Advertisement

Automatic Application of Software Countermeasures Against Physical Attacks

  • Nicolas Belleville
  • Karine Heydemann
  • Damien Couroussé
  • Thierno Barry
  • Bruno Robisson
  • Abderrahmane Seriai
  • Henri-Pierre Charles
Chapter

Abstract

While the number of embedded systems is continuously increasing, securing software against physical attacks is costly and error-prone. Several works proposed solutions that automatically insert protections against these attacks in order to reduce this cost and this risk of error. In this chapter, we present a survey of existing approaches and classify them by the level at which they apply the countermeasure. We consider three different levels: the source code level, the compilation level, and the assembly/binary level. We explain the advantages and disadvantages of each level considering different criteria. Finally, we encourage future works to take compilation into account when designing tools, to consider the problem of combining countermeasures, as well as the interactions between countermeasures and compiler optimisations. Going one step further, we encourage future works to imagine how compilation could be modified or redesigned to optimise both performance and security.

Notes

Acknowledgements

This work was partially funded by the French National Research Agency (ANR) as part of the projects COGITO and PROSECCO, respectively funded by the programs INS-2013 under grant agreement ANR-13-INSE-0006-01 and AAP-2015 under grant agreement ANR-15-CE39.

References

  1. 1.
    G. Agosta, A. Barenghi, G. Pelosi, A code morphing methodology to automate power analysis countermeasures, in Proceedings of DAC (2012), pp. 77–82Google Scholar
  2. 2.
    G. Agosta, A. Barenghi, M. Maggi, G. Pelosi, Compiler-based side channel vulnerability analysis and optimized countermeasures application, in 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC) (IEEE, Piscataway, 2013), pp. 1–6Google Scholar
  3. 3.
    G. Agosta, A. Barenghi, G. Pelosi, M. Scandale, Information Leakage Chaff: Feeding Red Herrings to Side Channel Attackers (ACM Press, New York, 2015), pp. 1–6Google Scholar
  4. 4.
    G. Agosta, A. Barenghi, G. Pelosi, M. Scandale, The MEET approach: securing cryptographic embedded software against side channel attacks. IEEE TCAD 34(8), 1320–1333 (2015)zbMATHGoogle Scholar
  5. 5.
    M. Agoyan, J.-M. Dutertre, D. Naccache, B. Robisson, A. Tria, When clocks fail: on critical paths and clock faults. Lect. Notes Comput. Sci. 6035, 182–193 (2010)CrossRefGoogle Scholar
  6. 6.
    D. Agrawal, B. Archambeault, J. Rao, P. Rohatgi, The em Side-Channel(s). Lect. Notes Comput. Sci. 2523, 29–45 (2003)CrossRefGoogle Scholar
  7. 7.
    M.-L. Akkar, L. Goubin, O. Ly, Automatic integration of counter-measures against fault injection attacks (2003). Pre-print found at http://www.labri.fr/Perso/ly/index.htm
  8. 8.
    A. Amarilli, S. Müller, D. Naccache, D. Page, P. Rauzy, M. Tunstall, Can code polymorphism limit information leakage? in IFIP International Workshop on Information Security Theory and Practices (Springer, 2011), pp. 1–21Google Scholar
  9. 9.
    J. Ambrose, R. Ragel, S. Parameswaran, RIJID: Random code injection to mask power analysis based side channel attacks, in 44th ACM/IEEE Design Automation Conference, DAC ’07, June 2007, pp. 489–492Google Scholar
  10. 10.
    F. Amiel, K. Villegas, B. Feix, L. Marcel, Passive and active combined attacks: combining fault attacks and side channel analysis, in Workshop on Fault Diagnosis and Tolerance in Cryptography, 2007. FDTC 2007 (IEEE, 2007), pp. 92–99Google Scholar
  11. 11.
