Abstract
Microcontrollers storing valuable data or using security functions are vulnerable to fault injection attacks. Among the various types of faults, instruction skips induced at runtime proved to be effective against identification routines or encryption algorithms. Several research works assessed a fault model that consists in a single instruction skip, i.e. the ability to prevent one chosen instruction in a program from being executed. This assessment is used to design countermeasures able to withstand a single instruction skip. We question this fault model on experimental basis and report the possibility to induce with a laser an arbitrary number of instruction skips. This ability to erase entire sections of a firmware has strong implications regarding the design of countermeasures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Fault Diagnosis and Tolerance in Cryptography (2011)
Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100, 3056–3076 (2012)
Beckers, A., et al.: Characterization of EM faults on ATmega328P. In: International Symposium on Electromagnetic Compatibility. IEEE (2019)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_4
Breier, J., Jap, D.: Testing feasibility of back-side laser fault injection on a microcontroller. In: Proceedings of the WESS 2015: Workshop on Embedded Systems Security, New York, NY, USA (2015)
Breier, J., Jap, D., Chen, C.N.: Laser profiling for the back-side fault attacks: with a practical laser skip instruction attack on AES. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, New York, NY, USA (2015)
Buchner, S., Miller, F., Pouget, V., McMorrow, D.: Pulsed-laser testing for single-event effects investigations. IEEE Trans. Nuclear Sci. 60(3), 1852–1875 (2013)
Colombier, B., Menu, A., Dutertre, J.M., Moëllic, P.A., Rigaud, J.B., Danger, J.L.: Laser-induced single-bit faults in flash memory: instructions corruption on a 32-bit microcontroller. In: Hardware-Oriented Security and Trust (2019)
Dureuil, L., Petiot, G., Potet, M.L., Le, T.H., Crohen, A., de Choudens, P.: FISSC: a fault injection and simulation secure collection. In: International Conference on Computer Safety, Reliability, and Security (2016)
Dutertre, J.M., et al.: Laser fault injection at the CMOS 28 nm technology node: an analysis of the fault model, In: 2018 Workshop on Fault Diagnosis and Tolerance in Cryptography (2018)
Kumar, D.S.V., Beckers, A., Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of laser pulses on ATmega328P. In: Bilgin, B., Fischer, J.-B. (eds.) CARDIS 2018. LNCS, vol. 11389, pp. 156–170. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15462-2_11
Lacruche, M., et al.: Laser fault injection into SRAM cells: picosecond versus nanosecond pulses. In: On-Line Testing Symposium (2015)
Moro, N., Heydemann, K., Dehbaoui, A., Robisson, B., Encrenaz, E.: Experimental evaluation of two software countermeasures against fault attacks. In: Hardware-Oriented Security and Trust (2014)
Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45238-6_7
Rivière, L., Najm, Z., Rauzy, P., Danger, J.L., Bringer, J.: High precision fault attacks on the instruction cache of ARMv7-M architectures. In: 2015 IEEE International Symposium on Hardware Oriented Security and Trust (2015)
Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_2
Trichina, E., Korkikyan, R.: Multi fault laser attacks on protected CRT-RSA. In: Fault Diagnosis and Tolerance in Cryptography (2010)
van Woudenberg, J.G.J., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (2011)
Vasselle, A., Thiebeauld, H., Maouhoub, Q., Morisset, A., Ermeneux, S.: Laser-induced fault injection on smartphone bypassing the secure boot. In: 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (2017)
Yuce, B., Ghalaty, N.F., Santapuri, H., Deshpande, C., Patrick, C., Schaumont, P.: Software fault resistance is futile: effective single-glitch attacks. In: 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (2016)
Acknowledgment
This research has been partially supported by the European Commission under H2020 SPARTA (Grant Agreement 830892).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Dutertre, JM., Riom, T., Potin, O., Rigaud, JB. (2019). Experimental Analysis of the Laser-Induced Instruction Skip Fault Model. In: Askarov, A., Hansen, R., Rafnsson, W. (eds) Secure IT Systems. NordSec 2019. Lecture Notes in Computer Science(), vol 11875. Springer, Cham. https://doi.org/10.1007/978-3-030-35055-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-35055-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-35054-3
Online ISBN: 978-3-030-35055-0
eBook Packages: Computer ScienceComputer Science (R0)