Experimental evaluation of two software countermeasures against fault attacks

Injection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection with glitches or electromagnetic pulses could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller. We provide some necessary conditions for an efficient implementation of those countermeasure schemes in practice. We also evaluate their efficiency and highlight their limitations. To the best of our knowledge, no experimental evaluation of the security of such instruction-level countermeasure schemes has been published yet.

[1]  Israel Koren,et al.  Workshop on fault diagnosis and tolerance in cryptography , 2004, International Conference on Dependable Systems and Networks, 2004.

[2]  2014 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2014, Arlington, VA, USA, May 6-7, 2014 , 2014, HOST.

[3]  Jean-Louis Lanet,et al.  Evaluation of Countermeasures Against Fault Attacks on Smart Cards , 2011 .

[4]  Ingrid Verbauwhede,et al.  Hardware Designer's Guide to Fault Attacks , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[5]  Mehdi Baradaran Tahoori,et al.  A-SOFT-AES: Self-adaptive software-implemented fault-tolerance for AES , 2013, 2013 IEEE 19th International On-Line Testing Symposium (IOLTS).

[6]  Georg Sigl,et al.  Comprehensive analysis of software countermeasures against fault attacks , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  Amine Dehbaoui,et al.  Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[8]  Marc Joye A Method for Preventing "Skipping" Attacks , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[9]  David I. August,et al.  SWIFT: software implemented fault tolerance , 2005, International Symposium on Code Generation and Optimization.

[10]  Sergei P. Skorobogatov Local heating attacks on Flash memory devices , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[11]  Jean-Max Dutertre,et al.  Power supply glitch induced faults on FPGA: An in-depth analysis of the injection mechanism , 2013, 2013 IEEE 19th International On-Line Testing Symposium (IOLTS).

[12]  Srivaths Ravi,et al.  Secure embedded processing through hardware-assisted run-time monitoring , 2005, Design, Automation and Test in Europe.

[13]  Alessandro Barenghi,et al.  Countermeasures against fault attacks on software implemented AES: effectiveness and cost , 2010, WESS '10.

[14]  Joseph Yiu,et al.  The definitive guide to the ARM Cortex-M3 , 2007 .

[15]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[16]  Karine Heydemann,et al.  Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[17]  Ingrid Verbauwhede,et al.  An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[18]  B. Robisson,et al.  Local electromagnetic coupling with CMOS integrated circuits , 2011, 2011 8th Workshop on Electromagnetic Compatibility of Integrated Circuits.

[19]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[20]  Karine Heydemann,et al.  Formal verification of a software countermeasure against instruction skip attacks , 2013, Journal of Cryptographic Engineering.

[21]  P. Maurine,et al.  Magnetic microprobe design for EM fault attack , 2013, 2013 International Symposium on Electromagnetic Compatibility.

[22]  Elena Trichina,et al.  Multi Fault Laser Attacks on Protected CRT-RSA , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[23]  Sylvain Guilley,et al.  Security evaluation of different AES implementations against practical setup time violation attacks in FPGAs , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.