    A.W. Appel, M. Ginsburg, Modern Compiler Implementation in C (Cambridge University Press, New York, 2004)Google Scholar
  12. 12.
    C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, J.-P. Seifert, Fault attacks on RSA with CRT: concrete results and practical countermeasures. Lect. Notes Comput. Sci. 2523, 260–275 (2003)CrossRefGoogle Scholar
  13. 13.
    J. Balasch, B. Gierlichs, V. Grosso, O. Reparaz, F.-X. Standaert, On the cost of lazy engineering for masked software implementations. Lect. Notes Comput. Sci. 8968, 64–81 (2015)CrossRefGoogle Scholar
  14. 14.
    H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, C. Whelan, The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)CrossRefGoogle Scholar
  15. 15.
    M. Barbosa, A. Moss, D. Page, Constructive and destructive use of compilers in elliptic curve cryptography. J. Cryptol. 22(2), 259–281 (2009)MathSciNetCrossRefGoogle Scholar
  16. 16.
    T. Barry, D. Couroussé, B. Robisson, Compilation of a countermeasure against instruction-skip fault attacks, in Proceedings of the Third Workshop on Cryptography and Security in Computing Systems (ACM, New York, 2016), pp. 1–6Google Scholar
  17. 17.
    A.G. Bayrak, F. Regazzoni, P. Brisk, F.-X. Standaert, P. Ienne, A first step towards automatic application of power analysis countermeasures, in Proceedings of the 48th Design Automation Conference (ACM, 2011), pp. 230–235Google Scholar
  18. 18.
    A.G. Bayrak, N. Velickovic, P. Ienne, W. Burleson, An architecture-independent instruction shuffler to protect against side-channel attacks. ACM Trans. Archit. Code Optim. 8(4), 20:1–20:19 (2012)CrossRefGoogle Scholar
  19. 19.
    A.G. Bayrak, F. Regazzoni, D. Novo, P. Brisk, F.-X. Standaert, P. Ienne, Automatic application of power analysis countermeasures. IEEE Trans. Comput. 64(2), 329–341 (2015)MathSciNetCrossRefGoogle Scholar
  20. 20.
    I. Biehl, B. Meyer, V. Müller, Differential fault attacks on ellitic curve cryptosystems, in Advances in Cryptology (CRYPTO 2000), ed. by M. Bellare. Lecture Notes in Computer Science, vol. 1880 (Springer, Berlin, 2000)CrossRefGoogle Scholar
  21. 21.
    D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of checking cryptographic protocols for faults, in International Conference on the Theory and Applications of Cryptographic Techniques (Springer, Berlin, 1997), pp. 37–51Google Scholar
  22. 22.
    D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14, 101–119 (2001)MathSciNetCrossRefGoogle Scholar
  23. 23.
    E. Brier, C. Clavier, F. Olivier, Correlation power analysis with a leakage model. Lect. Notes Comput. Sci. 3156, 16–29 (2004)CrossRefGoogle Scholar
  24. 24.
    R.B. Carpi, S. Picek, L. Batina, F. Menarini, D. Jakobovic, M. Golub, Glitch it if you can: parametersearch strategies for successful fault injection, in Smart Card Research and Advanced Applications. Lecture Notes in Computer Science (Springer, Cham, 2013)Google Scholar
  25. 25.
    Z. Chen, J. Shen, A. Nicolau, A. Veidenbaum, N. Farhady. CAMFAS: a compiler approach to mitigate fault attacks via enhanced SIMDization, in 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, Piscataway, 2017), pp. 57–64Google Scholar
  26. 26.
    C. Clavier, J.-S. Coron, N. Dabbous, Differential power analysis in the presence of hardware countermeasures, in Cryptographic Hardware and Embedded Systems - CHES 2000. Lecture Notes in Computer Science (Springer, Berlin, 2000), pp. 252–263CrossRefGoogle Scholar
  27. 27.
    J.-S. Coron, I. Kizhvatov, An efficient method for random delay generation in embedded software, in International Workshop on Cryptographic Hardware and Embedded Systems. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5747 (2009), pp. 156–170zbMATHGoogle Scholar
