High Level Model of Control Flow Attacks for Smart Card Functional Security

Smart card software has to implement software countermeasures to face attacks. Some of these attacks are physical disruptions of chip components that cause a misbehavior in the code execution. A successful functional attack may reveal a secret or grant an undesired authorization. In this paper, we propose to model fault attacks at source level and then simulate these attacks to find out which ones are harmful. After discussing the effects of physical attacks at assembly level and going back to their consequences at source code level, the paper focuses on control flow attacks. Such attacks are good candidates for the proposed model that can be used to exhaustively test the robustness of the attacked program. On the bzip2 software, the paper's results show that up to 21% of the assembly simulated control flow attacks are covered by the C model with 30 times less test cases.

[1]  Marc Renaudin,et al.  High security smartcards , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[2]  Christophe Giraud,et al.  A Survey on Fault Attacks , 2004, CARDIS.

[3]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[4]  Jean-Louis Lanet,et al.  Checking the Paths to Identify Mutant Application on Embedded Systems , 2010, FGIT.

[5]  Sam Weber,et al.  Implementing a High-Assurance Smart-Card OS , 2010, Financial Cryptography.

[6]  中嶋 純子,et al.  Cryptographic Hardware and Embedded Systems (CHES'99)国際会議参加報告 , 1999 .

[7]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[8]  David Naccache,et al.  Experimenting with Faults, Lattices and the DSA , 2005, Public Key Cryptography.

[9]  Jean-Louis Lanet,et al.  SmartCM a smart card fault injection simulator , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[10]  Jean-Louis Lanet,et al.  Automatic detection of fault attack and countermeasures , 2009, WESS '09.

[11]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[12]  Martin Otto,et al.  Fault attacks and countermeasures , 2005 .

[13]  Philippe Teuwen How to Make Smartcards Resistant to Hackers' Lightsabers? , 2009, Foundations for Forgery-Resilient Cryptographic Hardware.

[14]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[15]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[16]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[17]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.

[18]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[19]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.