Combining High-Level and Low-Level Approaches to Evaluate Software Implementations Robustness Against Multiple Fault Injection Attacks

  • Lionel Rivière
  • Marie-Laure Potet
  • Thanh-Ha Le
  • Julien Bringer
  • Hervé Chabanne
  • Maxime Puys
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8930)


Physical fault injections break security functionalities of algorithms by targeting their implementations. Software techniques strengthen such implementations to enhance their robustness against fault attacks. Exhaustively testing physical fault injections is time consuming and requires complex platforms. Simulation solutions are developed for this specific purpose. We chose two independent tools presented in 2014, the Laser Attack Robustness (Lazart) and the Embedded Fault Simulator (EFS) in order to evaluate software implementations against multiple fault injection attacks. Lazart and the EFS share the common goal that consists in detecting vulnerabilities in the code. However, they operate with different techniques, fault models and abstraction levels. This paper aims at exhibiting specific advantages of both approaches and proposes a combining scheme that emphasizes their complementary nature.


Fault injection Fault simulation Instruction skipping Control flow graph Multiple fault Smartcard Embedded systems Security 


  1. 1.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  2. 2.
    Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.) FDTC, pp. 105–114. IEEE (2011)Google Scholar
  3. 3.
    Dehbaoui, A., Dutertre, J.-M., Robisson, B., Tria, A.: Electromagnetic transient faults injection on a hardware and a software implementations of AES. In: Bertoni, G., Gierlichs, B. (eds.) FDTC, pp. 7–15. IEEE (2012)Google Scholar
  4. 4.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  5. 5.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kalisk Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  6. 6.
    Machemie, J.-B., Mazin, C., Lanet, J.-L., Cartigny, J.: SmartCM a smart card fault injection simulator. In: WIFS, pp. 1–6. IEEE (2011)Google Scholar
  7. 7.
    Berthomé, P., Heydemann, K., Kauffmann-Tourkestansky, X., Lalande, J.-F.: High level model of control flow attacks for smart card functional security. In: ARES, pp. 224–229. IEEE Computer Society (2012)Google Scholar
  8. 8.
    Christofi, M., Chetali, B., Goubin, L., Vigilant, D.: Formal verification of a CRT-RSA implementation against fault attacks. J. Cryptographic Eng. 3(3), 157–167 (2013)CrossRefGoogle Scholar
  9. 9.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)CrossRefGoogle Scholar
  10. 10.
    Berthier, M., Bringer, J., Chabanne, H., Le, T.-H., Rivière, L., Servant, V.: Idea: embedded fault injection simulator on smartcard. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS. LNCS, vol. 8364, pp. 222–229. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  11. 11.
    Potet, M.-L., Mounier, L., Puys, M., Dureuil, L.: Lazart: a symbolic approach for evaluation the robustness of secured codes against control flow fault injection. In: ICST (2014)Google Scholar
  12. 12.
    King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)CrossRefzbMATHGoogle Scholar
  13. 13.
    The KLEE symbolic virtual machine.
  14. 14.
    Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224 (2008)Google Scholar
  15. 15.
    Christofi, M.: Preuves de sécurité outillées d’implémentation cryptographiques. Ph.D. thesis, Laboratoire PRiSM, Université de Versailles Saint Quentin-en-Yvelines, France (2013)Google Scholar
  16. 16.
    Uguchi-Cartigny, J., Sere, A.A.-K., Lanet, J.-L.: Carte à puce Java Card : Protection du code contre les attaques en faute (2009)Google Scholar
  17. 17.
    Folkman, L.: The use of a power analysis for influencing PIN verification on cryptographic smart card. Bakalásk práce, Masarykova univerzita, Fakulta informatiky (2007)Google Scholar
  18. 18.
    Sauveron, D.: Etude et réalisation d’un environnement d’exprimentation et de modélisation pour la technologie Java Card : application à la sécurité. Ph.D. thesis, Université Bordeaux 1- Informatique et Mathématiques (2004). Thèse de doctorat dirigée par Chaumette, SGoogle Scholar
  19. 19.
    van Woudenberg, J.G.J., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.) FDTC, pp. 91–99. IEEE (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Lionel Rivière
    • 1
    • 2
  • Marie-Laure Potet
    • 3
  • Thanh-Ha Le
    • 1
  • Julien Bringer
    • 1
  • Hervé Chabanne
    • 1
    • 2
  • Maxime Puys
    • 1
  1. 1.Safran MorphoParisFrance
  2. 2.Télécom ParistechParisFrance
  3. 3.VerimagGièresFrance

Personalised recommendations