  28. 28.
    J.-S. Coron, I. Kizhvatov, Analysis and improvement of the random delay countermeasure of CHES 2009, in International Workshop on Cryptographic Hardware and Embedded Systems. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6225 (2010), pp. 95–109CrossRefGoogle Scholar
  29. 29.
    D. Couroussé, T. Barry, B. Robisson, P. Jaillon, O. Potin, J.-L. Lanet, Runtime Code Polymorphism as a Protection Against Side Channel Attacks, vol. 9895, Sept. 2016, pp. 136–152Google Scholar
  30. 30.
    S. Crane, A. Homescu, S. Brunthaler, P. Larsen, M. Franz, Thwarting cache side-channel attacks through dynamic software diversity. Internet Society, 2015Google Scholar
  31. 31.
    J.-L. Danger, S. Guilley, T. Porteboeuf, F. Praden, M. Timbert, HCODE: Hardware-Enhanced Real-Time CFI (ACM Press, New York, 2014), pp. 1–11Google Scholar
  32. 32.
    F. Dassance, A. Venelli, Combined fault and side-channel attacks on the AES key schedule (2012), pp. 63–71Google Scholar
  33. 33.
    R. de Clercq, I. Verbauwhede, A survey of Hardware-based Control Flow Integrity (CFI) (2017). arXiv:1706.07257Google Scholar
  34. 34.
    R. De Keulenaer, J. Maebe, K. De Bosschere, B. De Sutter, Link-time smart card code hardening. Int. J. Inf. Secur. 15(2), 111–130 (2016)CrossRefGoogle Scholar
  35. 35.
    A. Dehbaoui, J.-M. Dutertre, B. Robisson, P. Orsatelli, P. Maurine, A. Tria, Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system-. IACR Cryptology EPrint Archive 2012, 123 (2012)Google Scholar
  36. 36.
    J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, J.-L. Willems, A practical implementation of the timing attack. Lect. Notes Comput. Sci. 1820, 167–182 (2000)CrossRefGoogle Scholar
  37. 37.
    L. Dureuil, M. Potet, P. de Choudens, C. Dumas, J. Clédière, From code review to fault injection attacks: filling the gap using fault model inference, in Smart Card Research and Advanced Applications - 14th International Conference, CARDIS 2015, Bochum, Germany, November 4–6, 2015. Revised Selected Papers (2015), pp. 107–124Google Scholar
  38. 38.
    P. Dusart, G. Letourneux, O. Vivolo, Differential fault analysis on AES, in Applied Cryptography and Network Security (ANCS 2003), ed. by M. Yung, Y. Han, J. Zhou. Lecture Notes in Computer Science, vol. 2846 (Springer, Berlin, 2003), pp. 293–306Google Scholar
  39. 39.
    J.-M. Dutertre, S. De Castro, A. Sarafianos, N. Boher, B. Rouzeyre, M. Lisart, J. Damiens, P. Candeier, M.-L. Flottes, G. Di Natale, Laser attacks on integrated circuits: from CMOS to FD-SOI, in 2014 9th IEEE International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS) (IEEE, 2014), pp. 1–6Google Scholar
  40. 40.
    H. Eldib, C. Wang, Synthesis of masking countermeasures against side channel attacks, in International Conference on Computer Aided Verification (Springer, Berlin, 2014), pp. 114–130Google Scholar
  41. 41.
    J. Fan, B. Gierlichs, F. Vercauteren, To infinity and beyond: combined attack on ECC using points of low order. Lect. Notes Comput. Sci. 6917, 143–159 (2011)CrossRefGoogle Scholar
  42. 42.
    K. Gandolfi, C. Mourtel, F. Olivier, Electromagnetic analysis: concrete results. Lect. Notes Comput. Sci. 2162, 251–261 (2001)CrossRefGoogle Scholar
  43. 43.
    D. Genkin, A. Shamir, E. Tromer, Acoustic cryptanalysis. J. Cryptol. 30(2), 392–443 (2017)CrossRefGoogle Scholar
  44. 44.
    L. Goubin, J. Patarin, DES and differential power analysis (The “duplication” method), in Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems, CHES ’99 (Springer, London, 1999), pp. 158–172zbMATHGoogle Scholar
  45. 45.
