Bilgiday Yuce

Differential Fault Intensity Analysis

Recent research has demonstrated that there is no sharp distinction between passive attacks based on side-channel leakage and active attacks based on fault injection. Fault behavior can be processed as side-channel information, offering all the benefits of Differential Power Analysis including noise averaging and hypothesis testing by correlation. This paper introduces Differential Fault Intensity Analysis, which combines the principles of Differential Power Analysis and fault injection. We observe that most faults are biased - such as single-bit, two-bit, or three-bit errors in a byte - and that this property can reveal the secret key through a hypothesis test. Unlike Differential Fault Analysis, we do not require precise analysis of the fault propagation. Unlike Fault Sensitivity Analysis, we do not require a fault sensitivity profile for the device under attack. We demonstrate our method on an FPGA implementation of AES with a fault injection model. We find that with an average of 7 fault injections, we can reconstruct a full 128-bit AES key.

Improving Fault Attacks on Embedded Software Using RISC Pipeline Characterization

A fault attack becomes more efficient when the fault behavior, the response of a device to a fault injection, is precisely understood. In this paper, we present a methodology for fault attacks and their analysis on pipelined RISC processors. For complex hardware structures such as microprocessor pipelines, modeling the fault behavior can become challenging. By analyzing the structure of the RISC pipeline, we obtain insight into the most likely faults, and we are able to pinpoint the most sensitive points during execution of a cryptographic software program. We use this result to apply a recent class of fault injection attacks, so-called biased fault injection attacks, to two different software implementations of AES. Our target microprocessor is a 7-stage pipeline LEON3, mapped into a Spartan6 FPGA. The paper explains the methodology, the fault injection setup, and the fault analysis on the embedded software design of AES. Our results are useful for embedded software designers who have a need to understand the fault attack sensitivity of their implementation, as well as for security engineers who are in charge of improving countermeasures, in hardware or in software, against fault attacks.

Software Fault Resistance is Futile: Effective Single-Glitch Attacks

Fault attacks are a serious threat for the secure embedded software running on a wide spectrum of embedded devices. Fault attacks can be thwarted using countermeasures in software. Among them, instruction-level countermeasures provide a fine-grained protection by executing redundant copies of an assembly instruction, and verifying their results for fault detection. It is assumed that this fine-grained security can only be broken by injecting multiple faults with expensive tools. In this work, we break the security of state-of-the-art instruction-level countermeasures by injecting single clock glitches with a low-cost fault injection setup. We first analyze their vulnerabilities by considering micro-architectural aspects such as pipelining effects. Second, we experimentally demonstrate the feasibility of exploiting these vulnerabilities on a SAKURA-G board. Finally, as a case study, we apply a recent biased fault attack on a fault-resistant software implementation of LED block cipher, and retrieve its secret key.

Lightweight Fault Attack Resistance in Software Using Intra-instruction Redundancy

Fault attack countermeasures can be implemented by storing or computing sensitive data in redundant form, such that the faulty data can be detected and restored. We present a class of lightweight, portable software countermeasures for block ciphers. Our technique is based on redundant bit-slicing, and it is able to detect faults in the execution of a single instruction. In comparison to earlier techniques, we are able to intercept data faults as well as instruction sequence faults using a uniform technique. Our countermeasure thwarts precise bit-fault injections through pseudo-random shifts in the allocation of data bit-slices. We demonstrate our solution on a full AES design and confirm the claimed security protection through a detailed fault simulation for a 32-bit embedded processor. We also quantify the overhead of the proposed fault countermeasure, and find a minimal increase in footprint (14%), and a moderate performance overhead between 125% to 317%, depending on the desired level of fault-attack resistance.

FAME: Fault-attack Aware Microprocessor Extensions for Hardware Fault Detection and Software Fault Response

Fault attacks are a known serious threat to embedded software security. We propose FAME, a low-cost and flexible approach to defend embedded software against fault attacks. FAME offers a combination of fault detection in hardware and fault response in software. A hardware fault detection unit continuously monitors the system status. When a fault injection is detected, an alarm signal triggers a secure trap mechanism that passes the control to a software trap handler. The trap handler applies a suitable fault response policy, which may include a broad variety of responses such as clearing sensitive data or issuing system-wide alerts. This enables a targeted, fast fault detection as well as an application-dependent, user-defined fault response. FAME requires much lower overhead than traditional countermeasure techniques in software or hardware. We demonstrate a prototype implementation of FAME using a modified LEON3 processor, and we analyze the hardware and software overhead to thwart setup-time violation attacks. The hardware area overhead is 7.4% and 14.2% in the number of LUTs and registers, respectively. The overhead of the software trap handler on top of an AES-128 program is 0.59%--0.71% in footprint and 1.01%--2.35% in performance, depending on the security policy. In contrast, traditional countermeasures that use redundant hardware or software against similar faults have at least double overhead.

