FISSC: A Fault Injection and Simulation Secure Collection

  • Louis Dureuil
  • Guillaume Petiot
  • Marie-Laure Potet
  • Thanh-Ha Le
  • Aude Crohen
  • Philippe de Choudens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9922)

Abstract

Applications in secure components (such as smartcards, mobile phones or secure dongles) must be hardened against fault injection to guarantee security even in the presence of a malicious fault. Crafting applications robust against fault injection is an open problem for all actors of the secure application development life cycle, which prompted the development of many simulation tools. A major difficulty for these tools is the absence of representative codes, criteria and metrics to evaluate or compare obtained results. We present FISSC, the first public code collection dedicated to the analysis of code robustness against fault injection attacks. FISSC provides a framework of various robust code implementations and an approach for comparing tools based on predefined attack scenarios.

Notes

Acknowledgments

This work has been partially supported by the SERTIF project (ANR-14-ASTR-0003-01): http://sertif-projet.forge.imag.fr and by the LabEx PERSYVAL-Lab (ANR-11-LABX-0025).

References

  1. 1.
    Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)CrossRefGoogle Scholar
  4. 4.
    Berthier, M., Bringer, J., Chabanne, H., Le, T.-H., Rivière, L., Servant, V.: Idea: embedded fault injection simulator on smartcard. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS. LNCS, vol. 8364, pp. 222–229. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  5. 5.
    Berthomé, P., Heydemann, K., Kauffmann-Tourkestansky, X., Lalande, J.: High level model of control flow attacks for smart card functional security. In: ARES 2012, pp. 224–229. IEEE (2012)Google Scholar
  6. 6.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Dureuil, L., Potet, M.-L., de Choudens, P., Dumas, C., Clédière, J.: From code review to fault injection attacks: filling the gap using fault model inference. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 107–124. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-31271-2_7 CrossRefGoogle Scholar
  8. 8.
    Holler, A., Krieg, A., Rauter, T., Iber, J., Kreiner, C.: Qemu-based fault injection for a system-level analysis of software countermeasures against fault attacks. In: Digital System Design (DSD), Euromicro 15. pp. 530–533. IEEE (2015)Google Scholar
  9. 9.
    Lalande, J., Heydemann, K., Berthomé, P.: Software countermeasures for control flow integrity of smart card C codes. In: Proceedings of the 19th European Symposium on Research in Computer Security, ESORICS 2014, pp. 200–218 (2014)Google Scholar
  10. 10.
    Machemie, J.B., Mazin, C., Lanet, J.L., Cartigny, J.: SmartCM a smart card fault injection simulator. In: IEEE International Workshop on Information Forensics and Security. IEEE (2011)Google Scholar
  11. 11.
    Meola, M.L., Walker, D.: Faulty logic: reasoning about fault tolerant programs. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 468–487. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Moro, N., Heydemann, K., Encrenaz, E., Robisson, B.: Formal verification of a software countermeasure against instruction skip attacks. J. Cryptographic Eng. 4(3), 145–156 (2014)CrossRefGoogle Scholar
  13. 13.
    Pattabiraman, K., Nakka, N., Kalbarczyk, Z., Iyer, R.: Discovering application-level insider attacks using symbolic execution. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 63–75. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Potet, M.L., Mounier, L., Puys, M., Dureuil, L.: Lazart: a symbolic approach for evaluation the robustness of secured codes against control flow injections. In: Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014, pp. 213–222. IEEE (2014)Google Scholar
  15. 15.
    Séré, A., Lanet, J.L., Iguchi-Cartigny, J.: Evaluation of countermeasures against fault attacks on smart cards. Int. J. Secur. Appl. 5(2), 49–60 (2011)Google Scholar
  16. 16.
    Van Woudenberg, J.G., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 91–99. IEEE (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Louis Dureuil
    • 1
    • 2
    • 3
  • Guillaume Petiot
    • 1
    • 3
  • Marie-Laure Potet
    • 1
    • 3
  • Thanh-Ha Le
    • 4
  • Aude Crohen
    • 4
  • Philippe de Choudens
    • 1
    • 2
  1. 1.University of Grenoble AlpesGrenobleFrance
  2. 2.CEA, LETI, MINATEC CampusGrenobleFrance
  3. 3.CNRS, VERIMAGGrenobleFrance
  4. 4.Safran MorphoParisFrance

Personalised recommendations