Armin Krieg

A side channel attack countermeasure using system-on-chip power profile scrambling

Since the discovery that hardware used for cryptographic applications could leak secret information through its power or radiation profile a wide range of possible attack methods has been published. The rapid evolution of these side-channel attacks made it increasingly important to minimize this possible information leakage. Additionally timing information also derived from this power profile is used to control fault-attack campaigns to drive the system into an unintended state. Therefore a wide range of leakage countermeasures has been developed for dedicated cryptographic hardware. Contrariwise only little work is available concerning power profile scrambling techniques for cryptographic software implementations running on general purpose architectures. Such implementations often include power management hardware to cope with several power budget constraints which could be used to influence the systems power consumption during run-time. This paper proposes a novel side channel attack countermeasure technique using such power management methods in combination with techniques for power profile manipulation. State-of-the-art power estimation hardware using a reduced power model allows for the efficient on-line monitoring and manipulation of the power consumption and radiation profile.

Accelerating early design phase differential power analysis using power emulation techniques

The personal banking and ID sector has seen a tremendous change in recent years, partially caused by the widespread introduction of smart-cards. Because of the extensive implications of a successful attack on these devices, a wide range of practical as well as purely academic attacks has been developed during the last years. These attacks have unveiled weaknesses in hardware as well as software implementations of several different, partially widely used cryptographic algorithms. An especially powerful method, the differential power analysis (DPA), extracts secret information from power consumption and electro-magnetic emission profiles. The efficiency of a DPA attack significantly depends on the quality of the cryptographic algorithm implementation. These traces currently can only be generated using real hardware or simulation-based approaches. Depending on the chosen simulation accuracy these evaluations result in time-consuming RTL and SPICE simulations often limiting the maximum amount of available execution traces. This paper introduces a novel high-speed methodology for early security evaluations of integrated processor systems using power emulation. First, the usage of power emulation hardware allows for the estimation of attack effort that an adversary will have to invest to gain secret information from an algorithms execution profile. Second, countermeasures against differential power analysis attacks can be quickly evaluated in terms of effectiveness. The shown approach uses semi-automatic characterization techniques and fully synthesizable emulation hardware to reduce the designers dependency on time-consuming simulation runs.

Automatic saboteur placement for emulation-based multi-bit fault injection

During recent years the dependability and security requirements of system-on-chip (SoC) designs have increased tremendously. Both, dependability and security, domains are concerned with operational faults of a random or intentional nature. In former case random faults e.g. caused by radiation or degradation effects could lead to execution errors with possible dramatic results. The security domain is more concerned with intentional faults injected by an adversary during a physical attack to drive the system into an unintended state. The resistance of such a design against faults can be emulated during early design phases using fault injection methods. For these methods the design-under-test is augmented with additional circuitry to emulate faults at predestined locations. One method uses saboteurs, elements that are transparent during normal operation and faulty if activated, are placed into the target system. If this placement process includes a high number of saboteurs, the hardware description manipulation could be a challenge for the design engineer. Therefore this paper presents an automatic placement methodology for fault injection evaluations using saboteur techniques. The automatized process allows for the efficient placement of large amounts of saboteurs. This enables the designer to evaluate a high number of different dependability and fault attack scenarios during early design phases using FPGA-based functional emulation. Selected case studies show how this approach can be applied to a common general purpose architecture in an efficient way.

Modular Fault Injector for Multiple Fault Dependability and Security Evaluations

The increasing level of integration and decreasing size of circuit elements leads to greater probabilities of operational faults. More sensible electronic devices are also more prone to external in?uences by energizing radiation. Additionally not only natural causes of faults are a concern of todays chip designers. Especially smart cards are exposed to complex attacks through which an adversary tries to extract knowledge from a secured system by putting it into an undefined state. These problems make it increasingly necessary to test a new design for its fault robustness. Several previous publications propose the usage of single bit injection platforms, but the limited impact of these campaigns might not be the right choice to provide a wide fault attack coverage. This paper first introduces a new in-system fault injection strategy for automatic test pattern injection. Secondly, an approach is presented that provides an abstraction of the internal fault injection structures to a more generic high level view. Through this abstraction it is possible to support the task separation of design and test-engineers and to enable the emulation of physical attacks on circuit level. The controllers generalized interface provides the ability to use the developed controller on different systems using the same bus system. The high level of abstraction is combinable with the advantage of high performance autonomous emulations on high end FPGA-platforms.

