论文信息 - Sécurisation de programmes assembleur face aux attaques visant les processeurs embarqués. (Security of assembly programs against fault attacks on embedded processors)

Sécurisation de programmes assembleur face aux attaques visant les processeurs embarqués. (Security of assembly programs against fault attacks on embedded processors)

Cette these s'interesse a la securite des programmes embarques face aux attaques par injection de fautes. La proliferation des composants embarques et la simplicite de mise en œuvre des attaques rendent imperieuse l'elaboration de contre-mesures.Un modele de fautes par l'experimentation base sur des attaques par impulsion electromagnetique a ete elabore. Les resultats experimentaux ont montre que les fautes realisees etaient dues a la corruption des transferts sur les bus entre la memoire Flash et le pipeline du processeur. Ces fautes permettent de realiser des remplacements ou des saut d'instructions ainsi que des modifications de donnees chargees depuis la memoire Flash. Le remplacement d'une instruction par une autre bien specifique est tres difficile a controler ; par contre, le saut d'une instruction ciblee a ete observe frequemment, est plus facilement realisable, et permet de nombreuses attaques simples. Une contre-mesure empechant ces attaques par saut d'instruction, en remplacant chaque instruction par une sequence d'instructions, a ete construite et verifiee formellement a l'aide d'outils de model-checking. Cette contre-mesure ne protege cependant pas les chargements de donnees depuis la memoire Flash. Elle peut neanmoins etre combinee avec une autre contre-mesure au niveau assembleur qui realise une detection de fautes. Plusieurs experimentations de ces contre-mesures ont ete realisees, sur des instructions isolees et sur des codes complexes issus d'une implementation de FreeRTOS. La contre-mesure proposee se revele etre un tres bon complement pour cette contre-mesure de detection et permet d'en corriger certains defauts.

Nicolas Moro

[1] Sylvain Guilley,et al. Formally proved security of assembly code against power analysis , 2015, Journal of Cryptographic Engineering.

[2] Sylvain Guilley,et al. Formal Analysis of CRT-RSA Vigilant's Countermeasure Against the BellCoRe Attack: A Pledge for Formal Methods in the Field of Implementation Security , 2014, PPREW'14.

[3] Adi Shamir,et al. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[4] Marc Joye. A Method for Preventing "Skipping" Attacks , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[5] Giovanni Agosta,et al. A code morphing methodology to automate power analysis countermeasures , 2012, DAC Design Automation Conference 2012.

[6] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7] Jean-Sébastien Coron,et al. Fault Attacks and Countermeasures on Vigilant's RSA-CRT Algorithm , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[8] David Schultz,et al. The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.

[9] Claude E. Shannon,et al. Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[10] Jean-Jacques Quisquater,et al. A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[11] Ravishankar K. Iyer,et al. SymPLFIED: Symbolic program-level fault injection and error detection framework , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[12] Jean-Pierre Seifert,et al. A Practical Second-Order Fault Attack against a Real-World Pairing Implementation , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[13] Marc Joye,et al. On Second-Order Differential Power Analysis , 2005, CHES.

[14] Pankaj Rohatgi,et al. Template Attacks , 2002, CHES.

[15] B. Robisson,et al. Local electromagnetic coupling with CMOS integrated circuits , 2011, 2011 8th Workshop on Electromagnetic Compatibility of Integrated Circuits.

[16] Jean-Max Dutertre,et al. Robustness improvement of an SRAM cell against laser-induced fault injection , 2013, 2013 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS).

[17] Ingrid Verbauwhede,et al. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[18] Athanasios Theodore Markettos. Active electromagnetic attacks on secure hardware , 2011 .

[19] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[20] Lejla Batina,et al. Glitch It If You Can: Parameter Search Strategies for Successful Fault Injection , 2013, CARDIS.

[21] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[22] Emmanuelle Encrenaz-Tiphène,et al. Complementary Formal Approaches for Dependability Analysis , 2009, 2009 24th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems.

[23] Emmanuel Prouff,et al. Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[24] Jean-Jacques Quisquater,et al. ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[25] M. Kuhn,et al. The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[26] David Naccache,et al. When Clocks Fail: On Critical Paths and Clock Faults , 2010, CARDIS.

