Abstract
Embedded software is developed under the assumption that hardware execution is always correct. Fault attacks break and exploit that assumption. Through the careful introduction of targeted faults, an adversary modifies the control flow or data flow integrity of software. The modified program execution is then analyzed and used as a source of information leakage, or as a mechanism for privilege escalation. Due to the increasing complexity of modern embedded systems, and due to the difficulty of guaranteeing correct hardware execution even under a weak adversary, fault attacks are a growing threat. For example, the assumption that an adversary has to be close to the physical execution of software, in order to inject an exploitable fault into hardware, has repeatedly been shown to be incorrect. This article is a review on hardware-based fault attacks on software, with emphasis on the context of embedded systems. We present a detailed discussion of the anatomy of a fault attack, and we make a review of fault attack evaluation techniques. The paper emphasizes the perspective from the attacker, rather than the perspective of countermeasure development. However, we emphasize that improvements to countermeasures often build on insight into the attacks.
Similar content being viewed by others
References
Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown, arXiv:1801.01207
Kocher P, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, Mangard S, Prescher T, Schwarz M, Yarom Y (2018) Spectre attacks: exploiting speculative execution, arXiv:1801.01203
Piessens F, Verbauwhede I (2016) Software security: vulnerabilities and countermeasures for two attacker models. In: Design Automation &, test in Europe conference & exhibition (DATE), pp 990–999
Witteman M, Oostdijk M (2008) Secure application programming in the presence of side channel attacks. In: RSA Conference, vol 2008
Yuce B, Ghalaty NF, Deshpande C, Patrick C, Nazhandali L, Schaumont P (2016) FAME: fault-attack aware microprocessor extensions for hardware fault detection and software fault response. In: Hardware and Architectural Support for Security and Privacy (HASP). ACM, p 8
Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc IEEE 100(11):3056–3076
Joye M, Tunstall M (eds) (2012) Fault analysis in cryptography, ser. Information security and cryptography. Springer, Berlin
Galathy NF, Yuce B, Schaumont P (2017) A systematic approach to fault attack resistant design. In: Fundamentals of IP and SoC security, pp 223–245. Springer
Moro N, Dehbaoui A, Heydemann K, Robisson B, Encrenaz E (2013) Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: 2013 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 77–88. IEEE
Courbon F, Loubet-Moundi P, Fournier JJ, Tria A (2014) Adjusting laser injections for fully controlled faults. In: International Workshop on constructive side-channel analysis and secure design, pp 229–242. Springer
Yuce B, Ghalaty NF, Schaumont P (2015) Improving fault attacks on embedded software using risc pipeline characterization. In: Proc. of FDTC’15, pp 97–108
Li Y, Sakiyama K, Gomisawa S, Fukunaga T, Takahashi J, Ohta K (2010) Fault sensitivity analysis. In: Proc. of CHES’10, pp 320–334
Bhattacharya S, Mukhopadhyay D (2017) Formal fault analysis of branch predictors: attacking countermeasures of asymmetric key ciphers. J Cryptogr Eng 7(4):299–310
Bar-El H, Choukri H, Naccache D, Tunstall M, Whelan C (2006) The sorcerer’s apprentice guide to fault attacks. Proc IEEE 94(2):370–382
Guilley S, Sauvage L, Danger J-L, Selmane N, Pacalet R (2008) Silicon-level solutions to counteract passive and active attacks. In: 5th Workshop on fault diagnosis and tolerance in cryptography, 2008. FDTC’08. IEEE, pp 3–17
Zussa L, Dutertre J-M, Clédiere J, Robisson B, Tria A et al (2012) Investigation of timing constraints violation as a fault injection means. In: 27th Conference on design of circuits and integrated systems (DCIS). Avignon
Korak T, Hoefler M (2014) On the effects of clock and power supply tampering on two microcontroller platforms. In: Proc. of FDTC’14, pp 8–17
Riscure Inspector FI https://www.riscure.com/security-tools/inspector-fi/, Online; Accessed 18 May 2017
O’Flynn C, Chen ZD (2014) ChipWhisperer: an open-source platform for hardware embedded security research. In: Constructive side-channel analysis and secure design. Springer, pp 243–260
Barenghi A, Bertoni G, Parrinello E, Pelosi G (2009) Low voltage fault attacks on the RSA Cryptosystem. In: 2009 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 23–31
Timmers N, Spruyt A, Witteman M (2016) Controlling PC on ARM using fault injection. In: Fault diagnosis and tolerance in cryptography (FDTC), pp 25–35
Hutter M, Schmidt J-M (2013) The temperature side channel and heating fault attacks. In: International conference on smart card research and advanced applications. Springer, pp 219–235
Skorobogatov S (2009) Local heating attacks on flash memory devices. In: IEEE International workshop on hardware-oriented security and trust. 2009. HOST’09. IEEE, pp 1–6
