scholarly journals Side-channel leakage from sensor-based countermeasures against fault injection attack

2019 ◽  
Vol 90 ◽  
pp. 63-71
Author(s):  
Takeshi Sugawara ◽  
Natsu Shoji ◽  
Kazuo Sakiyama ◽  
Kohei Matsuda ◽  
Noriyuki Miura ◽  
...  
Keyword(s):  
Fault Injection ◽  
Side Channel ◽  
Fault Injection Attack

scholarly journals Bypassing Isolated Execution on RISC-V using Side-Channel-Assisted Fault-Injection and Its Countermeasure

2021 ◽  
pp. 28-68
Author(s):  
Shoei Nashimoto ◽  
Daisuke Suzuki ◽  
Rei Ueno ◽  
Naofumi Homma
Keyword(s):  
Real World ◽  
Fault Injection ◽  
Side Channel ◽  
Proof Of Concept ◽  
Malicious Software ◽  
Memory Protection ◽  
Channel Information ◽  
Execution Environment ◽  
Fault Injection Attack ◽  
Trusted Execution Environment

RISC-V is equipped with physical memory protection (PMP) to prevent malicious software from accessing protected memory regions. PMP provides a trusted execution environment (TEE) that isolates secure and insecure applications. In this study, we propose a side-channel-assisted fault-injection attack to bypass isolation based on PMP. The proposed attack scheme involves extracting successful glitch parameters for fault injection from side-channel information under crossdevice conditions. A proof-of-concept TEE compatible with PMP in RISC-V was implemented, and the feasibility and effectiveness of the proposed attack scheme was validated through experiments in TEEs. The results indicate that an attacker can bypass the isolation of the TEE and read data from the protected memory region In addition, we experimentally demonstrate that the proposed attack applies to a real-world TEE, Keystone. Furthermore, we propose a software-based countermeasure that prevents the proposed attack.

Physical security of deep learning on edge devices: Comprehensive evaluation of fault injection attack vectors

2021 ◽  
Vol 120 ◽  
pp. 114116
Author(s):  
Xiaolu Hou ◽  
Jakub Breier ◽  
Dirmanto Jap ◽  
Lei Ma ◽  
Shivam Bhasin ◽  
...  
Keyword(s):  
Deep Learning ◽  
Comprehensive Evaluation ◽  
Fault Injection ◽  
Physical Security ◽  
Fault Injection Attack

scholarly journals Semi-Automatic Locating of Cryptographic Operations in Side-Channel Traces

2021 ◽  
pp. 345-366
Author(s):  
Jens Trautmann ◽  
Arthur Beckers ◽  
Lennert Wouters ◽  
Stefan Wildermann ◽  
Ingrid Verbauwhede ◽  
...  
Keyword(s):  
Fault Injection ◽  
Side Channel ◽  
Leakage Detection ◽  
Clock Frequency ◽  
Detection Techniques ◽  
Effective Time ◽  
Meta Information ◽  
Software Implementations ◽  
Single Data ◽  
The Time Domain

Locating a cryptographic operation in a side-channel trace, i.e. finding out where it is in the time domain, without having a template, can be a tedious task even for unprotected implementations. The sheer amount of data can be overwhelming. In a simple call to OpenSSL for AES-128 ECB encryption of a single data block, only 0.00028% of the trace relate to the actual AES-128 encryption. The rest is overhead. We introduce the (to our best knowledge) first method to locate a cryptographic operation in a side-channel trace in a largely automated fashion. The method exploits meta information about the cryptographic operation and requires an estimate of its implementation’s execution time.The method lends itself to parallelization and our implementation in a tool greatly benefits from GPU acceleration. The tool can be used offline for trace segmentation and for generating a template which can then be used online in real-time waveformmatching based triggering systems for trace acquisition or fault injection. We evaluate it in six scenarios involving hardware and software implementations of different cryptographic operations executed on diverse platforms. Two of these scenarios cover realistic protocol level use-cases and demonstrate the real-world applicability of our tool in scenarios where classical leakage-detection techniques would not work. The results highlight the usefulness of the tool because it reliably and efficiently automates the task and therefore frees up time of the analyst.The method does not work on traces of implementations protected by effective time randomization countermeasures, e.g. random delays and unstable clock frequency, but is not affected by masking, shuffling and similar countermeasures.

