scholarly journals Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code

2018 ◽  
pp. 96-122 ◽  
Author(s):  
Jakub Breier ◽  
Xiaolu Hou ◽  
Yang Liu
Keyword(s):  
Fault Injection ◽  
Fault Analysis ◽  
Data Flow Graph ◽  
Assembly Code ◽  
The Past ◽  
Injection Attacks ◽  
Differential Fault Analysis ◽  
Software Implementations ◽  
Fault Injection Attack ◽  
Fault Injection Attacks

Over the past decades, fault injection attacks have been extensively studied due to their capability to efficiently break cryptographic implementations. Fault injection attack models are normally determined by analyzing the cipher structure and finding exploitable spots in non-linear and permutation layers. However, this level of abstraction is often too high to distinguish vulnerable parts of software implementations, due to specific operations and optimizations. On the other hand, manually analyzing the assembly code requires non-negligible amount of time and expertise. In this paper, we propose an automated approach for analyzing cipher implementations in assembly. We represent the whole assembly program as a data flow graph so that the vulnerable spots can be found efficiently. Fault propagation is analyzed in a subgraph constructed from each vulnerable spot, allowing equations for Differential Fault Analysis (DFA) to be automatically generated. We have created a tool that implements our approach: DATAC – DFA Automation Tool for Assembly Code. We have successfully used this tool for attacking PRESENT- 80, being able to find implementation-specific vulnerabilities that can be exploited in order to recover the last round key with 16 faults. Our results show that DATAC is useful in finding attack spots that are not visible from the cipher structure, but can be easily exploited when dealing with real-world implementations.

scholarly journals Blind Cartography for Side Channel Attacks: Cross-Correlation Cartography

2012 ◽  
Vol 2012 ◽  
pp. 1-9 ◽  
Author(s):  
Laurent Sauvage ◽  
Sylvain Guilley ◽  
Florent Flament ◽  
Jean-Luc Danger ◽  
Yves Mathieu
Keyword(s):  
Correlation Analysis ◽  
Cross Correlation ◽  
Fault Injection ◽  
Near Field ◽  
Side Channel ◽  
Side Channel Attacks ◽  
The Past ◽  
Injection Attacks ◽  
Areas Of Interest ◽  
Fault Injection Attacks

Side channel and fault injection attacks are major threats to cryptographic applications of embedded systems. Best performances for these attacks are achieved by focusing sensors or injectors on the sensible parts of the application, by means of dedicated methods to localise them. Few methods have been proposed in the past, and all of them aim at pinpointing the cryptoprocessor. However it could be interesting to exploit the activity of other parts of the application, in order to increase the attack's efficiency or to bypass its countermeasures. In this paper, we present a localisation method based on cross-correlation, which issues a list of areas of interest within the attacked device. It realizes an exhaustive analysis, since it may localise any module of the device, and not only those which perform cryptographic operations. Moreover, it also does not require a preliminary knowledge about the implementation, whereas some previous cartography methods require that the attacker could choose the cryptoprocessor inputs, which is not always possible. The method is experimentally validated using observations of the electromagnetic near field distribution over a Xilinx Virtex 5 FPGA. The matching between areas of interest and the application layout in the FPGA floorplan is confirmed by correlation analysis.

QuadSeal: Quadruple Balancing to Mitigate Power Analysis Attacks with Variability Effects and Electromagnetic Fault Injection Attacks

2021 ◽  
Vol 26 (5) ◽  
pp. 1-36
Author(s):  
Darshana Jayasinghe ◽  
Aleksandar Ignjatovic ◽  
Roshan Ragel ◽  
Jude Angelo Ambrose ◽  
Sri Parameswaran
Keyword(s):  
Power Analysis ◽  
Fault Injection ◽  
Side Channel ◽  
Aging Effects ◽  
Side Channel Attacks ◽  
Power Analysis Attacks ◽  
Injection Attacks ◽  
Differential Fault Analysis ◽  
Secret Keys ◽  
Fault Injection Attacks

