Impeccable Circuits

Aghaie, Anita; Moradi, Amir; Rasoolzadeh, Shahram; Shahmirzadi, Aein Rezaei; Schellenberg, Falk; Schneider, Tobias

doi:10.1109/tc.2019.2948617

Cited by 28 publications

(35 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[16], [17]). More advanced schemes deploy coding techniques to achieve a certain n-bit fault resistance at a lower cost [18]. This, however, also leads to the question of what to do if indeed an error is detected.…”

Section: Background a Fault Injection Evaluation And Countermementioning

confidence: 99%

ARMORY: Fully Automated and Exhaustive Fault Simulation on ARM-M Binaries

Hoffmann

Schellenberg

Paar

2021

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Embedded systems are ubiquitous. However, physical access of users and likewise attackers makes them often threatened by fault attacks: a single fault during the computation of a cryptographic primitive can lead to a total loss of system security. This can have serious consequences, e.g., in safetycritical systems, including bodily harm and catastrophic technical failures. However, countermeasures often focus on isolated fault models and high layers of abstraction. This leads to a dangerous sense of security, because exploitable faults that are only visible at machine code level might not be covered by countermeasures. In this work we present ARMORY, a fully automated open source framework for exhaustive fault simulation on binaries of the ubiquitous ARM-M class. It allows engineers and analysts to efficiently scan a binary for potential weaknesses against arbitrary combinations of multi-variate fault injections under a large variety of fault models. Using ARMORY, we demonstrate the power of fully automated fault analysis and the dangerous implications of applying countermeasures without knowledge of physical addresses and offsets. We exemplarily analyze two case studies, which are highly relevant for practice: a DFA on AES (cryptographic) and a secure bootloader (non-cryptographic). Our results show that indeed numerous exploitable faults found by ARMORY which occur in the actual implementations are easily missed in manual inspection. Crucially, most faults are only visible when taking machine code information, i.e., addresses and offsets, into account. Surprisingly, we show that a countermeasure that protects against one type of fault can actually largely increase the vulnerability to other fault models. Our work demonstrates the need for countermeasures that, at least in their evaluation, are not restricted to isolated fault models and consider low-level information during the design process.

show abstract

Section: Background a Fault Injection Evaluation And Countermementioning

confidence: 99%

ARMORY: Fully Automated and Exhaustive Fault Simulation on ARM-M Binaries

Hoffmann

Schellenberg

Paar

2021

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…• In addition to having strong cryptographic properties, CRAFT has been particularly designed to ease the integration of code-based fault-detection schemes following the concept presented in [1]. This allows the application of any arbitrary EDC in the implementation; we have considered four such codes in our case studies.…”

Section: Our Contributionmentioning

confidence: 99%

“…• Focusing on fault-protected implementations, under all settings with respect to the employed EDC, its area overhead (even with decryption and tweak support) is smaller than all block ciphers considered in [1] with compatible state and key size (see Table 6).…”

Section: Our Contributionmentioning

confidence: 99%

“…However, resistance against fault-injection attacks is based on a different concept, where protection against an adversary who has certain bounded abilities should be achieved. Recently, a mechanism has been introduced in [1] which can guarantee the detection of faults injected by an attacker with the ability of making a bounded number of cells in the entire circuit faulty. The underlying approach is a CED scheme constructed over an Error Detecting Code (EDC) which can be easily adjusted by increasing the minimum distance of the code, i.e., the maximum number of faults that the code can detect + 1.…”

Section: Introductionmentioning

confidence: 99%

“…The authors highlighted the fault propagation effect and introduced the independence property to be fulfilled as a requirement in order to guarantee the detection of up to t = d − 1 faults, when d is the minimum distance of the underlying EDC. The authors of [1] have applied their proposed scheme on several different lightweight ciphers and compared their area overhead.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

CRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks

Beierle

Leander

Moradi

et al. 2019

ToSC

Self Cite

100

View full text Add to dashboard Cite

Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of cryptanalytic security. This picture has been changed by the introduction of PICARO, ZORRO, and FIDES, where efficient protection against Side-Channel Analysis (SCA) attacks has been considered in their design. In this work we present the tweakable block cipher CRAFT: the efficient protection of its implementations against Differential Fault Analysis (DFA) attacks has been one of the main design criteria, while we provide strong bounds for its security in the related-tweak model. Considering the area footprint of round-based hardware implementations, CRAFT outperforms the other lightweight ciphers with the same state and key size. This holds not only for unprotected implementations but also when fault-detection facilities, side-channel protection, and their combination are integrated into the implementation. In addition to supporting a 64-bit tweak, CRAFT has the additional property that the circuit realizing the encryption can support the decryption functionality as well with very little area overhead.

show abstract

My Gadget Just Cares for Me - How NINA Can Prove Security Against Combined Attacks

Dhooghe

Nikova

2020

Topics in Cryptology – CT-RSA 2020

View full text Add to dashboard Cite

Differential Power Analysis and Differential Fault Analysis threaten the security of even the most trustworthy cryptographic primitives. It is important we protect their implementation such that no sensitive information is leaked using side channels and it withstands injected faults or combined physical attacks. In this work, we propose security notions tailored against advanced physical attacks consisting of both faults and probes on circuit wires. We then transform the security notions to composable security notions. The motivation for this research includes the ease of verification time; the creation of secure components; and the isolation of primitives in larger protocols such as modes of operations. We dub our notion NINA, which forms the link between the established Non-Interference (NI) property and our composable active security property, Non-Accumulation (NA). To illustrate the NINA property, we use it to prove the security of two multiplication gadgets: an error checking duplication gadget and an error correcting duplication gadget. The NINA proofs for error detecting gadgets capture the effect of Statistical Ineffective Fault Analysis (SIFA), an attack vector which threatens most current masked implementations. Additionally, we study error correcting techniques. We show that error correcting gadgets can attain the Independent NINA property. A stronger property which captures a clear separation between the effect of faults and probes. Thus, we show that clever error correcting gadgets improve on error detecting ones by achieving significant higher levels of combined security along with guaranteed output delivery.

show abstract

Impeccable Circuits

Cited by 28 publications

References 39 publications

ARMORY: Fully Automated and Exhaustive Fault Simulation on ARM-M Binaries

ARMORY: Fully Automated and Exhaustive Fault Simulation on ARM-M Binaries

CRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks

My Gadget Just Cares for Me - How NINA Can Prove Security Against Combined Attacks

Contact Info

Product

Resources

About