[27] Karine Heydemann,et al. High Level Model of Control Flow Attacks for Smart Card Functional Security , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[28] Karine Heydemann,et al. Experimental evaluation of two software countermeasures against fault attacks , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[29] Christophe Clavier,et al. Secret External Encodings Do Not Prevent Transient Fault Analysis , 2007, CHES.

[30] Joseph Yiu,et al. The definitive guide to the ARM Cortex-M3 , 2007 .

[31] Assia Tria,et al. EM Probes Characterisation for Security Analysis , 2012, Cryptography and Security.

[32] Trevor Mudge,et al. MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[33] Christel Baier,et al. Principles of model checking , 2008 .

[34] Jean-Max Dutertre,et al. A DFA on AES Based on the Entropy of Error Distributions , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[35] Francis Olivier,et al. Electromagnetic Analysis: Concrete Results , 2001, CHES.

[36] Amine Dehbaoui,et al. Incoherence analysis and its application to time domain EM analysis of secure circuits , 2010, 2010 Asia-Pacific International Symposium on Electromagnetic Compatibility.

[37] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[38] Wieland Fischer,et al. Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[39] Jean-Jacques Quisquater,et al. A Practical Implementation of the Timing Attack , 1998, CARDIS.

[40] David Naccache,et al. Fault Round Modification Analysis of the advanced encryption standard , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[41] Karine Heydemann,et al. Formal verification of a software countermeasure against instruction skip attacks , 2013, Journal of Cryptographic Engineering.

[42] Frédéric Valette,et al. Using faults for buffer overflow effects , 2012, SAC '12.

[43] Sylvain Guilley,et al. Fault Injection to Reverse Engineer DES-Like Cryptosystems , 2013, FPS.

[44] B. Robisson,et al. Investigation of timing constraints violation as a fault injection means , 2012 .

[45] Christof Paar,et al. Building a Side Channel Based Disassembler , 2010, Trans. Comput. Sci..

[46] David Naccache,et al. Finding Faults , 2005, IEEE Secur. Priv..

[47] Amine Dehbaoui,et al. Electromagnetic Glitch on the AES Round Counter , 2013, COSADE.

[48] Christophe Clavier,et al. De la sécurité physique des crypto-systèmes embarqués. (On physical security of embedded systems) , 2007 .

[49] Christophe Clavier,et al. Side Channel Analysis for Reverse Engineering (SCARE) - An Improved Attack Against a Secret A3/A8 GSM Algorithm , 2004, IACR Cryptol. ePrint Arch..

[50] Jean-Louis Lanet,et al. Automatic detection of fault attack and countermeasures , 2009, WESS '09.

[51] Karine Heydemann,et al. Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[52] Magnus O. Myreen,et al. A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture , 2010, ITP.

[53] Ross J. Anderson,et al. Optical Fault Induction Attacks , 2002, CHES.

[54] Christophe Giraud,et al. DFA on AES , 2004, AES Conference.

[55] David Vigilant,et al. RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks , 2008, CHES.

[56] Jean-Max Dutertre,et al. Efficiency of a glitch detector against electromagnetic fault injection , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[57] Ingrid Verbauwhede,et al. An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[58] Jean-Pierre Seifert,et al. Simple Photonic Emission Analysis of AES - Photonic Side Channel Analysis for the Rest of Us , 2012, CHES.

[59] Tim Hummel. Exploring Effects of Electromagnetic Fault Injection on a 32-bit High Speed Embedded Device Microprocessor , 2014 .

[60] Guillaume Barbu,et al. Java Card Operand Stack: Fault Attacks, Combined Attacks and Countermeasures , 2011, CARDIS.

[61] Rolf Drechsler,et al. A Basis for Formal Robustness Checking , 2008, 9th International Symposium on Quality Electronic Design (isqed 2008).

[62] Marc Joye,et al. Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[63] Yang Li,et al. Fault Sensitivity Analysis , 2010, CHES.

