The Fault Attack Jungle - A Classification Model to Guide You

Verbauwhede, Ingrid; Karaklajic, Dusko; Schmidt, Jörn-Marc

doi:10.1109/fdtc.2011.13

Cited by 54 publications

(48 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The first fault attack against a cryptographic algorithm was presented in 1997 [37]. Since then, fault attacks have been applied against various cryptographic algorithms [174] and became a standard tool to facilitate cryptanalysis. The attack assumptions can be described in detailed fault models, which include the location and the timing of the fault, and the number and kind of faults.…”

Section: Fault Attacksmentioning

confidence: 99%

Why cryptography should not rely on physical attack complexity

Krämer

2016

It - Information Technology

View full text Add to dashboard Cite

Ich versichere an Eides statt, dass ich diese Dissertation selbständig verfasst und nur die angegebenen Quellen und Hilfsmittel verwendet habe. Datum Für meine Eltern AbstractEver since the first side channel attacks and fault attacks on cryptographic devices were introduced in the mid-nineties, new possibilities of physical attacks have been consistently explored. The risk that these attacks pose is reduced by reacting to known attacks and by developing and implementing countermeasures against them. For physical attacks whose theory is known but which have not been conducted yet, however, the situation is different. Attacks whose physical realization is assumed to be very complex are taken less seriously. The trust that these attacks will not be realized due to their physical complexity means that no countermeasures are developed at all. This leads to unprotected devices once the assessment of the complexity turns out to be wrong.This thesis presents two practical physical attacks whose theory is known for several years. Since neither attack has previously been successfully implemented in practice, however, they were not considered a serious threat. Their physical attack complexity has been overestimated and the implied security threat has been underestimated. First, we introduce the photonic side channel, which offers not only temporal resolution, but also the highest possible spatial resolution. Due to the high cost of its first realization, it has not been taken seriously. We show both simple and differential photonic side channel analyses. Then, we present a fault attack against pairing-based cryptography. Due to the need for at least two independent precise faults in a single pairing computation, it has also not been taken seriously. We show how attackers can reveal the secret key of symmetric as well as asymmetric cryptographic algorithms based on these physical attacks. We present countermeasures on the software and the hardware level, which help to prevent these attacks in the future.Based on these two presented attacks, this thesis shows that the assessment of physical attack complexity is error-prone. Hence, cryptography should not rely on it. Cryptographic technologies have to be protected against all physical attacks, have they already been realized or not. The development of countermeasures does not require the successful execution of an attack but can already be carried out as soon as the principle of a side channel or a fault attack is understood.

show abstract

Section: Fault Attacksmentioning

confidence: 99%

Why cryptography should not rely on physical attack complexity

Krämer

2016

It - Information Technology

View full text Add to dashboard Cite

show abstract

“…Countermeasures are necessarily designed with respect to a fault model specifying the type of faults an attacker is able to carry out [27]. Elaborating a fault model requires analysis of the consequences of physical attacks and modeling them at the desired level (architectural level, assembly code level, source code level).…”

Section: Fault Modelsmentioning

confidence: 99%

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

Lalande

Heydemann

Berthomé

2014

Computer Security - ESORICS 2014

View full text Add to dashboard Cite

Abstract. Fault attacks can target smart card programs in order to disrupt an execution and gain an advantage over the data or the embedded functionalities. Among all possible attacks, control flow attacks aim at disrupting the normal execution flow. Identifying harmful control flow attacks as well as designing countermeasures at software level are tedious and tricky for developers. In this paper, we propose a methodology to detect harmful intra-procedural jump attacks at source code level and to automatically inject formally-proven countermeasures. The proposed software countermeasures defeat 100% of attacks that jump over at least two C source code statements or beyond. Experiments show that the resulting code is also hardened against unexpected function calls and jump attacks at assembly level.Keywords: control flow integrity, fault attacks, smart card, source level IntroductionSmart cards or more generally secure elements are essential building blocks for many security-critical applications. They are used for securing host applications and sensitive data such as cryptographic keys, biometric data, pin counters, etc. Malicious users aim to get access to these secrets by performing attacks on the secure elements. Fault attacks consists in disrupting the circuit's behavior by using a laser beam or applying voltage, clock or electromagnetic glitches [5,6,24]. Their goal is to alter the correct progress of the algorithm and, by analyzing the deviation of the corrupted behavior with respect to the original one, to retrieve the secret information [14]. For java card, fault attacks target particular components of the virtual machine [3,4,9].Many protections have therefore been proposed to counteract attacks. Fault detection is generally based on spatial, temporal or information redundancy at hardware or software level. In java card enabled smart cards, software components of the virtual machine can perform security checks [18,20,10].In practice, developers of security-critical applications often manually add countermeasures into an application code. This operation requires knowledge about the target code vulnerabilities. Both these tasks are time-consuming with direct impact on the certification of the product. One harmful consequence of fault attacks is control flow disruption which may bypass some implemented countermeasures. It is difficult for programmers to investigate all possible control flow disruption in order to detect sensitive parts of the code and then investigate how to add countermeasures inside these sensitive parts. Moreover, secure smart cards have strong security requirements that have to be certified by an independent qualified entity before being placed on the market. Certification can rely on a review of source code and the implemented software countermeasures. The effectiveness of software security countermeasures is then guaranteed by the use of a certified compiler [21]. Injecting control flow integrity checks at compile time would require to certify the modified compiler. To avoid this diff...

show abstract

“…Also, they allow a finer study of protections since they are closer to the final code running on the chip and thus to the effect of a physical attack. Protections are designed with respect to a fault model describing a set of effects a fault can have at a certain level of abstraction [13]. For example, two well-known fault models that describe a fault at a logical level are Single Event Upset (SEU) and Multiple Event Upset (MEU).…”

Section: Many Countermeasuresmentioning

confidence: 99%

Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification

Goubet

Heydemann

Encrenaz

et al. 2016

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. This paper presents a formal verification framework and tool that evaluates the robustness of software countermeasures against faultinjection attacks. By modeling reference assembly code and its protected variant as automata, the framework can generate a set of equations for an SMT solver, the solutions of which represent possible attack paths. Using the tool we developed, we evaluated the robustness of state-of-theart countermeasures against fault injection attacks. Based on insights gathered from this evaluation, we analyze any remaining weaknesses and propose applications of these countermeasures that are more robust.

show abstract

The Fault Attack Jungle - A Classification Model to Guide You

Cited by 54 publications

References 48 publications

Why cryptography should not rely on physical attack complexity

Why cryptography should not rely on physical attack complexity

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification

Contact Info

Product

Resources

About