Abstract
Fault injection attacks alter the intended behavior of micro-controllers, compromising their security. These attacks can be mitigated using software countermeasures. A widely-used software-based solution to deflect fault attacks is instruction duplication and n -plication. We explore two main limitations with these approaches: first, we examine the effect of instruction duplication under fault attacks, demonstrating that as fault tolerance mechanism, code duplication does not provide a strong protection in practice. Second, we show that instruction duplication increases side-channel leakage of sensitive code regions using a multivariate exploitation technique both in theory and in practice.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The code is available at: https://github.com/cojocar/llvm-iskip.
- 2.
- 3.
- 4.
- 5.
SNR() = 2.23 and SNR() = 18.20.
- 6.
- 7.
These are the faults useful for DFA on AES.
References
Viterbi, A.: Error bounds for convolutional codes and an asymptotically optimum decoding algorithm. IEEE Trans. Inf. Theor. 13(2), 260–269 (1967). https://doi.org/10.1109/TIT.1967.1054010. ISSN 0018-9448
Rabiner, L.R.: A tutorial on hidden Markov models and selected applications in speech recognition. Proc. IEEE 77(2), 257–286 (1989). https://doi.org/10.1109/5.18626. ISSN 0018-9219
Rauzy, P., Guilley, S.: Countermeasures against high-order fault-injection attacks on CRT-RSA. In: 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 68–82, September 2014. https://doi.org/10.1109/FDTC.2014.17
Agosta, G., Barenghi, A., Pelosi, G.: Automated instantiation of side-channel attacks countermeasures for software cipher implementations. In: Proceedings of the ACM International Conference on Computing Frontiers, CF 2016, Como, pp. 455–460. ACM (2016). https://doi.org/10.1145/2903150.2911707. ISBN: 978-1-4503-4128-8
Amiel, F., et al.: Passive and active combined attacks: combining fault attacks and side channel analysis. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2007, pp. 92–102. IEEE (2007)
Barenghi, A., et al.: countermeasures against fault attacks on software implemented AES: effectiveness and cost. In: Proceedings of the 5th Workshop on Embedded Systems Security, p. 7. ACM (2010). http://dl.acm.org/citation.cfm?id=1873555. Accessed 14 Oct 2016
Barenghi, A., et al.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)
Barry, T., Couroussé, D., Robisson, B.: Compilation of a countermeasure against instruction-skip fault attacks. In: Proceedings of the Third Workshop on Cryptography and Security in Computing Systems, pp. 1–6. ACM (2016). http://dl.acm.org/citation.cfm?id=2858931. Accessed 14 Oct 2016
Bayrak, A.G., et al.: A first step towards automatic application of power analysis countermeasures. In: Proceedings of the 48th Design Automation Conference, DAC 2011, San Diego, pp. 230–235. ACM (2011). https://doi.org/10.1145/2024724.2024778. ISBN: 978-1-4503-0636-2
Bayrak, A.G., et al.: Automatic application of power analysis countermeasures. IEEE Trans. Comput. 64(2), 329–341 (2015)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2
Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44499-8_20
Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: another look on second-order DPA. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 112–129. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_7
Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: a comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_44
Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_17
Durvaux, F., Renauld, M., Standaert, F.-X., van Oldeneel tot Oldenzeel, L., Veyrat-Charvillon, N.: Efficient removal of random delays from embedded software implementations using Hidden Markov Models. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 123–140. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37288-9_9
Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_1
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3
Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization - a countermeasure for AES against differential fault attacks. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 93–111. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_6
Battistello, A., Giraud, C.: A note on the security of CHES 2014 symmetric infective countermeasure. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 144–159. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-43283-0_9
Lomné, V., Roche, T., Thillard, A.: On the need of randomness in fault attack countermeasures - application to AES. In: FDTC 2012 (2012)
Malkin, T.G., Standaert, F.-X., Yung, M.: A comparative cost/security analysis of fault attack countermeasures. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 159–172. Springer, Heidelberg (2006). https://doi.org/10.1007/11889700_15
Gierlichs, B., Schmidt, J.-M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 305–321. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_17
Patranabis, S., Chakraborty, A., Mukhopadhyay, D.: Fault tolerant infective countermeasure for AES. In: Chakraborty, R.S., Schwabe, P., Solworth, J. (eds.) SPACE 2015. LNCS, vol. 9354, pp. 190–209. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24126-5_12
Joye, M., Manet, P., Rigaud, J.-B.: Strengthening hardware AES implementations against fault attacks. In: IET Information Security (2007)
Regazzoni, F., Breveglieri, L., Ienne, P., Koren, I.: Interaction between fault attack countermeasures and the resistance against power analysis attacks. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography. Information Security and Cryptography, pp. 257–272. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29656-7_15
Dureuil, L., Potet, M.-L., de Choudens, P., Dumas, C., Clédière, J.: From code review to fault injection attacks: filling the gap using fault model inference. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 107–124. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31271-2_7
Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45203-4_23
