Exploring the Interaction Between Device Lifetime Reliability and Security Vulnerabilities

As technology scales, device reliability is becoming a fundamental problem. Even though manufacture test can guarantee product quality, due to various types of wearout and failure modes, permanent faults appear in the filed is becoming an increasingly important and real problem. Such types of wear-out creates permanent faults in devices during their lifetime, but after release to the user. In this paper, we perform a formal investigation of the impact of permanent faults on security, examine empirical evidence, and demonstrate a real attack. Our results show that permanent stuck-at faults may leave security holes in microprocessors. We show that an adversary with knowledge of a fault can launch attacks which can obtain critical secrets such as a private key in 30 seconds.

[1]  Robert H. Deng,et al.  Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults , 1997, Security Protocols Workshop.

[2]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[3]  Onur Mutlu,et al.  Software-Based Online Detection of Hardware Defects Mechanisms, Architectural Support, and Evaluation , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[4]  Amin Ansari,et al.  Shoestring: probabilistic soft error reliability on the cheap , 2010, ASPLOS XV.

[5]  Todd M. Austin,et al.  Fault-based attack of RSA authentication , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[6]  Jean-Jacques Quisquater,et al.  Faults, Injection Methods, and Fault Attacks , 2007, IEEE Design & Test of Computers.

[7]  Subhasish Mitra,et al.  CASP: Concurrent Autonomous Chip Self-Test Using Stored Test Patterns , 2008, 2008 Design, Automation and Test in Europe.

[8]  Jörn-Marc Schmidt,et al.  A Practical Fault Attack on Square and Multiply , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[9]  Albert Meixner,et al.  Argus: Low-Cost, Comprehensive Error Detection in Simple Cores , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  Alessandro Barenghi,et al.  Low voltage fault attacks to AES , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[12]  Gary S. Tyson,et al.  Guaranteeing Hits to Improve the Efficiency of a Small Instruction Cache , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[13]  Sarita V. Adve,et al.  Understanding the propagation of hard errors to software and implications for resilient system design , 2008, ASPLOS.