Laser Profiling for the Back-Side Fault Attacks

Breier, Jakub; Jap, Dirmanto; Chen, Chien-Ning

doi:10.1145/2732198.2732206

Cited by 33 publications

(15 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…AES Attack by Breier et al [10] Performed experiments in this work show that a micro-controller running an AES algorithm is vulnerable to laser fault injection at the back side of the chip. The attack is described below.…”

Section: Laser Fault Attack Benchmarksmentioning

confidence: 80%

“…The sigmoid equation is shown in (10). Attackers can make the neural networks predict wrongly by skipping the negation instruction in the exponent function of the sigmoid function.…”

Section: Laser Fault Attack Benchmarksmentioning

confidence: 99%

“…This is due to its high precision, timing accuracy and repeatability [11] [29]. Cryptographic algorithms proved to be mathematically secure, such as AES, can leak secret keys in the presence of laser irradiation, which allows the attackers to have access to conidential information, by, for example, skipping an instruction or directly injecting faults into intermediate data [10] [32] [33]. Neural networks, increasingly used in safety-critical applications, running on an embedded system have also been shown to be vulnerable to laser attacks, leading to incorrect predictions when the system is being attacked [9].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Laser attack benchmark suite

Amornpaisannon

Diavastos

Peh

et al. 2020

Proceedings of the 39th International Conference on Computer-Aided Design

View full text Add to dashboard Cite

Section: Laser Fault Attack Benchmarksmentioning

confidence: 80%

“…The sigmoid equation is shown in (10). Attackers can make the neural networks predict wrongly by skipping the negation instruction in the exponent function of the sigmoid function.…”

Section: Laser Fault Attack Benchmarksmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Laser attack benchmark suite

Amornpaisannon

Diavastos

Peh

et al. 2020

Proceedings of the 39th International Conference on Computer-Aided Design

View full text Add to dashboard Cite

“…. , p 7 ] gets reduced to an one byte value p ′ by xor-ing the individual address bytes as shown in Equation 6.…”

Section: The Linking Approachmentioning

confidence: 99%

“…Here, the attacker modifies the state of a computing device by, e.g., inducing glitches on the voltage supply or the clock signal [2] or by shooting with a laser on the chip [30]. Such a fault attack is capable of skipping instructions [6], redirecting the memory access [9], or flipping bits in registers or memory leading to a critical attack vector [11]. While this type of attack requires local access to the device to induce a fault, more advanced attacks can even induce faults remotely.…”

Section: Introductionmentioning

confidence: 99%

Pointing in the Right Direction - Securing Memory Accesses in a Faulty World

Schilling

Werner

Nasahl

et al. 2018

Proceedings of the 34th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Reading and writing memory are, besides computation, the most common operations a processor performs. The correctness of these operations is therefore essential for the proper execution of any program. However, as soon as fault attacks are considered, assuming that the hardware performs its memory operations as instructed is not valid anymore. In particular, attackers may induce faults with the goal of reading or writing incorrectly addressed memory, which can have various critical safety and security implications.In this work, we present a solution to this problem and propose a new method for protecting every memory access inside a program against address tampering. The countermeasure comprises two building blocks. First, every pointer inside the program is redundantly encoded using a multi-residue error detection code. The redundancy information is stored in the unused upper bits of the pointer with zero overhead in terms of storage. Second, load and store instructions are extended to link data with the corresponding encoded address from the pointer. Wrong memory accesses subsequently infect the data value allowing the software to detect the error.For evaluation purposes, we implemented our countermeasure into a RISC-V processor, tested it on a FPGA development board, and evaluated the induced overhead. Furthermore, a LLVM-based C compiler has been modified to automatically encode all data pointers, to perform encoded pointer arithmetic, and to emit the extended load/store instructions with linking support. Our evaluations show that the countermeasure induces an average overhead of 10 % in terms of code size and 7 % regarding runtime, which makes it suitable for practical adoption. CCS CONCEPTS• Security and privacy → Tamper-proof and tamper-resistant designs; Embedded systems security; KEYWORDS fault attacks, countermeasure, memory access, pointer protection

show abstract

An In-Depth and Black-Box Characterization of the Effects of Laser Pulses on ATmega328P

Kumar

Beckers

Balasch

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Laser fault injection is a complex, physical process with many parameters that influence the success of the injection. Some parameters are difficult to control. While many works have established that focused laser light can inject seemingly random faults in electronic devices such as microcontrollers, FPGAs and ASICs, only few works explain precisely why a specific fault can be observed. We narrow this gap and characterize in detail the effects of laser pulses on an 8-bit microcontroller in a black-box fashion, with access to only public documentation. With our setup and settings we can inject faults only in the read-out circuitry for the on-chip flash memory. As result of our analysis we are able to inject bit-reset faults in individual bits of opcodes and data words stored in flash with 100% accuracy and repeatability. This allows us to easily demonstrate well known attacks on cryptographic software, e.g. manipulation of a block cipher implementation's number of rounds. At the same time our study informs the targeted development of countermeasures.

show abstract

Laser Profiling for the Back-Side Fault Attacks

Cited by 33 publications

References 9 publications

Laser attack benchmark suite

Laser attack benchmark suite

Pointing in the Right Direction - Securing Memory Accesses in a Faulty World

An In-Depth and Black-Box Characterization of the Effects of Laser Pulses on ATmega328P

Contact Info

Product

Resources

About