Machine learning techniques to predict sensitive patterns to fault attack in the Java Card application

Abstract Fault attack represents one of the serious threats against Java Card security. It consists of physical perturbation of chip components to introduce faults in the code execution. A fault may be induced using a laser beam to impact opcodes and operands of instructions. This could lead to a mutation of the application code in such a way that it becomes hostile. Any successful attack may reveal a secret information stored in the card or grant an undesired authorisation. We propose a methodology to recognise, during the development step, the sensitive patterns to the fault attack in the Java Card applications. It is based on the concepts from text categorisation and machine learning. In fact, in this method, we represented the patterns using opcodes n-grams as features, and we evaluated different machine learning classifiers. The results show that the classifiers performed poorly when classifying dangerous sensitive patterns, due to the imbalance of our data-set. The number of dangerous sensitive patterns is much lower than the number of not dangerous patterns. We used resampling techniques to balance the class distribution in our data-set. The experimental results indicated that the resampling techniques improved the accuracy of the classifiers. In addition, our proposed method reduces the execution time of sensitive patterns classification in comparison to the SmartCM tool. This tool is used in our study to evaluate the effect of faults on Java Card applications.

[1]  Nitesh V. Chawla,et al.  SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[2]  Carey E. Priebe,et al.  COMPARATIVE EVALUATION OF PATTERN RECOGNITION TECHNIQUES FOR DETECTION OF MICROCALCIFICATIONS IN MAMMOGRAPHY , 1993 .

[3]  Régis Leveugle Fault injection in VHDL descriptions and emulation , 2000, Proceedings IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems.

[4]  Jörg Kindermann,et al.  Text Categorization with Support Vector Machines. How to Represent Texts in Input Space? , 2002, Machine Learning.

[5]  R. J. Suhocki,et al.  Design and Use of Fault Simulation for Saturn Computer Design , 1967, IEEE Trans. Electron. Comput..

[6]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[7]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[8]  Kang G. Shin,et al.  DOCTOR: an integrated software fault injection environment for distributed real-time systems , 1995, Proceedings of 1995 IEEE International Computer Performance and Dependability Symposium.

[9]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques with Java implementations , 2002, SGMD.

[10]  Jean Arlat Validation de la sûreté de fonctionnement par injection de fautes : méthode, mise en oeuvre, application , 1990 .

[11]  Seetha Hari,et al.  Learning From Imbalanced Data , 2019, Advances in Computer and Electrical Engineering.

[12]  Henrique Madeira,et al.  Xception: Software Fault Injection and Monitoring in Processor Functional Units1 , 1995 .

[13]  Jorma Laurikkala,et al.  Improving Identification of Difficult Small Classes by Balancing Class Distribution , 2001, AIME.

[14]  Yoav Freund,et al.  Experiments with a New Boosting Algorithm , 1996, ICML.

[15]  Xavier Kauffmann-Tourkestansky,et al.  Analyses sécuritaires de code de carte à puce sous attaques physiques simulées. (Security analysis of smart card C code using simulated physical attacks) , 2012 .

[16]  Douglas B. Armstrong,et al.  A Deductive Method for Simulating Faults in Logic Circuits , 1972, IEEE Transactions on Computers.

[17]  Fabrizio Sebastiani,et al.  Machine learning in automated text categorization , 2001, CSUR.

[18]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[19]  Jean-Louis Lanet,et al.  Evaluation of the Ability to Transform SIM Applications into Hostile Applications , 2011, CARDIS.

[20]  金田 重郎,et al.  C4.5: Programs for Machine Learning (書評) , 1995 .

[21]  Yiming Yang,et al.  A Comparative Study on Feature Selection in Text Categorization , 1997, ICML.

[22]  Jean-Louis Lanet,et al.  SmartCM a smart card fault injection simulator , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[23]  Cécile Canovas,et al.  From Code Review to Fault Injection Attacks: Filling the Gap Using Fault Model Inference , 2015, CARDIS.

[24]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[25]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[26]  Julien Bringer,et al.  A novel simulation approach for fault injection resistance evaluation on smart cards , 2015, 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW).

[27]  Gerard Salton,et al.  A vector space model for automatic indexing , 1975, CACM.

[28]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[29]  Johan Karlsson,et al.  GOOFI: generic object-oriented fault injection tool , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[30]  Ryan M. Rifkin,et al.  In Defense of One-Vs-All Classification , 2004, J. Mach. Learn. Res..

[31]  Robert Tibshirani,et al.  Classification by Pairwise Coupling , 1997, NIPS.

[32]  Jacob A. Abraham,et al.  FERRARI: A Flexible Software-Based Fault and Error Injection System , 1995, IEEE Trans. Computers.

[33]  Massimo Violante,et al.  Exploiting FPGA for accelerating fault injection experiments , 2001, Proceedings Seventh International On-Line Testing Workshop.

[34]  Jean-Louis Lanet,et al.  Automatic detection of fault attack and countermeasures , 2009, WESS '09.

[35]  Jean-Pierre Seifert,et al.  A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[36]  Jean-Louis Lanet,et al.  Recognition of Sensitive Patterns to the Fault Attack in the Java Card Application , 2013 .