Govindavajhala S, Appel AW (2003) Using memory errors to attack a virtual machine. In: 2003 Symposium on security and privacy, 2003. Proceedings. IEEE, pp 154–165
Korak T, Hutter M, Ege B, Batina L (2014) Clock glitch attacks in the presence of heating. In: 2014 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 104–114
Skorobogatov S, Anderson RJ (2002) Optical fault induction attacks. In: Revised Papers from the 4th international workshop on cryptographic hardware and embedded systems. Springer-Verlag, pp 2–12
Schmidt J-M, Hutter M Optical and EM fault-attacks on CRT-based RSA: concrete results
Van Woudenberg JG, Witteman MF, Menarini F (2011) Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 91–99
Maistri P, Leveugle R, Bossuet L, Aubert A, Fischer V, Robisson B, Moro N, Maurine P, Dutertre J-M, Lisart M (2014) Electromagnetic analysis and fault injection onto secure circuits. In: 2014 22nd International conference on very large scale integration (VLSI-SoC). IEEE, pp 1–6
Moro N, Dehbaoui A, Heydemann K, Robisson B, Encrenaz E (2014) Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller, CoRR, vol. abs/1402.6421. [Online]. Available: arXiv:1402.6421
Velegalati R, Van Spyk R, van Woudenberg J (2013) Electro magnetic fault injection in practice. In: International Cryptographic module conference (ICMC)
Tang A, Sethumadhavan S, Stolfo S (2017) CLKSCREW: exposing the perils of security-oblivious energy management. In: 26th USENIX security symposium (USENIX Security 17). Vancouver, BC: USENIX Association, pp 1057–1074. [Online]. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang
Cai Y, Ghose S, Luo Y, Mai K, Mutlu O, Haratsch EF (2017) Vulnerabilities in MLC NAND flash memory programming: experimental analysis, exploits, and mitigation techniques. In: 2017 IEEE International symposium on high performance computer architecture (HPCA). IEEE, pp 49–60
Kim Y, Daly R, Kim J, Fallin C, Lee JH, Lee D, Wilkerson C, Lai K, Mutlu O (2014) Flipping bits in memory without accessing them: an experimental study of dram disturbance errors. In: ACM SIGARCH Computer architecture news, vol 42, no 3. IEEE Press, pp 361–372
Gruss D, Maurice C, Mangard S (2016) Rowhammer. js: a remote software-induced fault attack in javascript. In: Detection of intrusions and malware, and vulnerability assessment. Springer, pp 300–321
van der Veen V, Fratantonio Y, Lindorfer M, Gruss D, Maurice C, Vigna G, Bos H, Razavi K, Giuffrida C (2016) Drammer: deterministic rowhammer attacks on mobile platforms. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, pp 1675–1689
Razavi K, Gras B, Bosman E, Preneel B, Giuffrida C, Bos H (2016) Flip feng shui: hammering a needle in the software stack. In: USENIX Security symposium, pp 1–18
Kurmus A, Ioannou N, Papandreou N, Parnell T (2017) From random block corruption to privilege escalation: a filesystem attack vector for rowhammer-like attacks. In: USENIX Workshop on offensive technologies (WOOT)
Karaklajic D, Schmidt J, Verbauwhede I (2013) Hardware designer’s guide to fault attacks. IEEE Trans VLSI Syst 21(12):2295–2306
Otto M (2005) Fault attacks and countermeasures. Ph.D. dissertation, University of Paderborn
Anceau S, Bleuet P, Clėdiėre J, Maingault L, Rainard J, Tucoulou R (2017) Nanofocused x-ray beam to reprogram secure circuits. In: Cryptographic hardware and embedded systems (CHES), pp 175–188
Barbu G, Thiebeauld H, Guerin V (2010) Attacks on java card 3.0 combining fault and logical attacks. Smart Card Research Adv Appl, 148–163
Dehbaoui A, Mirbaha A-P, Moro N, Dutertre J-M, Tria A (2013) Electromagnetic glitch on the AES round counter. In: International Workshop on constructive side-channel analysis and secure design. Springer, pp 17–31
Riviere L, Najm Z, Rauzy P, Danger J-L, Bringer J, Sauvage L (2015) High precision fault injections on the instruction cache of ARmV7-m architectures. In: 2015 IEEE International symposium on hardware oriented security and trust (HOST). IEEE, pp 62–67
Nashimoto S, Homma N, Hayashi Y-i, Takahashi J, Fuji H, Aoki T (2017) Buffer overflow attack with multiple fault injection and a proven countermeasure. J Cryptogr Eng 7(1):35–46
Balasch J, Gierlichs B, Verbauwhede I (2011) An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Workshop on fault diagnosis and tolerance in cryptography (FDTC 2011), pp 105–114. [Online]. Available: https://doi.org/10.1109/FDTC.2011.9
Vétillard E, Ferrari A (2010) Combined attacks and countermeasures. In: International conference on smart card research and advanced applications. Springer, pp 133–147
Potet M-L, Mounier L, Puys M, Dureuil L (2014) Lazart: a symbolic approach for evaluation the robustness of secured codes against control flow injections. In 2014 IEEE Seventh International conference on software testing, verification and validation (ICST). IEEE, pp 213–222
Choukri H, Tunstall M (2005) Round reduction using faults. FDTC 5:13–24