[64] Quang Huy Nguyen,et al. Industrial Use of Formal Methods for a High-Level Security Evaluation , 2008, FM.

[65] Daniel J. Bernstein,et al. Cache-timing attacks on AES , 2005 .

[66] Sylvain Guilley,et al. A formal proof of countermeasures against fault injection attacks on CRT-RSA , 2013, Journal of Cryptographic Engineering.

[67] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .

[68] David Naccache,et al. Can Code Polymorphism Limit Information Leakage? , 2011, WISTP.

[69] Koen De Bosschere,et al. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[70] Louis Goubin,et al. Formal verification of a CRT-RSA implementation against fault attacks , 2013, Journal of Cryptographic Engineering.

[71] Israel Koren,et al. Workshop on fault diagnosis and tolerance in cryptography , 2004, International Conference on Dependable Systems and Networks, 2004.

[72] David Naccache,et al. Temperature Attacks , 2009, IEEE Security & Privacy.

[73] Sylvain Guilley,et al. Evaluation of Power-Constant Dual-Rail Logic as a Protection of Cryptographic Applications in FPGAs , 2008, 2008 Second International Conference on Secure System Integration and Reliability Improvement.

[74] Thomas S. Messerges,et al. Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[75] Michael Hutter,et al. Optical and EM Fault-Attacks on CRT-based RSA : Concrete Results , 2007 .

[76] D. Anthoine,et al. Références bibliographiques , 1974, Acta Endoscopica.

[77] Bart Preneel,et al. Mutual Information Analysis , 2008, CHES.

[78] Amine Dehbaoui,et al. Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system- , 2012, IACR Cryptol. ePrint Arch..

[79] David Walker,et al. Faulty Logic: Reasoning about Fault Tolerant Programs , 2010, ESOP.

[80] Sergei P. Skorobogatov. Local heating attacks on Flash memory devices , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[81] Emmanuelle Encrenaz-Tiphène,et al. Feasibility analysis for robustness quantification by symbolic model checking , 2011, Formal Methods Syst. Des..

[82] Bruno Robisson,et al. Low-cost recovery for the code integrity protection in secure embedded processors , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[83] Amir Moradi,et al. A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[84] Sylvain Guilley,et al. FIRE: Fault Injection for Reverse Engineering , 2011, WISTP.

[85] Roman Novak,et al. Side-Channel Attack on Substitution Blocks , 2003, ACNS.

[86] Jörn-Marc Schmidt,et al. A Practical Fault Attack on Square and Multiply , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[87] Ingrid Verbauwhede,et al. The Fault Attack Jungle - A Classification Model to Guide You , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[88] Sylvain Guilley,et al. Differential Power Analysis Model and Some Results , 2004, CARDIS.

[89] Richard J. Lipton,et al. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[90] Arjen K. Lenstra,et al. Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[91] Christophe Clavier,et al. Correlation Power Analysis with a Leakage Model , 2004, CHES.

[92] David Naccache,et al. Review of fault injection mechanisms and consequences on countermeasures design , 2011, 2011 6th International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS).

[93] Christophe Giraud,et al. A Survey on Fault Attacks , 2004, CARDIS.

[94] Michael Hutter,et al. The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[95] Christophe Clavier,et al. Reverse Engineering of a Secret AES-like Cipher by Ineffective Fault Analysis , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[96] David Naccache,et al. The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[97] Sylvain Guilley,et al. Overview of Dual rail with Precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors , 2009, 2009 3rd International Conference on Signals, Circuits and Systems (SCS).

[98] Jean-Louis Lanet,et al. Combined Software and Hardware Attacks on the Java Card Control Flow , 2011, CARDIS.

[99] Markus G. Kuhn,et al. Tamper resistance: a cautionary note , 1996 .

[100] Stefan Frehse,et al. Effective Robustness Analysis Using Bounded Model Checking Techniques , 2011, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[101] Dakshi Agrawal,et al. The EM Side-Channel(s) , 2002, CHES.

[102] Michael Tunstall,et al. Round Reduction Using Faults , 2005 .

[103] Sylvain Guilley,et al. WDDL is Protected against Setup Time Violation Attacks , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).