    A. Homescu, S. Brunthaler, P. Larsen, M. Franz, Librando: Transparent Code Randomization for Just-in-Time Compilers (ACM Press, New York, 2013), pp. 993–1004Google Scholar
  46. 46.
    M. Hutter, J.-M. Schmidt, The temperature side channel and heating fault attacks. Lect. Notes Comput. Sci. 8419 LNCS, 219–235 (2014)Google Scholar
  47. 47.
    A. Journault, F.-X. Standaert, Very high order masking: efficient implementation and security evaluation, in Cryptographic Hardware and Embedded Systems - CHES 2017. Lecture Notes in Computer Science (Springer, Cham, 2017), pp. 623–643Google Scholar
  48. 48.
    P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in Advances in Cryptology - CRYPTO’96 (Springer, Berlin, 1996), pp. 104–113zbMATHGoogle Scholar
  49. 49.
    P. Kocher, J. Jaffe, B. Jun, Differential power analysis. Lect. Notes Comput. Sci. 1666, 388–397 (1999)CrossRefGoogle Scholar
  50. 50.
    J.-F. Lalande, K. Heydemann, P. Berthomé, Software countermeasures for control flow integrity of smart card C codes, in European Symposium on Research in Computer Security (Springer, Berlin, 2014), pp. 200–218Google Scholar
  51. 51.
    P. Luo, L. Zhang, Y. Fei, A.A. Ding, Towards secure cryptographic software implementation against side-channel power analysis attacks, in 2015 IEEE 26th International Conference on Application-Specific Systems, Architectures and Processors (ASAP) (IEEE, Piscataway, 2015), pp. 144–148Google Scholar
  52. 52.
    P. Luo, K. Athanasiou, L. Zhang, Z.H. Jiang, Y. Fei, A.A. Ding, T. Wahl, Compiler-Assisted Threshold Implementation Against Power Analysis Attacks (IEEE, Piscataway, 2017), pp. 541–544Google Scholar
  53. 53.
    P. Malagón, J.M. de Goyeneche, M. Zapater, J. Moya, Z. Banković, Compiler optimizations as a countermeasure against side-channel analysis in MSP430-based devices. Sensors (Switzerland) 12(6), 7994–8012 (2012)CrossRefGoogle Scholar
  54. 54.
    S. Mangard, E. Oswald, T. Popp, Power Analysis attacks: revealing the secrets of smart cards (2007). https://doi.org/10.1007/978-0-387-38162-6
  55. 55.
    N. Moro, Security of assembly programs against fault attacks on embedded processors, Theses, Université Pierre et Marie Curie - Paris VI, Nov. 2014Google Scholar
  56. 56.
    N. Moro, A. Dehbaoui, K. Heydemann, B. Robisson, E. Encrenaz, Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller, in 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, Piscataway, 2013), pp. 77–88CrossRefGoogle Scholar
  57. 57.
    N. Moro, K. Heydemann, E. Encrenaz, B. Robisson, Formal verification of a software countermeasure against instruction skip attacks. J. Cryptogr. Eng. 4(3), 145–156 (2014)CrossRefGoogle Scholar
  58. 58.
    A. Moss, E. Oswald, D. Page, M. Tunstall, Compiler assisted masking. Lect. Notes Comput. Sci. 7428, 58–75 (2012)CrossRefGoogle Scholar
  59. 59.
    S.S. Muchnick, Advanced Compiler Design and Implementation (Morgan Kaufmann Publishers Inc., San Francisco, 1997)Google Scholar
  60. 60.
    S. Ordas, L. Guillaume-Sage, K. Tobich, J.-M. Dutertre, P. Maurine, Evidence of a larger EM-induced fault model, in International Conference on Smart Card Research and Advanced Applications (Springer, Berlin, 2014), pp. 245–259Google Scholar
  61. 61.
    S. Ordas, L. Guillaume-Sage, P. Maurine, EM injection: fault model and locality, in 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (2015), pp. 3–13Google Scholar
  62. 62.
    S. Ordas, L. Guillaume-Sage, K. Tobich, J.-M. Dutertre, P. Maurine, Evidence of a larger EM-induced fault model. Lect. Notes Comput. Sci. 8968, 245–259 (2015)CrossRefGoogle Scholar
  63. 63.
    E. Peeters, Advanced DPA Theory and Practice: Towards the Security Limits of Secure Embedded Circuits (2013). https://doi.org/10.1007/978-1-4614-6783-0 CrossRefGoogle Scholar
