Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation

Embedded software is developed under the assumption that hardware execution is always correct. Fault attacks break and exploit that assumption. Through the careful introduction of targeted faults, an adversary modifies the control flow or data flow integrity of software. The modified program execution is then analyzed and used as a source of information leakage, or as a mechanism for privilege escalation. Due to the increasing complexity of modern embedded systems, and due to the difficulty of guaranteeing correct hardware execution even under a weak adversary, fault attacks are a growing threat. For example, the assumption that an adversary has to be close to the physical execution of software, in order to inject an exploitable fault into hardware, has repeatedly been shown to be incorrect. This article is a review on hardware-based fault attacks on software, with emphasis on the context of embedded systems. We present a detailed discussion of the anatomy of a fault attack, and we make a review of fault attack evaluation techniques. The paper emphasizes the perspective from the attacker, rather than the perspective of countermeasure development. However, we emphasize that improvements to countermeasures often build on insight into the attacks.

[1]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[2]  Yanick Fratantonio,et al.  Drammer: Deterministic Rowhammer Attacks on Mobile Platforms , 2016, CCS.

[3]  Zhizhang Chen,et al.  ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research , 2014, COSADE.

[4]  David Naccache,et al.  Fault Round Modification Analysis of the advanced encryption standard , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[5]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[6]  Thomas Eisenbarth,et al.  Implementation Attacks on Post-Quantum Cryptographic Schemes , 2015, IACR Cryptol. ePrint Arch..

[7]  Christophe Clavier,et al.  Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis , 2007, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[8]  Jie Zhang,et al.  DERA: Yet another differential fault attack on cryptographic devices based on error rate analysis , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[9]  Debdeep Mukhopadhyay,et al.  Differential fault analysis of AES: towards reaching its limits , 2013, Journal of Cryptographic Engineering.

[10]  Assia Tria,et al.  Combining Image Processing and Laser Fault Injections for Characterizing a Hardware AES , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[11]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[12]  Karine Heydemann,et al.  Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[13]  Michael Tunstall,et al.  Round Reduction Using Faults , 2005 .

[14]  Dan Boneh,et al.  Attacking an Obfuscated Cipher by Injecting Faults , 2002, Digital Rights Management Workshop.

[15]  Johannes Obermaier,et al.  Shedding too much Light on a Microcontroller's Firmware Protection , 2017, WOOT.

[16]  Sylvain Guilley,et al.  Silicon-level Solutions to Counteract Passive and Active Attacks , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[17]  Christophe Clavier,et al.  Reverse Engineering of a Secret AES-like Cipher by Ineffective Fault Analysis , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[18]  Sergei P. Skorobogatov Optically Enhanced Position-Locked Power Analysis , 2006, CHES.

[19]  I. Koren,et al.  Fault Diagnosis and Tolerance in Cryptography , 2006 .

[20]  Benoit Feix,et al.  Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[21]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[22]  Salvatore J. Stolfo,et al.  CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management , 2017, USENIX Security Symposium.

[23]  Bilgiday Yuce,et al.  A Systematic Approach to Fault Attack Resistant Design , 2017 .

[24]  Michael Hutter,et al.  Optical and EM Fault-Attacks on CRT-based RSA : Concrete Results , 2007 .

[25]  Michael Hutter,et al.  The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[26]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[27]  Herbert Bos,et al.  Flip Feng Shui: Hammering a Needle in the Software Stack , 2016, USENIX Security Symposium.

[28]  Alexandre Venelli,et al.  Combined Fault and Side-Channel Attacks on the AES Key Schedule , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[29]  Yu-ichi Hayashi,et al.  Buffer overflow attack with multiple fault injection and a proven countermeasure , 2017, Journal of Cryptographic Engineering.

[30]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[31]  Yuan Yao,et al.  Fault-assisted side-channel analysis of masked implementations , 2018, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[32]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[33]  Frank Piessens,et al.  Software security: Vulnerabilities and countermeasures for two attacker models , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[34]  Roberto Maria Avanzi,et al.  Combined Implementation Attack Resistant Exponentiation , 2010, LATINCRYPT.

[35]  Denis Réal,et al.  Fault Attack on Elliptic Curve Montgomery Ladder Implementation , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[36]  Jessy Clédière,et al.  Nanofocused X-Ray Beam to Reprogram Secure Circuits , 2017, CHES.

[37]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[38]  Amine Dehbaoui,et al.  Electromagnetic Glitch on the AES Round Counter , 2013, COSADE.

[39]  Debdeep Mukhopadhyay,et al.  Formal fault analysis of branch predictors: attacking countermeasures of asymmetric key ciphers , 2017, Journal of Cryptographic Engineering.

[40]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[41]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[42]  Nahid Farhady Ghalaty,et al.  Differential Fault Intensity Analysis , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[43]  Adi Shamir,et al.  Fault Analysis of Stream Ciphers , 2004, CHES.

[44]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[45]  Michael Hamburg,et al.  Meltdown , 2018, meltdownattack.com.