Korak, T., et al.: Clock glitch attacks in the presence of heating. In: FDTC 2014 (2014)
Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 320–334. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_22
Luo, P., et al.: Side-channel power analysis of different protection schemes against fault attacks on AES. In: ReConfig 2014 (2014)
Maebe, J., De Keulenaer, R., De Sutter, B., De Bosschere, K.: Mitigating smart card fault injection with link-time code rewriting: a feasibility study. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 221–229. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_19
Maistri, P., Leveugle, R.: Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans. Comput. 57(11), 1528–1539 (2008)
Malagón, P., et al.: Compiler optimizations as a countermeasure against side-channel analysis in MSP430-based devices. Sensors 12(6), 7994–8012 (2012)
Medwed, M., Schmidt, J.-M.: A generic fault countermeasure providing data and program flow integrity. In: 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2008, pp. 68–73. IEEE (2008)
Moro, N., et al.: Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: FDTC 2013 (2013)
Moro, N., et al.: Formal verification of a software countermeasure against instruction skip attacks. J. Cryptogr. Eng. 4(3), 145–156 (2014)
Moro, N., et al.: Experimental evaluation of two software countermeasures against fault attacks. In: HOST 2014 (2014)
Moss, A., Oswald, E., Page, D., Tunstall, M.: Compiler assisted masking. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 58–75. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_4
Pahlevanzadeh, H., Dofe, J., Yu, Q.: Assessing CPA resistance of AES with different fault tolerance mechanisms. In: ASP-DAC 2016 (2016)
Patranabis, S., et al.: One plus one is more than two: a practical combination of power and fault analysis attacks on PRESENT and PRESENT-like block ciphers. In: FDTC 2017. IEEE (2017)
Prouff, E., Rivain, M.: Masking against side-channel attacks: a formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 142–159. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_9
Regazzoni, F., et al.: Power attacks resistance of cryptographic s-boxes with added error detection circuits. In: DFT 2007 (2007)
Regazzoni, F., et al.: Can knowledge regarding the presence of countermeasures against fault attacks simplify power attacks on cryptographic devices? In: DFT 2008 (2008)
Riviere, L., et al.: High precision fault injections on the instruction cache of ARMv7-M architectures. In: HOST 2015 (2015)
Timmers, N., Spruyt, A., Witteman, M.: Controlling PC on ARM Using Fault Injection. In: FDTC 2016 (2016)
Verbauwhede, I., Karaklajic, D., Schmidt, J.-M.: The fault attack jungle-a classification model to guide you. In: FDTC 2011 (2011)
Yuce, B., et al.: Software fault resistance is futile: effective single-glitch attacks. In: FDTC 2016, pp. 47–58 (2016)
Acknowledgements
This research was supported by the NWO CYBSEC “OpenSesame” project (628.001.005) and the NWO project ProFIL (628.001.007). We thank our anonymous reviewers and our shepherds, Fischer Jean-Bernard and Romailler Yolan for their invaluable feedback. We also thank Marius Schilder and Dominic Rizzo from Google Inc. for their support in developing the compiler.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
1.1 Differential Fault Analysis (DFA) Attack on Software AES-128
In Sect. 5 we determined the impact of ID as a fault tolerance mechanism on synthetic code. Now we show the interaction between ID and the number of trials needed to conduct a fault based attack. To this extent, we automatically apply ID on a large and complex code construction, the AES-128 cryptographic algorithm, and perform the DFA attack described by Dusart et al. [28]. The goal of the attack is to extract the fixed key by observing the faulty output.
We use the tiny-AES128-CFootnote 6 implementation of the AES-128 cipher, in ECB mode for our target to encrypt a fixed input with a fixed key. A trigger is implemented between the \(9^{th}\) and the \(10^{th}\) round to guarantee we always hit the right location within the algorithm. Two versions of the AES-128 implementation are compiled: a hardened version (with ID in place) and an non-hardened version.
A 2 K trace set containing traces with faulty outputs is acquired for each implementation. We randomly select \(n_t\) from these trace sets and use them in the DFA attack. We repeat this process 100 times for each implementation and we plot how often the attack is successful in Fig. 9.
The non-hardened implementation outperforms the hardened implementation in terms of FI tolerance. A clear indication that ID is not effective for protecting the AES-128 algorithm when the instruction corruption fault model holds. Depending on the time penalty required for a single experiment, the small difference can have a noticeable effect. If the target needs to be reset before each experiment then tens of seconds are added for each experiment. Moreover, the target might remove or change the keys after a limited amount of encryptions.
We analyzed the outputs in more detail and counted how often multi byte changes are observed in both implementations (Table 2). From the number of all faults observed (i.e. at least 1 byte difference), 4 bytes faultsFootnote 7 are more probable to be observed in the hardened implementation.
To conclude, fewer successful faults are needed to attack the hardened AES.
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Cojocar, L., Papagiannopoulos, K., Timmers, N. (2018). Instruction Duplication: Leaky and Not Too Fault-Tolerant!. In: Eisenbarth, T., Teglia, Y. (eds) Smart Card Research and Advanced Applications. CARDIS 2017. Lecture Notes in Computer Science(), vol 10728. Springer, Cham. https://doi.org/10.1007/978-3-319-75208-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-75208-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75207-5
Online ISBN: 978-3-319-75208-2
eBook Packages: Computer ScienceComputer Science (R0)