrupt cipher’s operations leading to a breach of confidentiality and integrity. A single precisely injected fault during the execution of a cipher can be exploited to retrieve the secret key in a few milliseconds. Naïve countermeasures introduced into implementation can lead to huge overheads, making them unusable in resource-constraint environments. On the other hand, optimized countermeasures requires significant knowledge, not just about the attack, but also on the (a) the cryptographic properties of the cipher, (b) the program structure, and (c) the underlying hardware architecture. This makes the protection against fault attacks tedious and error-prone. In this paper, we introduce the first automated compiler framework named FortiFix that can detect and patch fault exploitable regions in a block cipher implementation. The framework has two phases. The pre-compilation phase identifies regions in the source code of a block cipher that are vulnerable to fault attacks. The second phase is incorporated as transformation passes in the LLVM compiler to find exploitable instructions, quantify the impact of a fault on these instructions, and finally insert appropriate countermeasures based on user defined security requirements. As a proof of concept, we have evaluated two block cipher implementations AES-128 and CLEFIA-128 on three different hardware platforms such as MSP430 (16-bit), ARM (32-bit) and RISCV (32-bit).

show abstract

FaultMeter: Quantitative Fault Attack Assessment of Block Cipher Software

Cited by 2 publications

References 20 publications

SoK: Assisted Fault Simulation

SoK: Assisted Fault Simulation

`FortiFix` : A Fault Attack Aware Compiler Framework for Crypto Implementations

Contact Info

Product

Resources

About

FaultMeter: Quantitative Fault Attack Assessment of Block Cipher Software

Cited by 2 publications

References 20 publications

SoK: Assisted Fault Simulation

SoK: Assisted Fault Simulation

FortiFix : A Fault Attack Aware Compiler Framework for Crypto Implementations

Contact Info

Product

Resources

About

`FortiFix` : A Fault Attack Aware Compiler Framework for Crypto Implementations