Improving Fault Attacks on Embedded Software Using RISC Pipeline Characterization

  title={Improving Fault Attacks on Embedded Software Using RISC Pipeline Characterization},
  author={Bilgiday Yuce and Nahid Farhady Ghalaty and Patrick Schaumont},
  journal={2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)},
A fault attack becomes more efficient when the fault behavior, the response of a device to a fault injection, is precisely understood. [] Key Result Our results are useful for embedded software designers who have a need to understand the fault attack sensitivity of their implementation, as well as for security engineers who are in charge of improving countermeasures, in hardware or in software, against fault attacks.

Analyzing the Fault Injection Sensitivity of Secure Embedded Software

This work introduces the microprocessor fault sensitivity model to systematically capture the fault response of a microprocessor pipeline and proposes Microarchitecture-Aware Fault Injection Attack (MAFIA), which can be used to break known software countermeasures against fault injection.

Software Fault Resistance is Futile: Effective Single-Glitch Attacks

This work breaks the security of state-of-the-art instruction-level countermeasures by injecting single clock glitches with a low-cost fault injection setup.

Controlling PC on ARM Using Fault Injection

This paper introduces an ARM specific fault injection attack strategy for exploiting embedded systems where externally controlled data is loaded in the program counter (PC) register of the processor, which allows an attacker to control the target's execution flow which eventually will lead to arbitrary code execution on the target.

Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation

This article is a review on hardware-based fault attacks on software, with emphasis on the context of embedded systems, and presents a detailed discussion of the anatomy of a fault attack, and a review of fault attack evaluation techniques.

FAME: Fault-attack Aware Microprocessor Extensions for Hardware Fault Detection and Software Fault Response

The proposed FAME, a low-cost and flexible approach to defend embedded software against fault attacks, offers a combination of fault detection in hardware and fault response in software, and requires much lower overhead than traditional countermeasure techniques in software or hardware.

A Secure Exception Mode for Fault-Attack-Resistant Processing

In this understanding, this is the first proof-in-silicon processor to offer a comprehensive secure exception mode against fault-injection attacks and is able to detect and respond to setup-time violation attacks.

VPsec: countering fault attacks in general purpose microprocessors with value prediction

VPsec augments the original value prediction embodiment with fault detection logic and reaction logic to mitigate fault attacks to both the datapath and the value predictor itself, and defines a new mode of execution in which the predicted value is trusted rather than the produced value.

Linked Fault Analysis

This paper introduces a new fault analysis technique called “linked fault analysis” (LFA), which can be viewed as a more powerful version of well-known fault attacks against implementations of symmetric primitives in various circumstances, especially software implementations.

Improving Performance and Mitigating Fault Attacks Using Value Prediction

The evaluation of VPsec demonstrates its efficacy in countering fault attacks, as well as its ability to retain the performance benefits of VP on cryptographic workloads and non-cryptographic workloads, such as SPEC CPU 2006/2017.

A study on analyzing side-channel resistant encoding schemes with respect to fault attacks

This work analyzes three different software encoding schemes with respect to fault injection attacks and shows that implementations based on table lookup operations provide reasonable security margin and thwart fault propagation.



An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs

This work thoroughly analyse how clock glitches affect a commercial low-cost processor by performing a large number of experiments on five devices, and explains how typical fault attacks can be mounted on this device, and describes a new attack for which the fault injection is easy and the cryptanalysis trivial.

Hardware Designer's Guide to Fault Attacks

An insight into the field of fault attacks and countermeasures to help the designer to protect the design against this type of implementation attacks and a guide for selecting a set of countermeasures, which provides a sufficient security level to meet the constraints of the embedded devices.

Differential Fault Intensity Analysis

Differential Fault Intensity Analysis is introduced, which combines the principles of Differential Power Analysis and fault injection and finds that with an average of 7 fault injections, it can reconstruct a full 128-bit AES key.

Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller

The aim of this paper is providing a more in-depth study of the effects of electromagnetic glitch fault injection on a state-of-the-art micro controller and building an associated register-transfer level fault model.

Fault Sensitivity Analysis

It is shown that WDDL-AES is not perfectly secure against setup-time violation attacks, and a masking technique is discussed as a potential countermeasure against the proposed fault-based attack.

An on-chip glitchy-clock generator for testing fault injection attacks

This paper presents a glitchy-clock generator integrated in FPGA for evaluating fault injection attacks and their countermeasures on cryptographic modules, and shows that the timing of the glitches can be controlled at the step of about 0.17 ns.

Low Voltage Fault Attacks on the RSA Cryptosystem

A non-invasive fault model based on the effects of underfeeding the power supply of an ARM general purpose CPU is described and proposed and mount attacks on implementations of the RSA primitives.

On the Effects of Clock and Power Supply Tampering on Two Microcontroller Platforms

An in-depth analysis of the vulnerability of two different microcontroller platforms on clock and supply voltage tampering, showing that the fetch stage and the execution stage of the instruction pipeline are mainly affected by clock glitches, leading to skipped or duplicated execution or faulty calculation results.

ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research

This paper introduces a complete side channel analysis toolbox, inclusive of the analog capture hardware, target device, capture software, and analysis software, which uses a synchronous capture method to reduce the required sample rate, while also reducing the data storage requirement, and improving synchronization of traces.

Fault Sensitivity Analysis at Design Time

This chapter provides an introduction to the Fault Sensitivity Analysis (FSA) attack technique, together with a design time evaluation of it on two different AES S-Boxes designs, and delineates two different approaches, one based on an a-priori modeling of it, while the other exploits a-posteriori strategy.