Abstract
Physical fault injections break security functionalities of algorithms by targeting their implementations. Software techniques strengthen such implementations to enhance their robustness against fault attacks. Exhaustively testing physical fault injections is time consuming and requires complex platforms. Simulation solutions are developed for this specific purpose. We chose two independent tools presented in 2014, the Laser Attack Robustness (Lazart) and the Embedded Fault Simulator (EFS) in order to evaluate software implementations against multiple fault injection attacks. Lazart and the EFS share the common goal that consists in detecting vulnerabilities in the code. However, they operate with different techniques, fault models and abstraction levels. This paper aims at exhibiting specific advantages of both approaches and proposes a combining scheme that emphasizes their complementary nature.
This work was partially funded by the French ANR project E-MATA HARI.
Identity and Security Alliance (The Morpho and Télécom ParisTech Research Center).
Maxime Puys—Work done while the author was in internship at Morpho.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.) FDTC, pp. 105–114. IEEE (2011)
Dehbaoui, A., Dutertre, J.-M., Robisson, B., Tria, A.: Electromagnetic transient faults injection on a hardware and a software implementations of AES. In: Bertoni, G., Gierlichs, B. (eds.) FDTC, pp. 7–15. IEEE (2012)
Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kalisk Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Machemie, J.-B., Mazin, C., Lanet, J.-L., Cartigny, J.: SmartCM a smart card fault injection simulator. In: WIFS, pp. 1–6. IEEE (2011)
Berthomé, P., Heydemann, K., Kauffmann-Tourkestansky, X., Lalande, J.-F.: High level model of control flow attacks for smart card functional security. In: ARES, pp. 224–229. IEEE Computer Society (2012)
Christofi, M., Chetali, B., Goubin, L., Vigilant, D.: Formal verification of a CRT-RSA implementation against fault attacks. J. Cryptographic Eng. 3(3), 157–167 (2013)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)
Berthier, M., Bringer, J., Chabanne, H., Le, T.-H., Rivière, L., Servant, V.: Idea: embedded fault injection simulator on smartcard. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS. LNCS, vol. 8364, pp. 222–229. Springer, Heidelberg (2014)
Potet, M.-L., Mounier, L., Puys, M., Dureuil, L.: Lazart: a symbolic approach for evaluation the robustness of secured codes against control flow fault injection. In: ICST (2014)
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
The KLEE symbolic virtual machine. http://klee.llvm.org/
Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224 (2008)
Christofi, M.: Preuves de sécurité outillées d’implémentation cryptographiques. Ph.D. thesis, Laboratoire PRiSM, Université de Versailles Saint Quentin-en-Yvelines, France (2013)
Uguchi-Cartigny, J., Sere, A.A.-K., Lanet, J.-L.: Carte à puce Java Card : Protection du code contre les attaques en faute (2009)
Folkman, L.: The use of a power analysis for influencing PIN verification on cryptographic smart card. Bakalásk práce, Masarykova univerzita, Fakulta informatiky (2007)
Sauveron, D.: Etude et réalisation d’un environnement d’exprimentation et de modélisation pour la technologie Java Card : application à la sécurité. Ph.D. thesis, Université Bordeaux 1- Informatique et Mathématiques (2004). Thèse de doctorat dirigée par Chaumette, S
van Woudenberg, J.G.J., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.) FDTC, pp. 91–99. IEEE (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Rivière, L., Potet, ML., Le, TH., Bringer, J., Chabanne, H., Puys, M. (2015). Combining High-Level and Low-Level Approaches to Evaluate Software Implementations Robustness Against Multiple Fault Injection Attacks. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P. (eds) Foundations and Practice of Security. FPS 2014. Lecture Notes in Computer Science(), vol 8930. Springer, Cham. https://doi.org/10.1007/978-3-319-17040-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-17040-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17039-8
Online ISBN: 978-3-319-17040-4
eBook Packages: Computer ScienceComputer Science (R0)