Dirmanto Jap

The other side of the coin: Analyzing software encoding schemes against fault injection attacks

The versatility and cost of embedded systems have made it ubiquitous. Such wide-application exposes an embedded system to a variety of physical threats like side-channel attacks (SCA) and fault attacks (FA). Recently, a couple of software encoding schemes were proposed as a protection against SCA. These protection schemes are based on dual-rail precharge logic (DPL), previously shown resistant to both SCA and FA. In this paper, we analyze the previously proposed software encoding schemes against FA. Our results show that software encoding offers only limited resistance to FA. Finally, improvement to software-encoding schemes is improved. With this improvement, software encoding can serve as a common SCA and FA counter-measure with an exploitable fault probability as low as 0.0048.

Laser Profiling for the Back-Side Fault Attacks: With a Practical Laser Skip Instruction Attack on AES

Laser fault injection is one of the strongest fault injection techniques. It offers a precise area positioning and a precise timing, allowing a high repeatability of experiments. In our paper we examine possibilities of laser-induced faults that could lead to instruction skips. After the profiling phase we were able to perform an attack on the last AddRoundKey operation in AES and to retrieve the secret key with just one faulty and correct ciphertext pair. Our experiments show very high degree of repeatability and 100% success rate with correct laser settings.

Testing Feasibility of Back-Side Laser Fault Injection on a Microcontroller

Laser fault attack platform constitutes a powerful tool for a precise injection of faults into the device, allowing an attacker to carefully adjust timing and position on the chip. On the other hand, the cost of such equipment is high and the profiling time is non-negligible. In this paper, we would like to investigate the practicability of the back-side laser fault injection and to state benefits and drawbacks of this technique. We performed experiments on two methods of fault injections induced by a laser beam -- instruction disturbance experiments and register value changes. The first method, as our experiments show, is easy to perform, precise and repeatable. The second one is harder to perform and we could not achieve repeatability in such experiments.

Overview of machine learning based side-channel analysis methods

Recent publications have shown that there is a possibility to apply machine learning methods for side-channel analysis, mostly for profiling based attacks. In this paper, we present a brief overview of those methods, and highlight what are the improvements that might be offered. It is shown that, in most cases, the performance of these methods could outperform the classical attacks. Here, we also discuss what could be the other potential applications of the learning algorithms, for example, as feature selection or for construction of leakage model.

Toward Threat of Implementation Attacks on Substation Security: Case Study on Fault Detection and Isolation

Modern and future substations are aimed to be more interconnected, leveraging communication standards like IEC 61850-9-2, and associated abstract data models and communication services like generic object oriented substation event, manufacturing message specification, and sampled measured value. Such interconnection would enable fast and secure data transfer, sharing of the analytics information for various purposes like wide area monitoring, faster outage recovery, blackout prevention, distributed state estimation, etc. This would require strong focus on communication security, both at system level as well as at embedded device level. Although communication level security is dealt in IEC 62351, implementation attack on the embedded system is not considered. Since the embedded system makes the core of the smart grid, in this paper, we take a deeper look into impact of implementation attacks on substation security. An overview of potential exploits is first provided. This is followed by a case study, where implementation attacks like malicious fault injection attacks and hardware Trojan are used to compromise a substation level intelligent electronic device. The studied scenario extends implementation attacks beyond its usual exploit of confidentiality to affect power grid integrity and availability.

Comprehensive Laser Sensitivity Profiling and Data Register Bit-Flips for Cryptographic Fault Attacks in 65 Nm FPGA

FPGAs have emerged as a popular platform for security sensitive applications. As a practical attack methodology, laser based fault analyses have drawn much attention in the past years due to its superior accuracy in fault perturbation into security-critical Integrated Circuits (ICs). However, due to the insufficient device information, the practical injections work are not so efficient as expected. In this paper, we thoroughly analyze the laser fault injections to data flip-flops, instead of the widely studied configuration memory bits, of a modern nanoscale FPGA. A profiling campaign based on laser chip scan is performed on an exemplary 65 nm Virtex-5 FPGA, through the delayered silicon substrate, to identify the laser sensitivity distribution of the resource array and the fundamental logic cells. The sophisticated flip-flop bit flips are realized by launching fine-grained laser perturbations on an identified Configurable Logic Block (CLB) region. The profiled laser fault sensitivity map to FPGA resource significantly facilitate high-precision logic navigation and fault injection in practical cryptographic fault attacks. We show that the observed single- and multiple-bit faults are compatible with most proposed differential or algebraic fault analyses (DFA/AFA). Finally, further discussions on capability of reported fault models to bypass fault countermeasures like parity and dual-rail logic are also given.

Support vector regression: exploiting machine learning techniques for leakage modeling

Side-channel analysis (SCA) is a serious threat to embedded cryptography. Any SCA has two important components: leakage modeling and distinguisher. Although distinguisher has received much research efforts, leakage modeling still lies on couple of classical techniques like Hamming weight or linear regression. In this paper, we propose a novel support vector machine based technique for efficient leakage modeling. The technique is called support vector regression (SVR) and can be used in both profiled and non-profiled settings. We provide proper theoretical background of SVR with practical application on AES implementation running on an AVR microcontroller.

Differential Fault Attack on LEA

LEA is a symmetric block cipher proposed in 2014. It uses ARX design and its main advantage is the possibility of a fast software implementation on common computing platforms.

A survey of the state-of-the-art fault attacks

Since 1996, when Boneh, DeMillo and Lipton introduced the idea of fault attacks, many theoretical and practical publications were made on this topic. These attacks belong to the class of physical cryptanalysis attacks. In this paper we describe several methods of fault injection attacks. We provide an overview of both attacks and counter-measures on AES algorithm and on ECC.

Laser-Based Fault Injection on Microcontrollers

Laser fault injection constitutes a powerful tool for a precise injection of faults into the device, allowing an adversary to carefully adjust timing and position on the chip. On the other hand, the cost of such equipment is high and the profiling time is non-negligible. In this chapter, we provide a theoretical background on laser fault injection, followed by practical evaluation of this technique on 8-bit microcontroller. We first profile the device to examine what fault models are possible and then we provide a case study on ChaCha family of stream ciphers.