  64. 64.
    J. Proy, K. Heydemann, A. Berzati, A. Cohen, Compiler-assisted loop hardening against fault attacks. ACM Trans. Archit. Code Optim. 14(4), 36:1–36:25 (2017)CrossRefGoogle Scholar
  65. 65.
    J.-J. Quisquater, D. Samyde, ElectroMagnetic analysis (EMA): measures and counter-measures for smart cards, in Smart Card Programming and Security. Lecture Notes in Computer Science (Springer, Berlin, 2001), pp. 200–210. https://doi.org/10.1007/3-540-45418-7_17 CrossRefGoogle Scholar
  66. 66.
    A. Rane, C. Lin, M. Tiwari, Raccoon: closing digital side-channels through obfuscated execution, in Proceedings of the 24th USENIX Conference on Security Symposium, SEC’15 (USENIX Association, Berkeley, 2015), pp. 431–446Google Scholar
  67. 67.
    P. Rauzy, S. Guilley, Countermeasures against high-order fault-injection attacks on CRT-RSA, in 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, 2014), pp. 68–82Google Scholar
  68. 68.
    P. Rauzy, S. Guilley, Z. Najm, Formally proved security of assembly code against power analysis: a case study on balanced logic. J. Cryptogr. Eng. 6(3), 201–216 (2016)CrossRefGoogle Scholar
  69. 69.
    G.A. Reis, J. Chang, N. Vachharajani, R. Rangan, D.I. August, SWIFT: software implemented fault tolerance, in Proceedings of the international symposium on Code generation and optimization (IEEE Computer Society, Piscataway, 2005), pp. 243–254CrossRefGoogle Scholar
  70. 70.
    M. Rivain, E. Prouff, J. Doget, Higher-order masking and shuffling for software implementations of block ciphers, in Cryptographic Hardware and Embedded Systems - CHES 2009. Lecture Notes in Computer Science (Springer, Berlin, 2009), pp. 171–188. https://doi.org/10.1007/978-3-642-04138-9_13 Google Scholar
  71. 71.
    T. Roche, V. Lomné, K. Khalfallah, Combined fault and side-channel attack on protected implementations of AES. Lect. Notes Comput. Sci. 7079, 65–83 (2011)CrossRefGoogle Scholar
  72. 72.
    H. Seuschek, F. De Santis, O.M. Guillen, Side-Channel Leakage Aware Instruction Scheduling (ACM Press, New York, 2017), pp. 7–12Google Scholar
  73. 73.
    J. Sifakis, A vision for computer science - the system perspective. Cent. Eur. J. Comput. Sci. 1(1), 108–116 (2011)Google Scholar
  74. 74.
    S. Skorobogatov, Local heating attacks on flash memory devices, in IEEE International Workshop on Hardware-Oriented Security and Trust (HOST’09) (IEEE Computer Society, 2009), pp. 1–6Google Scholar
  75. 75.
    S. Skorobogatov, R. Anderson, Optical fault induction attacks. Lect. Notes Comput. Sci. 2523, 2–12 (2003)CrossRefGoogle Scholar
  76. 76.
    Y. Srikant, P. Shankar, The Compiler Design Handbook: Optimizations and Machine Code Generation, 2nd edn. (CRC Press, Boca Raton, 2007)CrossRefGoogle Scholar
  77. 77.
    N. Timmers, A. Spruyt, M. Witteman, Controlling PC on ARM using fault injection, in 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, 2016), pp. 25–35Google Scholar
  78. 78.
    J. VanLaven, M. Brehob, K. Compton, A computationally feasible SPA attack on AES via optimized search. IFIP Adv. Inf. Commun. Technol. 181, 577–588 (2005)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Nicolas Belleville
    • 1
  • Karine Heydemann
    • 2
  • Damien Couroussé
    • 1
  • Thierno Barry
    • 1
  • Bruno Robisson
    • 3
  • Abderrahmane Seriai
    • 1
  • Henri-Pierre Charles
    • 1
  1. 1.Univ Grenoble Alpes, CEA, ListGrenobleFrance
  2. 2.Sorbonne University, CNRS, Laboratoire d’Informatique de Paris 6, LIP6ParisFrance
  3. 3.CEA/EMSE, Secure Architectures and Systems Laboratory CMPGardanneFrance

Personalised recommendations