Formalising fault injection and countermeasures

Fault injection is widely used as a method to evaluate the robustness and security of a system against many kinds of faults and attacks. Recent works have considered many ways to demonstrate security risks and viable attacks using fault injection, and some have also proposed countermeasures. However, no general and formal definition of fault injection or countermeasure has been provided that can be used to reason about such attacks. This leaves significant results in this area to be ad-hoc and without broad applicability. This paper presents formal definitions of both fault injection on an arbitrary system and what an effective countermeasure is. These definitions are used to prove that fault injection attacks cannot in general be prevented (by any countermeasure). An example is presented that demonstrates how to construct an effective countermeasure for a specific fault injection that parallels some well known approaches. Further extensions to account for probabilistic behaviour and systems with time are also presented. These definitions and results demonstrate formal proofs about the security and defences of systems in ways that can be used, thus yielding a broadly applicable approach that can formalise fault injections and countermeasures in the future.

[1]  Amine Dehbaoui,et al.  Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system- , 2012, IACR Cryptol. ePrint Arch..

[2]  Christian Steger,et al.  Towards the Hardware Accelerated Defensive Virtual Machine - Type and Bound Protection , 2012, CARDIS.

[3]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[4]  Guillaume Barbu,et al.  Dynamic Fault Injection Countermeasure - A New Conception of Java Card Security , 2012, CARDIS.

[5]  Sylvain Guilley,et al.  Fault Injection Resilience , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[6]  Karine Heydemann,et al.  Formal verification of a software countermeasure against instruction skip attacks , 2013, Journal of Cryptographic Engineering.

[7]  Axel Legay,et al.  An automated and scalable formal process for detecting fault injection vulnerabilities in binaries , 2019, Concurr. Comput. Pract. Exp..

[8]  Armin Hemmerling,et al.  Systeme von Turing-Automaten und Zellularräume auf rahmbaren Pseudomustermengen , 1979, Journal of Information Processing and Cybernetics.

[9]  Rolf Herken,et al.  The universal Turing machine (2nd ed.): a half-century survey , 1995 .

[10]  Alan M. Turing,et al.  Computability and λ-definability , 1937, Journal of Symbolic Logic.

[11]  Karine Heydemann,et al.  Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[12]  Axel Legay,et al.  Combined software and hardware fault injection vulnerability detection , 2020, Innovations in Systems and Software Engineering.

[13]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[14]  Rolf Herken,et al.  The Universal Turing Machine: A Half-Century Survey , 1992 .

[15]  Jean-Louis Lanet,et al.  An Automated Formal Process for Detecting Fault Injection Vulnerabilities in Binaries and Case Study on PRESENT , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[16]  Zhendong Su,et al.  Combining Symbolic Execution and Model Checking for Data Flow Testing , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[17]  Guang R. Gao,et al.  Parallel Turing Machine, a Proposal , 2017, Journal of Computer Science and Technology.

[18]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[19]  Jean-Max Dutertre,et al.  Frontside laser fault injection on cryptosystems - Application to the AES' last round - , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[20]  Richard Edwin Stearns,et al.  Two-Tape Simulation of Multitape Turing Machines , 1966, JACM.

[21]  Keun Soo Yim,et al.  The Rowhammer Attack Injection Methodology , 2016, 2016 IEEE 35th Symposium on Reliable Distributed Systems (SRDS).

[22]  Ingrid Verbauwhede,et al.  The Fault Attack Jungle - A Classification Model to Guide You , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[23]  Marie-Laure Potet,et al.  Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation.

[24]  Shaohui Wang,et al.  Differential Fault Analysis on PRESENT Key Schedule , 2010, 2010 International Conference on Computational Intelligence and Security.

[25]  T. May,et al.  A New Physical Mechanism for Soft Errors in Dynamic Memories , 1978, 16th International Reliability Physics Symposium.

[26]  Sylvain Guilley,et al.  Countermeasures against High-Order Fault-Injection Attacks on CRT-RSA , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[27]  Rui Qiao,et al.  A new approach for rowhammer attacks , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).