Side channel analysis attacks employ the emanated side channel information to deduce the secret keys from cryptographic implementations by analyzing the power traces during execution or scrutinizing faulty outputs. To be effective, a countermeasure must remove or conceal as many as possible side channels. However, many of the countermeasures against side channel attacks are applied independently. In this article, the authors present a novel countermeasure (referred to as QuadSeal ) against Power Analysis Attacks and Electromagentic Fault Injection Attacks (FIAs), which is an extension of the work proposed in Reference [27]. The proposed solution relies on algorithmically balancing both Hamming distances and Hamming weights (where the bit transitions on the registers and gates are balanced, and the total number of 1s and 0s are balanced) by the use of four identical circuits with differing inputs and modified SubByte tables. By randomly rotating the four encryptions, the system is protected against variations, path imbalances, and aging effects. After generating the ciphertext, the output of each circuit is compared against each other to detect any fault injections or to correct the faulty ciphertext to gain reliability. The proposed countermeasure allows components to be switched off to save power or to run four executions in parallel for high performance when resistance against power analysis attacks is not of high priority, which is not available with the existing countermeasures (except software based where source code can be changed). The proposed countermeasure is implemented for Advanced Encryption Standard (AES) and tested against Correlation Power Analysis and Mutual Information Attacks attacks (for up to a million traces), and none of the secret keys was found even after one million power traces (the unprotected AES circuit is vulnerable for power analysis attacks within 5,000 power traces). A detection circuit (referred to as C-FIA circuit) is operated using the algorithmic redundancy presented in four circuits of QuadSeal to mitigate Electromagnetic Fault Injection Attacks. Using Synopsys PrimeTime, we measured the power dissipation of QuadSeal registers and XOR gates to test the effectiveness of Quadruple balancing methodology. We tested the QuadSeal countermeasure with C-FIA circuit against Differential Fault Analysis Attacks up to one million traces; no bytes of the secret key were found. This is the smallest known circuit that is capable of withstanding power-based side channel attacks when electromagnetic injection attack resistance, process variations, path imbalances, and aging effects are considered.

scholarly journals A Secure Architecture for Modular Division over a Prime Field against Fault Injection Attacks

2020 ◽  
Vol 10 (5) ◽  
pp. 1700
Author(s):  
Xiaoting Hu ◽  
Zhongping Qin
Keyword(s):  
Error Detection ◽  
Fault Injection ◽  
Processing Element ◽  
Main Function ◽  
Prime Field ◽  
Injection Attacks ◽  
Fault Injection Attack ◽  
Fault Injection Attacks ◽  
Detection Schemes ◽  
Secure Architecture

Fault injection attacks pose a serious threat to many cryptographic devices. The security of most cryptographic devices hinges on a key block called modular division (MD) over a prime field. Although a lot of research has been done to implement the MD over a prime field in hardware efficiently, studies on secure architecture against fault injection attack are very few. A few of the studies that focused on secure architecture against fault injection attack can only detect faults but not locate faults. In this regard, this paper designs a novel secure architecture for the MD over a prime field, which can not only detect faults, but also can locate the error processing element. In order to seek the best optimal performance, four word-oriented systolic structures of a main function module (MFM) were designed, and three error detection schemes were developed based on different linear arithmetic codes (LACs). The MFM structures were combined flexibly with the error detection schemes. The time and area overheads of our architecture were analyzed through the implementation in an application-specific integrated circuit (ASIC), while the error detection and location capabilities of our architecture were demonstrated by C++ simulation, in comparison to two existing methods. The results show that our architecture can detect single-bit error (SBE) with 100% accuracy and locate the erroneous processing element (PE), and correctly identify most of the single PE errors and almost all of the multi-PE errors (when there are more than three erroneous PEs). The only weakness of our architecture is the relatively high time and area overhead ratios.

scholarly journals Novel Fault Injection Attack without Artificial Trigger

2020 ◽  
Vol 10 (11) ◽  
pp. 3849
Author(s):  
HanSeop Lim ◽  
JongHyeok Lee ◽  
Dong-Guk Han
Keyword(s):  
Power Analysis ◽  
Fault Injection ◽  
Electromagnetic Emission ◽  
Injection System ◽  
Injection Time ◽  
Secret Key ◽  
Injection Attacks ◽  
Input Signals ◽  
Fault Injection Attack ◽  
Fault Injection Attacks

Theoretical process of fault injection attacks is defined as a process of recovering a secret key assuming that an attacker can inject faults into a specific targeted operation. Therefore, an artificial triggering is required to execute such an attack. However, when conducting analysis on real devices, artificial triggering needs to rely on a powerful assumption, such as manipulation of internal codes. In this paper, we propose a novel fault injection system using Input/Output (I/O) signals of target devices as a trigger for relaxing an attacker assumption. This system does not require an implementation of artificial triggering as input signals are used as a trigger in transmission of plaintexts for fault injection attacks. As a result, the attacker can perform fault injection attacks concerning the entire encryption process. To decide the fault injection time based on the trigger, the proposed system applies simple power analysis (SPA), employing electromagnetic emission of target devices. Considering that the fault injection time identified by SPA can be relatively vague compared with that obtained using a system based on an artificial triggering, we address this problem by proposing a process to recover the secret key without knowing the byte index of an injected fault.

scholarly journals Private circuits II versus fault injection attacks

2015 ◽  
Author(s):  
Henitsoa Rakotomalala ◽  
Xuan Thuy Ngo ◽  
Zakaria Najm ◽  
Jean-Luc Danger ◽  
Sylvain Guilley
Keyword(s):  
Fault Injection ◽  
Injection Attacks ◽  
Fault Injection Attacks
Sign in / Sign up

Export Citation Format

Share Document