Skip to main content
SpringerLink
Log in

Multi-level formal verification

A new approach against fault injection attack

  • Special Section on Proofs 2015
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Fault injection attack is an extremely powerful technique to extract secrets from an embedded system. Since their introduction, a large number of countermeasures have been proposed. Unfortunately, they suffer from two major drawbacks: a very high cost on system performance and a security frequently questioned. The first point can be explained by their design, based on techniques from reliability domain, which result in solutions protecting against fault models either highly improbable in a context of attack, or that do not permit secret extraction. At the opposite, the second point is due to the use of an incomplete attacker model for the security evaluation at design step. In this paper, we propose a new approach: multi-level formal verification, based on models encompassing the capabilities of the attacker, the susceptibility to faults of the hardware platform hosting the implementation, and the constraints imposed by the algorithm used for secret extraction. We first explain that the success of a fault injection attack depends solely on races between signals, which can be analyzed automatically. Then, we perform a multi-level evaluation on a hardware implementation of AES-128, which shows that the overhead of a countermeasure can be divided by eight while maintaining an almost identical level of security. Finally, we extend the model to electromagnetic injection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Notes

  1. Secret keys are usually stored encrypted in a nonvolatile memory to prevent direct reading. At boot or later, they are decrypted and saved in the main system memory.

  2. A SE contains a pair of NAND logic gates in which outputs are looped back to the inputs of the other.

  3. The one which imposes the maximum operating frequency of the system (see Sect. 2.1).

  4. As defined in [17].

  5. A xc6slx150 Spartan-6 containing 23 038 slices.

References

  1. Anderson, R., Kuhn, M.: “Tamper resistance: A cautionary note,” In: Proceedings of the 2nd Conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - vol. 2, ser. WOEC’96, pp. 1–1. Berkeley, CA, USA: USENIX Association, (1996). [Online]. Available: http://dl.acm.org/citation.cfm?id=1267167.1267168

  2. Boneh, D., DeMillo, R.A., Lipton, R.J.: “On the importance of checking cryptographic protocols for faults (extended abstract),” In: Advances in Cryptology - EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11–15, 1997, Proceeding, ser. Lecture Notes in Computer Science, W. Fumy, Ed., vol. 1233, pp. 37–51. Springer, 1997 [Online]. Available: doi:10.1007/3-540-69053-0_4

  3. Biham, E., Shamir, A.: “Differential fault analysis of secret key cryptosystems,” In: Advances in Cryptology - CRYPTO ’97, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 1997, Proceedings, ser. Lecture Notes in Computer Science, B. S. K. Jr., Ed., vol. 1294, pp. 513–525. Springer, 1997 [Online]. Available: doi:10.1007/BFb0052259

  4. Rivain, M.: “Differential fault analysis on DES middle rounds,” In: Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings, ser. Lecture Notes in Computer Science, C. Clavier and K. Gaj, Eds., vol. 5747, pp. 457–469. Springer, 2009 [Online]. Available: doi:10.1007/978-3-642-04138-9_32

  5. Piret, G., Quisquater, J.: “A differential fault attack technique against SPN structures, with application to the AES and KHAZAD,” In: Cryptographic Hardware and Embedded Systems - CHES 2003, 5th International Workshop, Cologne, Germany, September 8-10, 2003, Proceedings, ser. Lecture Notes in Computer Science, C. D. Walter, Ç. K. Koç, and C. Paar, Eds., vol. 2779, pp. 77–88. Springer, 2003 [Online]. Available: doi:10.1007/978-3-540-45238-6_7

  6. Barenghi, A., Bertoni, G.M., Breveglieri, L., Pelosi, G., Palomba, A.: “Fault attack to the elliptic curve digital signature algorithm with multiple bit faults,” In: Proceedings of the 4th International Conference on Security of Information and Networks, SIN 2011, Sydney, NSW, Australia, November 14-19, 2011, M. A. O. an Atilla Elçi an Oleg B. Makarevich an Sorin A. Huss an Josef Pieprzyk an Lyudmila K. Babenko an Alexander G. Chefranov an Rajan Shankaran, Ed. ACM, 2011, pp. 63–72. [Online]. Available: doi:10.1145/2070425.2070438

  7. Maingot, V., Leveugle, R.: “Error detection code efficiency for secure chips,” In: 13th IEEE International Conference on Electronics, Circuits, and Systems, ICECS 2006, pp. 561–564. Nice, France, December 10–13, 2006. IEEE, 2006 [Online]. Available: doi:10.1109/ICECS.2006.379850

  8. Trichina, E., Korkikyan, R.: “Multi fault laser attacks on protected CRT-RSA,” In: 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2010, Santa Barbara, California, USA, 21 August 2010, L. Breveglieri, M. Joye, I. Koren, D. Naccache, and I. Verbauwhede, Eds. IEEE Computer Society, 2010, pp. 75–86. [Online]. Available: doi:10.1109/FDTC.2010.14