Power And Fault Emulation for Software Verification and System Stability Testing in Safety Critical Environments

In recent years the complexity of digital control systems in safety critical environments increased steadily from simple discrete control units to complex embedded systems. A wide industrial consensus about the necessity of a set of safety definitions lead to the introduction of several functional safety standards like IEC61508. To achieve that novel embedded systems comply with these requirements, thorough testing is needed during early design stages of the integrated device. Currently only fault injection testing using manufactured products and netlists of system-on-chips are used to determine the fault resistance of the embedded system. This late testing could result in expensive redesigns and hide implementation errors because of the black-box approach. This approach is also not practicable if software and hardware providers are separate entities. This paper presents a flexible fault injection and power estimation platform to enable thorough examinations of novel complex system-on-chips for automotive or similar critical environments. The microprocessor evaluation approach is extended with smart bus fault emulation units for common buses like Ethernet. The combined power and fault emulation techniques allow for the instant exploration of eventual power supply peaks and implementation weaknesses.

QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks

Physical attacks, such as fault attacks, pose a decisive threat for the security of devices in the Internet of Things. An important class of countermeasures for fault attacks is fault tolerant software that is applicable for systems based on COTS hardware. In order to evaluate software countermeasures against fault attacks, fault injection is needed. However, established fault injection approaches require manufactured products or hardware details (e.g. netlists, RTL models), which are not available when using COTS hardware. In this paper, we present a QEMU-based fault injection platform that supports commercial COTS processors that are widely-used in the embedded domain. This framework allows a system-level analysis of software countermeasures by featuring the simulation of high-level hardware faults targeting, for example, memory cells, register cells, or the correct execution of instructions. The framework supports the generation of realistic fault attack scenarios. We illustrate the practicability of the approach by presenting two exemplary use cases.

Efficient fault emulation using automatic pre-injection memory access analysis

The complexity of SoCs has been increasing enormously over the last years. This increases the effort for testing the SoCs against natural external influences and fault attacks. These tests require a huge amount of time because of the large fault scenario space. In this paper a novel method is presented on reduction of system test duration. This speed-up is reached by observing memory accesses during a golden model run to find security relevant regions in memories. Therefore, a novel monitor module has been designed and tested which stores the used memory addresses together with the access time stamps.

System side-channel leakage emulation for HW/SW security coverification of MPSoCs

During recent years a tremendous number of embedded systems has been introduced into every persons house-hold. Such systems cannot only be found inside non-critical applications like entertainment devices but also in safety or security critical implementations like smart-cards. The increasing complexity leads to the introduction of several different co-design techniques to enable the parallel design of the systems hardware and software. Especially concerning security evaluation procedures this may raise a problem of trust between the manufacturer of the hardware and the software if both are different entities. To enable a bridge between these two worlds, simulation and emulation-based approaches have been shown in literature and industry to provide abstracted information about fault-attack effects to the software developer. However, no fast and cost-effective approach is available to provide a metric about how much of a given secret is leaking from the device to its environment. Therefore, this paper proposes such a metric and an emulation-based methodology to enable an early estimation of side-channel leakage to a possible adversary. The effectiveness of our approach is shown using a common available system-on-chip implementation using an open-source standard-cell library for characterization and a FPGA-based emulation platform for demonstration.

POWER-MODES: POWer-EmulatoR- and MOdel-Based DEpendability and Security Evaluations

Innovation cycles have been shortening significantly during the last years. This process puts tremendous pressure on designers of embedded systems for security-or reliability-critical applications. Eventual design problems not detected during design time can lead to lost money, confidentiality, or even loss of life in extreme cases. Therefore it is of vital importance to evaluate a new system for its robustness against intentionally and random induced operational faults. Currently this is generally done using extensive simulation runs using gate-level models or direct measurements on the finished silicon product. These approaches either need a significant amount of time and computational power for these simulations or rely on existing product samples. This article presents a novel system evaluation platform using power emulation and fault injection techniques to provide an additional tool for developers of embedded systems in security-and reliability-critical fields. Faults are emulated using state-of-the-art fault injection methods and a flexible pattern representation approach. The resulting effects of these faults on the power consumption profile are estimated using state-of-the-art power emulation hardware. A modular system augmentation approach provides emulation flexibility similar to fault simulation implementations. The platform enables the efficient evaluation of new hardware or software implementations of critical security or reliability solutions at an early development phase.

Run-time FPGA health monitoring using power emulation techniques

In recent years research on long-term reliability of FPGAs intensified significantly. This results from the broad usage of these devices for applications that come with high long-term stability constraints while being physically inaccessible. Several error checking and detection methods have been published to cope with degradation over time but these either force the FPGA to halt for exhaustive tests or their coverage decreases significantly. This paper presents an early view on a multi-disciplinary approach for run-time reliability monitoring and self-repairing using state-of-the-art power-emulation and FPGA partial reconfiguration techniques. Furthermore we propose a novel device aging detection mechanism using these power emulation techniques. It is meant to provide an outlook on the current state-of-the-art and future possibilities using these techniques for a combined reliability effort.