Hélène Le Bouder

Data Aware Defense (DaD): Towards a Generic and Practical Ransomware Countermeasure

We present the Malware - O - Matic analysis platform and the Data Aware Defense ransomware countermeasure based on real time data gathering with as little impact as possible on system performance. Our solution monitors (and blocks if necessary) file system activity of all userland threads with new indicators of compromise. We successfully detect 99.37% of our 798 active ransomware samples with at most 70 MB lost per sample’s thread in 90% of cases, or less than 7 MB in 70% of cases. By a careful analysis of the few false negatives we show that some ransomware authors are specifically trying to hide ongoing encryption. We used free (as in free beer) de facto industry standard benchmarks to evaluate the impact of our solution and enable fair comparisons. In all but the most demanding tests the impact is marginal.

Physical functions: the common factor of side-channel and fault attacks?

Physical attacks on cryptographic circuits were first identified in the late 1990s. These types of attacks, which are still considered very powerful, are generally classified into two main categories: “fault attacks” and “side-channel attacks.” To secure circuits against such attacks, it is crucial to develop appropriate methods and tools that enable accurate estimates of the protection mechanism’s effectiveness. Numerous studies have described such methods and tools but, to the best of our knowledge, these previous investigations have considered side-channel attacks or fault attacks but not the combination of the two types. The present article proposes a combined investigation of both main types of attack by describing them with the same terminology and the same algorithm. This approach is made possible by introducing the concept of “physical functions” as an extension of the concept of “leakage functions,” which are widely used in the side-channel community. The paper represents a first step toward applying the strong theoretical background developed for side-channel attacks to the investigation of fault attacks. Besides, the proposed approach could potentially make it easier to combine side-channel attacks with fault attacks, which could certainly facilitate the discovery of new attack paths.

On Fault Injections in Generalized Feistel Networks

In this paper, we propose a generic method to assess the vulnerability to Differential Fault Analysis of generalized Feistel networks (GFN). This method is based on an in-depth analysis of the GFN properties. First the diffusion of faults is studied, both at the block level and at the S-box level, in order to have a fault which maximizes the number of S-boxes impacted by a fault. Then the number of faults in an S-box required to find the key is evaluated. By combining these results, a precise assessment of the vulnerability to fault attacks of GFN can be made. This method is then used on several examples of Feistel ciphers.

Fault Injection to Reverse Engineer DES-Like Cryptosystems

This paper presents a fault injection attack in order to reverse engineer unknown s-boxes of a DES-like cryptosystem. It is a significant improvement of the FIRE attack presented by San Pedroaet al. which uses differentials between s-boxes outputs. Since injecting faults on a cryptographic circuit may irreversibly damage the device, our aim has been to minimise the number of faults needed. We show that by considering faults in the penultimate round instead of last round, twice less faults are needed to reverse the s-boxes. Our attack requires no a priori knowledge on the s-boxes. However, if we assume that s-boxes satisfy some selected properties, then our attack can be made even more efficient, by a factor of two. Finally our attack needs four times less faults.

An Evaluation Tool for Physical Attacks

The security issues of devices, used in the Internet of Things (IoT) for example, can be considered in two contexts. On the one hand, these algorithms can be proven secure mathematically. On the other hand, physical attacks can weaken the implementation. In this work, we want to compare these attacks between them. A tool to evaluate and compare different physical attacks, by separating the theoretical attack path and the experimental parts of the attacks, is presented.

How TrustZone could be bypassed: Side-Channel Attacks on a modern System-on-Chip

Side-channel attacks (SCA) exploit the reification of a computation through its physical dimensions (current consumption, EM emission, ...). Focusing on Electromagnetic analyses (EMA), such analyses have mostly been considered on low-end devices: smartcards and microcontrollers. In the wake of recent works, we propose to analyze the effects of a modern microarchitecture on the efficiency of EMA (here Correlation Power Analysis and template attacks). We show that despite the difficulty to synchronize the measurements, the speed of the targeted core and the activity of other cores on the same chip can still be accommodated. Finally, we confirm that enabling the secure mode of TrustZone (a hardware-assisted software countermeasure) has no effect whatsoever on the EMA efficiency. Therefore, critical applications in TrustZone are not more secure than in the normal world with respect to EMA, in accordance with the fact that it is not a countermeasure against physical attacks. For the best of our knowledge this is the first application of EMA against TrustZone.

A Template Attack Against VERIFY PIN Algorithms

This paper presents the first side channel analysis from electromagnetic emissions on VERIFY PIN algorithms. To enter a PIN code, a user has a limited number of trials. Therefore the main difficulty of the attack is to succeed with very few traces. More precisely, this work implements a template attack and experimentally verifies its success rate. It becomes a new real threat, and it is feasible on a low cost and portable platform. Moreover, this paper shows that some protections for VERIFY PIN algorithms against fault attacks introduce new vulnerabilities with respect to side channel analysis.