  9. Amiel, F., Villegas, K., Feix, B., Marcel, L.: “Passive and active combined attacks: Combining fault attacks and side channel analysis,” In: Fourth International Workshop on Fault Diagnosis and Tolerance in Cryptography, 2007, FDTC 2007: Vienna, Austria, 10 September 2007, L. Breveglieri, S. Gueron, I. Koren, D. Naccache, and J. Seifert, Eds. IEEE Computer Society, 2007, pp. 92–102. [Online]. Available: doi:10.1109/FDTC.2007.4318989

  10. Skorobogatov, S.P., Anderson, R.J.: “Optical fault induction attacks,” In: Cryptographic Hardware and Embedded Systems - CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers, ser. Lecture Notes in Computer Science, B. S. K. Jr., Ç. K. Koç, and C. Paar, Eds., vol. 2523, pp. 2–12. Springer, 2002 [Online]. Available: doi:10.1007/3-540-36400-5_2

  11. Balasch, J., Gierlichs, B., Verbauwhede, I.: “An in-depth and black-box Characterization of the effects of clock glitches on 8-bit MCUs,” In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Tokyo, Japan, September 29, 2011. IEEE,2011, pp. 105–114

  12. Kelley, E., Motika, F., Motika, P., Motika, E.: “Secure credit card,” Nov. 4 2003, “US Patent 6,641,050”. [Online]. Available: https://www.google.com/patents/US6641050

  13. Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: “Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures,” Proceedings of the IEEE, vol. 100, no. 11, pp. 3056–3076, 2012. [Online]. Available: doi:10.1109/JPROC.2012.2188769

  14. Canivet, G., Leveugle, R., Clediere, J., Valette, F., Renaudin, M.: “Characterization of effective laser spots during attacks in the configuration of a virtex-II FPGA,” In: VLSI Test Symposium, 2009. VTS ’09. 27th IEEE, 2009, pp. 327–332

  15. Dehbaoui, A., Dutertre, J., Robisson, B., Tria, A.: “Electromagnetic transient faults injection on a hardware and a software implementations of AES,” In: 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, Leuven, Belgium, September 9, 2012, G. Bertoni and B. Gierlichs, Eds. IEEE Computer Society, 2012, pp. 7–15. [Online]. Available: doi:10.1109/FDTC.2012.15

  16. Ordas, S., Guillaume-Sage, L., Tobich, K., Dutertre, J., Maurine, P.: “Evidence of a larger EM-induced fault model,” In: Smart Card Research and Advanced Applications - 13th International Conference, CARDIS 2014, Paris, France, November 5-7, 2014. Revised Selected Papers, ser. Lecture Notes in Computer Science, M. Joye and A. Moradi, Eds., vol. 8968, pp. 245–259. Springer, 2014, [Online]. Available: doi:10.1007/978-3-319-16763-3_15

  17. Ali, S., Mukhopadhyay, D., Tunstall, M.: “Differential fault analysis of AES using a single multiple-byte fault,” IACR Cryptology ePrint Archive, vol. 2010, p. 636, 2010. [Online]. Available: http://eprint.iacr.org/2010/636

  18. Agoyan, M., Dutertre, J.-M., Naccache, D., Robisson, B., Tria, A.: “When clocks fail: on critical paths and clock faults,” In Smart Card Research and Advanced Application, 9th IFIP WG8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings, ser. Lecture Notes in Computer Science, D. Gollmann, J.-L. Lanet, and J. Iguchi-Cartigny, Eds., vol. 6035, pp. 182–193. Springer, (2010)

  19. Riscure, “VC Glitcher.” [Online]. Available: https://www.riscure.com/security-tools/hardware/vc-glitcher

  20. Zussa, L., Dehbaoui, A., Tobich, K., Dutertre, J., Maurine, P., Guillaume-Sage, L., Clédière, J., Tria, A.: “Efficiency of a glitch detector against electromagnetic fault injection,” In: Design, Automation & Test in Europe Conference & Exhibition, DATE 2014, Dresden, Germany, March 24-28, 2014. IEEE, 2014, pp. 1–6. [Online]. Available: doi:10.7873/DATE.2014.216

Download references

Acknowledgements

This research was supported by the project PISCO.

Author information

Authors and Affiliations

  1. LTCI, CNRS, Télécom ParisTech, Université Paris-Saclay, 75013, Paris, France

    Laurent Sauvage & Tarik Graba

  2. Secure-IC, 15 rue Claude Chappe, 35510, Cesson-Sévigné, France

    Laurent Sauvage & Thibault Porteboeuf

Authors
  1. Laurent Sauvage
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tarik Graba
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thibault Porteboeuf
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Laurent Sauvage.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sauvage, L., Graba, T. & Porteboeuf, T. Multi-level formal verification. J Cryptogr Eng 7, 87–95 (2017). https://doi.org/10.1007/s13389-016-0144-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-016-0144-3

Keywords

Search

Navigation