An RTOS-based Fault Injection Simulator for Embedded Processors

Evaluating embedded systems vulnerability to faults injection attacks has gained importance in recent years due to the rising threats they bring to chips security. The task is particularly important for micro-controllers since they have lower resistance to fault attacks compared to hardware-based cryptosystems. This paper reviews recent embedded fault injection simulators from literature and presents an embedded high-level fault injection mechanism based on a Real-Time Operating System (RTOS). The approach aims to be architecture-independent and portable to 32-bit micro-controllers and embedded processors. The proposed mechanism, primarily targets realistic fault attack scenarios on memory locations, is adapted to timed and event-based fault injection. A Differential Fault Attack (DFA) was mounted on a popular ARM-based micro-controller running FreeRTOS to illustrate the proposed mechanism. The aim is also to bridge the embedded fault injection simulation mechanism efficiently to a computer-based cryptanalysis and to highlight the importance of physically protecting the memory and integrating data-specific countermeasures.

[1]  Elena Trichina,et al.  Multi Fault Laser Attacks on Protected CRT-RSA , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[2]  David Naccache,et al.  Single-bit DFA using multiple-byte laser fault injection , 2010, 2010 IEEE International Conference on Technologies for Homeland Security (HST).

[3]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[4]  Dirmanto Jap,et al.  Testing Feasibility of Back-Side Laser Fault Injection on a Microcontroller , 2015, WESS.

[5]  Thomas Korak,et al.  On the Effects of Clock and Power Supply Tampering on Two Microcontroller Platforms , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[6]  Giorgio Di Natale,et al.  A survey on simulation-based fault injection tools for complex systems , 2014, 2014 9th IEEE International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS).

[7]  Shivam Bhasin,et al.  Fault attacks, injection techniques and tools for simulation , 2015, 2015 10th International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS).

[8]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[9]  L. Sterpone,et al.  A New Partial Reconfiguration-Based Fault-Injection System to Evaluate SEU Effects in SRAM-Based FPGAs , 2007, IEEE Transactions on Nuclear Science.

[10]  Ingrid Verbauwhede,et al.  Hardware Designer's Guide to Fault Attacks , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[11]  Yu-ichi Hayashi,et al.  An Adaptive Multiple-Fault Injection Attack on Microcontrollers and a Countermeasure , 2015, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[12]  Régis Leveugle,et al.  Validation of RTL laser fault injection model with respect to layout information , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[13]  Marc Joye,et al.  Fault Analysis in Cryptography , 2012, Information Security and Cryptography.

[14]  Karine Heydemann,et al.  Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[15]  Giovanni Agosta,et al.  The MEET Approach: Securing Cryptographic Embedded Software Against Side Channel Attacks , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[16]  Karine Heydemann,et al.  Experimental evaluation of two software countermeasures against fault attacks , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[17]  Karine Heydemann,et al.  High Level Model of Control Flow Attacks for Smart Card Functional Security , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[18]  Julien Bringer,et al.  A novel simulation approach for fault injection resistance evaluation on smart cards , 2015, 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW).

[19]  Julien Bringer,et al.  High-Level Simulation for Multiple Fault Injection Evaluation , 2014, DPM/SETOP/QASA.

[20]  Colin O'Flynn,et al.  Fault Injection using Crowbars on Embedded Systems , 2016, IACR Cryptol. ePrint Arch..

[21]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[22]  Nicolas Moro Sécurisation de programmes assembleur face aux attaques visant les processeurs embarqués. (Security of assembly programs against fault attacks on embedded processors) , 2014 .

[23]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[24]  Georg Sigl,et al.  Precise Laser Fault Injections into 90 nm and 45 nm SRAM-cells , 2015, CARDIS.

[25]  Cheng-Wen Wu,et al.  Sequential circuit fault simulation using logic emulation , 1998, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[26]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[27]  Oana Boncalo,et al.  Multi-Level Simulated Fault Injection for Data Dependent Reliability Analysis of RTL Circuit Descriptions , 2016 .

[28]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[29]  Alberto Bosio,et al.  Software testing and software fault injection , 2015, 2015 10th International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS).

[30]  Jakub Breier,et al.  Feeding Two Cats with One Bowl: On Designing a Fault and Side-Channel Resistant Software Encoding Scheme , 2016, CT-RSA.

[31]  W. V. Eck Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? , 1996 .

[32]  David Naccache,et al.  How to flip a bit? , 2010, 2010 IEEE 16th International On-Line Testing Symposium.

[33]  Karine Heydemann,et al.  Software Countermeasures for Control Flow Integrity of Smart Card C Codes , 2014, ESORICS.

[34]  Marc F. Witteman,et al.  Controlling PC on ARM Using Fault Injection , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[35]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.