scholarly journals A Countermeasure against DPA on SIMON with an Area-Efficient Structure

Electronics ◽  
2019 ◽  
Vol 8 (2) ◽  
pp. 240 ◽  
Author(s):  
Yuanyuan Zhang ◽  
Ning Wu ◽  
Fang Zhou ◽  
Jinbao Zhang ◽  
Muhammad Yahya
Keyword(s):  
Circuit Design ◽  
Power Analysis ◽  
Fault Injection ◽  
Low Cost ◽  
T Test ◽  
Side Channel ◽  
Cryptographic Algorithms ◽  
Randomization Scheme ◽  
The Cost ◽  
Area Efficient

Differential power analysis (DPA) is an effective side channel attack method, which poses a critical threat to cryptographic algorithms, especially lightweight ciphers such as SIMON. In this paper, we propose an area-efficient countermeasure against DPA on SIMON based on the power randomization. Firstly, we review and analyze the architecture of SIMON algorithm. Secondly, we prove the threat of DPA attack to SIMON by launching actual DPA attack on SIMON 32/64 circuit. Thirdly, a low-cost power randomization scheme is proposed by combining fault injection with double rate technology, and the corresponding circuit design is implemented. To the best of our knowledge, this is the first scheme that applies the combination of fault injection and double rate technology to the DPA-resistance. Finally, the t-test is used to evaluate the security mechanism of the proposed designs with leakage quantification. Our experimental results show that the proposed design implements DPA-resistance of SIMON algorithm at certain overhead the cost of 47.7% LUTs utilization and 39.6% registers consumption. As compared to threshold implementation and bool mask, the proposed scheme has greater advantages in resource consumption.

scholarly journals A Review on Evaluation and Configuration of Fault Injection Attack Instruments to Design Attack Resistant MCU-Based IoT Applications

Electronics ◽  
2020 ◽  
Vol 9 (7) ◽  
pp. 1153
Author(s):  
Zahra Kazemi ◽  
David Hely ◽  
Mahdi Fazeli ◽  
Vincent Beroulle
Keyword(s):  
Fault Injection ◽  
Low Cost ◽  
Security And Privacy ◽  
Production Cycle ◽  
Fault Attacks ◽  
Primary Means ◽  
Level Of Knowledge ◽  
Iot Devices ◽  
Fault Injection Attack ◽  
Evaluation Platform

The Internet-of-Things (IoT) has gained significant importance in all aspects of daily life, and there are many areas of application for it. Despite the rate of expansion and the development of infrastructure, such systems also bring new concerns and challenges. Security and privacy are at the top of the list and must be carefully considered by designers and manufacturers. Not only do the devices need to be protected against software and network-based attacks, but proper attention must also be paid to recently emerging hardware-based attacks. However, low-cost unit software developers are not always sufficiently aware of existing vulnerabilities due to these kinds of attacks. To tackle the issue, various platforms are proposed to enable rapid and easy evaluation against physical attacks. Fault attacks are the noticeable type of physical attacks, in which the normal and secure behavior of the targeted devices is liable to be jeopardized. Indeed, such attacks can cause serious malfunctions in the underlying applications. Various studies have been conducted in other research works related to the different aspects of fault injection. Two of the primary means of fault attacks are clock and voltage fault injection. These attacks can be performed with a moderate level of knowledge, utilizing low-cost facilities to target IoT systems. In this paper, we explore the main parameters of the clock and voltage fault generators. This can help hardware security specialists to develop an open-source platform and to evaluate their design against such attacks. The principal concepts of both methods are studied for this purpose. Thereafter, we conclude our paper with the need for such an evaluation platform in the design and production cycle of embedded systems and IoT devices.

Sign in / Sign up

Export Citation Format

Share Document