TVVF: Estimating the vulnerability of hardware cryptosystems against timing violation attacks

Secure hardware designers require a method to evaluate the vulnerability of their systems against fault attacks to make proper security/cost trade-offs. To our knowledge, no systematic approach has been proposed for this purpose. This paper introduces Timing Violation Vulnerability Factor (TVVF), which evaluates the vulnerability of a hardware structure to setup time violation attacks. TVVF, a probablistic metric computed on a circuits netlist, is comprised of two factors: First, the probability of injecting a specific fault in the hardware structure, and second, the probability of propagating this fault to the output of the structure. TVVF aims at evaluating the security of designs against intentional faults caused by an adversary. In contrast, existing vulnerability metrics such as the Architecture Vulnerability Factor (AVF), evaluate the system reliability against random uncontrolled faults. To show the applicability of our metric, we compute the TVVF for two fault attacks on two AES netlists, which are generated for an FPGA.

Analyzing the Efficiency of Biased-Fault Based Attacks

In this letter, we analyze a class of recently proposed fault analysis techniques, which adopt a biased fault model. The purpose of our analysis is to evaluate the relative efficiency of several recently proposed biased-fault attacks. We compare the relative performance of each technique in a common framework, using a common circuit and a common fault injection method. We show that, for an identical circuit and fault injection method (setup time violation through clock glitching), the number of faults per attack greatly varies according to the analysis technique. In particular, DFIA is more efficient than FSA, and FSA is more efficient than both NUEVA and NUFVA. In terms of number of fault injections until full key disclosure, for a typical case, FSA uses 8x more faults than DFIA, and NUEVA uses 33x more faults than DFIA. Hence, the postprocessing technique selected in a biased-fault attack has a significant impact on the success of the attack.

Differential Fault Intensity Analysis on PRESENT and LED Block Ciphers

Differential Fault Intensity Analysis DFIA is a recently introduced fault analysis technique. This technique is based on the observation that faults are biased and thus are non-uniformly distributed over the cipher state variables. The adversary uses the fault bias as a source of leakage by controlling the intensity of fault injection. DFIA exploits statistical analysis to correlate the secret key to the biased fault behavior. In this work, we show a DFIA attack on two lightweight block ciphers: PRESENT and LED. For each algorithm, our research analyzes the efficiency of DFIA on a round-serial implementation and on a nibble-serial implementation.We show that all algorithms and all implementation variants can be broken with 10 to 36 fault intensity levels, depending on the case. We also analyze the factors that affect the convergence of DFIA. Wei¾?show that there is a trade-off between the number of required plaintexts, and the resolution of the fault-injection equipment. Thus, an adversary with lower-quality fault-injection equipment may still be as effective as an adversary with high-quality fault-injection equipment, simply by using additional encryptions. This confirms that DFIA is effective against a range of algorithms using a range of fault injection techniques.

Fast and Efficient Circuit Topologies forFinding the Maximum of n k-Bit Numbers

Finding the value and/or index of the maximum (or minimum) element of a set of n numbers (each with k-bits) is a fundamental arithmetic operation and is needed in many applications. This paper proposes several maximum-finder (or minimum-finder) circuit topologies, which are parallel. We wrote circuit generators at hardware description language level for our topologies and previous works. Then we synthesized these circuits for 20 different (n, k) cases (with values up to 64) and compared their efficiency in timing (latency), area, and energy. The timing complexity of our fastest topology is O(log n + log k), whereas the fastest in the literature is O(log n log k). The synthesis results showed that our fastest topology is 1.2-2.2 times (1.6 times on the average) faster than the state-of-the-art. In this paper, we argue that a more fair metric of area efficiency is area-timing product. In terms of ATP, our proposed topologies are better than the state-of-the-art in 19 out of the 20 cases. In terms of energy (i.e., power-timing product, abbreviated as PTP), we are better in 11 cases out of 20.

Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation

Embedded software is developed under the assumption that hardware execution is always correct. Fault attacks break and exploit that assumption. Through the careful introduction of targeted faults, an adversary modifies the control flow or data flow integrity of software. The modified program execution is then analyzed and used as a source of information leakage, or as a mechanism for privilege escalation. Due to the increasing complexity of modern embedded systems, and due to the difficulty of guaranteeing correct hardware execution even under a weak adversary, fault attacks are a growing threat. For example, the assumption that an adversary has to be close to the physical execution of software, in order to inject an exploitable fault into hardware, has repeatedly been shown to be incorrect. This article is a review on hardware-based fault attacks on software, with emphasis on the context of embedded systems. We present a detailed discussion of the anatomy of a fault attack, and we make a review of fault attack evaluation techniques. The paper emphasizes the perspective from the attacker, rather than the perspective of countermeasure development. However, we emphasize that improvements to countermeasures often build on insight into the attacks.