The State of Fault Injection Vulnerability Detection

Fault injection is a well known method to test the robustness and security vulnerabilities of software. Fault injections can be explored by simulations (cheap, but not validated) and hardware experiments (true, but very expensive). Recent simulation works have started to apply formal methods to the detection, analysis, and prevention of fault injection attacks to address verifiability. However, these approaches are ad-hoc and extremely limited in architecture, fault model, and breadth of application. Further, there is very limited connection between simulation results and hardware experiments. Recent work has started to consider broad spectrum simulation approaches that can cover many fault models and relatively large programs. Similarly the connection between these broad spectrum simulations and hardware experiments is being validated to bridge the gap between the two approaches. This presentation highlights the latest developments in applying formal methods to fault injection vulnerability detection, and validating software and hardware results with one another.

[1]  Karine Heydemann,et al.  Formal verification of a software countermeasure against instruction skip attacks , 2013, Journal of Cryptographic Engineering.

[2]  Andrea Höller,et al.  QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks , 2015, 2015 Euromicro Conference on Digital System Design.

[3]  Jean-Louis Lanet,et al.  An Automated Formal Process for Detecting Fault Injection Vulnerabilities in Binaries and Case Study on PRESENT , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[4]  Yang Liu,et al.  Practical Fault Attack on Deep Neural Networks , 2018, CCS.

[5]  Amine Dehbaoui,et al.  Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system- , 2012, IACR Cryptol. ePrint Arch..

[6]  T. May,et al.  A New Physical Mechanism for Soft Errors in Dynamic Memories , 1978, 16th International Reliability Physics Symposium.

[7]  Cécile Canovas,et al.  From Code Review to Fault Injection Attacks: Filling the Gap Using Fault Model Inference , 2015, CARDIS.

[8]  Jessy Clédière,et al.  Nanofocused X-Ray Beam to Reprogram Secure Circuits , 2017, CHES.

[9]  Giorgio Di Natale,et al.  A survey on simulation-based fault injection tools for complex systems , 2014, 2014 9th IEEE International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS).

[10]  Shivam Bhasin,et al.  Fault attacks, injection techniques and tools for simulation , 2015, 2015 10th International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS).

[11]  Ravishankar K. Iyer,et al.  SymPLFIED: Symbolic program-level fault injection and error detection framework , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[12]  Sergei Skorobogatov,et al.  Optical Fault Masking Attacks , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[13]  Alessandro Barenghi,et al.  A fault induction technique based on voltage underfeeding with application to attacks against AES and RSA , 2013, J. Syst. Softw..

[14]  Robert Ecoffet,et al.  In-flight Anomalies on Electronic Devices , 2007 .

[15]  Rui Qiao,et al.  A new approach for rowhammer attacks , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[16]  Michael Hutter,et al.  Optical and EM Fault-Attacks on CRT-based RSA : Concrete Results , 2007 .

[17]  Axel Legay,et al.  An automated and scalable formal process for detecting fault injection vulnerabilities in binaries , 2019, Concurr. Comput. Pract. Exp..

[18]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[19]  Jean-Max Dutertre,et al.  Frontside laser fault injection on cryptosystems - Application to the AES' last round - , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[20]  Bilgiday Yuce,et al.  Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation , 2018, Journal of Hardware and Systems Security.

[21]  Rolf Drechsler,et al.  Resilience evaluation via symbolic fault injection on intermediate code , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[22]  Karine Heydemann,et al.  Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[23]  Sergei P. Skorobogatov Optically Enhanced Position-Locked Power Analysis , 2006, CHES.

[24]  Julien Bringer,et al.  A novel simulation approach for fault injection resistance evaluation on smart cards , 2015, 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW).

[25]  Julien Bringer,et al.  Idea: Embedded Fault Injection Simulator on Smartcard , 2014, ESSoS.

[26]  Nicolas Moro Sécurisation de programmes assembleur face aux attaques visant les processeurs embarqués. (Security of assembly programs against fault attacks on embedded processors) , 2014 .

[27]  Julien Bringer,et al.  Combining High-Level and Low-Level Approaches to Evaluate Software Implementations Robustness Against Multiple Fault Injection Attacks , 2014, FPS.

[28]  Ingrid Verbauwhede,et al.  An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[29]  Keun Soo Yim,et al.  The Rowhammer Attack Injection Methodology , 2016, 2016 IEEE 35th Symposium on Reliable Distributed Systems (SRDS).

[30]  Ingrid Verbauwhede,et al.  The Fault Attack Jungle - A Classification Model to Guide You , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[31]  Marie-Laure Potet,et al.  Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation.

[32]  Shaohui Wang,et al.  Differential Fault Analysis on PRESENT Key Schedule , 2010, 2010 International Conference on Computational Intelligence and Security.

[33]  George Candea,et al.  LFI: A practical and general library-level fault injector , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[34]  Jan Hlavicka,et al.  Fault tolerance evaluation using two software based fault injection methods , 2002, Proceedings of the Eighth IEEE International On-Line Testing Workshop (IOLTW 2002).