SYNFI: Pre-Silicon Fault Analysis of an Open-Source Secure Element

Nasahl, Pascal; Oteyza, Miguel Osorio García de; Vogel, Pirmin; Schaffner, Michael; Trippel, Timothy; Rizzo, Dominic; Mangard, Stefan

doi:10.46586/tches.v2022.i4.56-87

Cited by 6 publications

(1 citation statement)

References 10 publications

(11 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When discussing related work, we mention fault simulators that we could not execute. Due to the large number of tools available [2,3,8,[10][11][12][13]15,21,23,25,32], we make a representative selection of simulators available for general-purpose software.…”

Section: Introductionmentioning

confidence: 99%

SoK: Assisted Fault Simulation

Adhikary,

Buhan

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Fault injection attacks have caused implementations to behave unexpectedly, resulting in a spectacular bypass of security features and even the extraction of cryptographic keys. Clearly, developers want to ensure the robustness of the software against faults and eliminate production weaknesses that could lead to exploitation. Several fault simulators have been released that promise cost-effective evaluations against fault attacks. In this paper, we set out to discover how suitable such tools are, for a developer who wishes to create robust software against fault attacks. We found four open-source fault simulators that employ different techniques to navigate faults, which we objectively compare and discuss their benefits and drawbacks. Unfortunately, none of the four open-source fault simulators employ artificial intelligence (AI) techniques. However, AI was successfully applied to improve the fault simulation of cryptographic algorithms, though none of these tools is open source. We suggest improvements to open-source fault simulators inspired by the AI techniques used by cryptographic fault simulators.

show abstract

Section: Introductionmentioning

confidence: 99%

SoK: Assisted Fault Simulation

Adhikary,

Buhan

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Extended version—to be, or not to be stateful: post-quantum secure boot using hash-based signatures

Wagner,

Oberhansl,

Schink

2024

J Cryptogr Eng

View full text Add to dashboard Cite

While research in PQC has gained significant momentum, its adoption in real-world products is slow. This is largely due to concerns about practicability and maturity. The secure boot process of embedded devices is one scenario where such restraints can result in fundamental security problems. In this work, we present a flexible hardware/software co-design for HBS schemes which enables the transition to a post-quantum secure boot today. These signature schemes stand out due to their straightforward security proofs and are on the fast track to standardisation. Unlike previous work, we exploit the performance intensive similarities of the stateful LMS and XMSS schemes as well as the stateless $$\text {SPHINCS}^{+}$$ SPHINCS + scheme. Thus, we enable designers to use a stateful or stateless scheme depending on the constraints of each individual application. To demonstrate the feasibility of our approach, we compare our results with hardware accelerated implementations of classical asymmetric algorithms. Further, we outline the use of different HBS schemes during the boot process. We compare different schemes, show the importance of parameter choices, and demonstrate the performance gain with different levels of hardware acceleration.

show abstract

Fault Attacks on Access Control in Processors: Threat, Formal Analysis and Microarchitectural Mitigation

et al. 2023

View full text Add to dashboard Cite

Process isolation is a key component of the security architecture in any hardware/software system. However, even when implemented correctly and comprehensively at the software (SW) level, process isolation may be compromised by weaknesses of the hardware (HW). Therefore, at the HW level, an exhaustive verification is desirable which provides the needed formal guarantees ensuring the confidentiality and integrity of the microarchitecture. The situation is further exacerbated if the attacker is able to inject faults, a threat requiring additional attention in formal security analysis. In this paper, we consider a threat model where the attacker is able to inject faults and, at the same time, execute user-level programs. We show that this poses a severe security threat even in systems which have been hardened against fault attacks for specific, security-critical system software. For protection against this threat, we present an exhaustive formal verification methodology that provides security guarantees for access control in processors, and demonstrate how such guarantees are sustained in the presence of fault injection. Guaranteeing correct and robust access control is crucial since it is the basis for process isolation in hardware. The proposed approach implicitly models all possible single and multiple bit flips as well as all stuck-at faults. We leverage the results of our formal analysis to augment the system with protection mechanisms that guarantee security w.r.t. the considered threat model. At the example of several open source RISC-V processors, we demonstrate both the scalability of our formal analysis and the efficiency of the generated defenses.INDEX TERMS Access control, computer security, electronic design automation and methodology, formal verification.

show abstract

SYNFI: Pre-Silicon Fault Analysis of an Open-Source Secure Element

Cited by 6 publications

References 10 publications

SoK: Assisted Fault Simulation

SoK: Assisted Fault Simulation

Extended version—to be, or not to be stateful: post-quantum secure boot using hash-based signatures

Fault Attacks on Access Control in Processors: Threat, Formal Analysis and Microarchitectural Mitigation

Contact Info

Product

Resources

About