FISSC: A Fault Injection and Simulation Secure Collection

Applications in secure components (such as smartcards, mobile phones or secure dongles) must be hardened against fault injection to guarantee security even in the presence of a malicious fault. Crafting applications robust against fault injection is an open problem for all actors of the secure application development life cycle, which prompted the development of many simulation tools. A major difficulty for these tools is the absence of representative codes, criteria and metrics to evaluate or compare obtained results. We present FISSC, the first public code collection dedicated to the analysis of code robustness against fault injection attacks. FISSC provides a framework of various robust code implementations and an approach for comparing tools based on predefined attack scenarios.

[1]  Julien Bringer,et al.  Idea: Embedded Fault Injection Simulator on Smartcard , 2014, ESSoS.

[2]  Marie-Laure Potet,et al.  Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation.

[3]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[4]  Jasper G. J. van Woudenberg,et al.  Practical Optical Fault Injection on Secure Microcontrollers , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[5]  Jean-Louis Lanet,et al.  SmartCM a smart card fault injection simulator , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[6]  Jean-Louis Lanet,et al.  Evaluation of Countermeasures Against Fault Attacks on Smart Cards , 2011 .

[7]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[8]  Cécile Canovas,et al.  From Code Review to Fault Injection Attacks: Filling the Gap Using Fault Model Inference , 2015, CARDIS.

[9]  Andrea Höller,et al.  QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks , 2015, 2015 Euromicro Conference on Digital System Design.

[10]  Karine Heydemann,et al.  High Level Model of Control Flow Attacks for Smart Card Functional Security , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[11]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[12]  Ravishankar K. Iyer,et al.  Discovering Application-Level Insider Attacks Using Symbolic Execution , 2009, SEC.

[13]  Karine Heydemann,et al.  Software Countermeasures for Control Flow Integrity of Smart Card C Codes , 2014, ESORICS.

[14]  David Walker,et al.  Faulty Logic: Reasoning about Fault Tolerant Programs , 2010, ESOP.

[15]  Guillaume Barbu,et al.  Attacks on Java Card 3.0 Combining Fault and Logical Attacks , 2010, CARDIS.

[16]  Karine Heydemann,et al.  Formal verification of a software countermeasure against instruction skip attacks , 2013, Journal of Cryptographic Engineering.