[46]  Régis Leveugle,et al.  Electromagnetic analysis and fault injection onto secure circuits , 2014, 2014 22nd International Conference on Very Large Scale Integration (VLSI-SoC).

[47]  Onur Mutlu,et al.  Vulnerabilities in MLC NAND Flash Memory Programming: Experimental Analysis, Exploits, and Mitigation Techniques , 2017, 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[48]  Andrew W. Appel,et al.  Using memory errors to attack a virtual machine , 2003, 2003 Symposium on Security and Privacy, 2003..

[49]  Mitsugu Iwamoto,et al.  Information-Theoretic Approach to Optimal Differential Fault Analysis , 2012, IEEE Transactions on Information Forensics and Security.

[50]  Ingrid Verbauwhede,et al.  An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[51]  Guillaume Barbu,et al.  Attacks on Java Card 3.0 Combining Fault and Logical Attacks , 2010, CARDIS.

[52]  Assia Tria,et al.  Adjusting Laser Injections for Fully Controlled Faults , 2014, COSADE.

[53]  Sylvain Guilley,et al.  Fault Injection to Reverse Engineer DES-Like Cryptosystems , 2013, FPS.

[54]  B. Robisson,et al.  Investigation of timing constraints violation as a fault injection means , 2012 .

[55]  Patrick Schaumont,et al.  State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[56]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[57]  Ingrid Verbauwhede,et al.  A systematic M safe-error detection in hardware implementations of cryptographic algorithms , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[58]  Thomas Roche,et al.  Combined Fault and Side-Channel Attack on Protected Implementations of AES , 2011, CARDIS.

[59]  Rajesh Velegalati,et al.  Electro Magnetic Fault Injection in Practice , 2013 .

[60]  Nahid Farhady Ghalaty,et al.  Improving Fault Attacks on Embedded Software Using RISC Pipeline Characterization , 2015, 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[61]  Adrian Thillard,et al.  Fault Attacks on AES with Faulty Ciphertexts Only , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[62]  Jean-Luc Danger,et al.  High precision fault injections on the instruction cache of ARMv7-M architectures , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[63]  Marc F. Witteman,et al.  Controlling PC on ARM Using Fault Injection , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[64]  Adèle Morisset,et al.  Laser-Induced Fault Injection on Smartphone Bypassing the Secure Boot , 2017, 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[65]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[66]  Niek Timmers,et al.  Escalating Privileges in Linux Using Voltage Fault Injection , 2017, 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[67]  Filippo Melzani,et al.  The role of the fault model in DFA against AES , 2014, HASP@ISCA.

[68]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[69]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[70]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[71]  Martin Otto,et al.  Fault attacks and countermeasures , 2005 .

[72]  Nikolas Ioannou,et al.  From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacks , 2017, WOOT.

[73]  Moti Yung,et al.  Observability Analysis - Detecting When Improved Cryptosystems Fail , 2002, CT-RSA.

[74]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[75]  Nahid Farhady Ghalaty,et al.  FAME: Fault-attack Aware Microprocessor Extensions for Hardware Fault Detection and Software Fault Response , 2016, HASP 2016.

[76]  Marie-Laure Potet,et al.  Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation.

[77]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[78]  Thomas Korak,et al.  On the Effects of Clock and Power Supply Tampering on Two Microcontroller Platforms , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[79]  Lejla Batina,et al.  Clock Glitch Attacks in the Presence of Heating , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[80]  Ingrid Verbauwhede,et al.  Hardware Designer's Guide to Fault Attacks , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[81]  Marc Joye,et al.  Fault Analysis in Cryptography , 2012, Information Security and Cryptography.

[82]  Eric Vétillard,et al.  Combined Attacks and Countermeasures , 2010, CARDIS.

[83]  François-Xavier Standaert,et al.  Masking vs. multiparty computation: how large is the gap for AES? , 2013, Journal of Cryptographic Engineering.

[84]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[85]  Yang Li,et al.  New Fault-Based Side-Channel Attack Using Fault Sensitivity , 2012, IEEE Transactions on Information Forensics and Security.

[86]  Michael Tunstall,et al.  Harnessing Biased Faults in Attacks on ECC-Based Signature Schemes , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[87]  Sylvain Guilley,et al.  FIRE: Fault Injection for Reverse Engineering , 2011, WISTP.

[88]  Stefan Mangard,et al.  Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices , 2016, IEEE Communications Surveys & Tutorials.

[89]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[90]  Sergei P. Skorobogatov Local heating attacks on Flash memory devices , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[91]  Jean-Louis Lanet,et al.  Combined Software and Hardware Attacks on the Java Card Control Flow , 2011, CARDIS.

[92]  Sedat Akleylek,et al.  Security requirements for cryptographic modules , 2013 .

[93]  Alessandro Barenghi,et al.  Low Voltage Fault Attacks on the RSA Cryptosystem , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[94]  Jasper G. J. van Woudenberg,et al.  Practical Optical Fault Injection on Secure Microcontrollers , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.