Dutertre J-M, Mirbaha A-P, Naccache D, Ribotta A-L, Tria A, Vaschalde T (2012) Fault round modification analysis of the advanced encryption standard. In: 2012 IEEE International symposium on hardware-oriented security and trust (HOST). IEEE, pp 140–145
Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Advances in cryptology—CRYPTO’97. Springer, pp 513–525
Hoch JJ, Shamir A (2004) Fault analysis of stream ciphers. In: International Workshop on cryptographic hardware and embedded systems. Springer, pp 240–253
Biehl I, Meyer B, Müller V (2000) Differential fault attacks on elliptic curve cryptosystems. In: Annual International cryptology conference. Springer, pp 131–146
Taha M, Eisenbarth T (2015) Implementation attacks on post-quantum cryptographic schemes, Cryptology ePrint Archive, Report 2015/1083. http://eprint.iacr.org/
Giraud C (2004) DFA on AES. In: International conference on advanced encryption standard. Springer, pp 27–41
Ferretti C, Mella S, Melzani F (2014) The role of the fault model in DFA against AES. In: Proceedings of the workshop on hardware and architectural support for security and privacy (HASP). ACM, p 4
Sakiyama K, Li Y, Iwamoto M, Ohta K (2012) Information-theoretic approach to optimal differential fault analysis. IEEE Trans Inf Forens Secur 7(1):109–120
Ali SS, Mukhopadhyay D, Tunstall M (2013) Differential fault analysis of AES: towards reaching its limits. J Cryptogr Eng 3(2):73–97
Ghalaty NF, Yuce B, Taha M, Schaumont P (2014) Differential fault intensity analysis. In: 2014 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 49–58
Li Y, Ohta K, Sakiyama K (2012) New fault-based side-channel attack using fault sensitivity. IEEE Trans Inf Forens Secur 7(1):88–97
Liu Y, Zhang J, Wei L, Yuan F, Xu Q (2015) Dera: yet another differential fault attack on cryptographic devices based on error rate analysis. In: Design Automation conference (DAC). ACM, p 31
Fuhr T, Jaulmes E, Lomné V, Thillard A (2013) Fault attacks on AES with faulty ciphertexts only. In: 2013 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 108–118
Järvinen K, Blondeau C, Page D, Tunstall M (2012) Harnessing biased faults in attacks on ECC-based signature schemes. In: 2012 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 72–82
Joye M, Jean-Jacques Q, Sung-Ming Y, Yung M (2002) Observability analysis-detecting when improved cryptosystems fail. In: Cryptographers’ track at the RSA conference. Springer, pp 17–29
Yen S-M, Joye M (2000) Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans Comput 49(9):967–970
Karaklajic D, Fan J, Verbauwhede I (2012) A systematic M safe-error detection in hardware implementations of cryptographic algorithms. In: 2012 IEEE International Symposium on hardware-oriented security and trust (HOST), pp 96–101
Blömer J, Seifert J-P (2003) Fault based cryptanalysis of the advanced encryption standard (AES). In: Computer Aided verification. Springer, pp 162–181
Boneh D, DeMillo RA, Lipton RJ (1997) On the importance of checking cryptographic protocols for faults. In: International Conference on the theory and applications of cryptographic techniques. Springer, pp 37–51
Ciet M, Joye M (2005) Elliptic curve cryptosystems in the presence of permanent and transient faults. Des Codes Cryptograph 36(1):33–43
Fouque P-A, Lercier R, Réal D, Valette F (2008) Fault attack on elliptic curve montgomery ladder implementation. In: 5th Workshop on Fault diagnosis and tolerance in cryptography. 2008. FDTC’08. IEEE, pp 92–98
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology—CRYPTO’99. Springer, pp 789–789
Fan J, Guo X, De Mulder E, Schaumont P, Preneel B, Verbauwhede I (2010) State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures. In: 2010 IEEE International Symposium on hardware-oriented security and trust (HOST). IEEE, pp 76–87
Oswald D (2013) Implementation attacks: from theory to practice, Ph.D dissertation
Spreitzer R, Moonsamy V, Korak T, Mangard S (2017) Systematic classification of side-channel attacks: a case study for mobile devices. IEEE Communications Surveys & Tutorials
Tillich S, Herbst C (2008) Attacking state-of-the-art software countermeasures—a case study for AES. Lect Notes Comput Sci 5154:228–243
Rivain M, Prouff E (2010) Provably secure higher-order masking of AES. Cryptograph Hardware Embedded Syst CHES 2010:413–427
Grosso V, Standaert F-X, Faust S (2014) Masking vs. multiparty computation: how large is the gap for AES? J Cryptogr Eng 4(1):47–57
Chevallier-Mames B, Ciet M, Joye M (2004) Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Trans Comput 53(6):760–768
Skorobogatov S (2006) Optically enhanced position-locked power analysis. Cryptograph Hardware Embedded Syst-CHES 2006:61–75
Amiel F, Villegas K, Feix B, Marcel L (2007) Passive and active combined attacks: combining fault attacks and side channel analysis. In: Workshop on Fault diagnosis and tolerance in cryptography, 2007. FDTC 2007. IEEE, pp 92–102
Clavier C, Feix B, Gagnerot G, Roussellet M (2010) Passive and active combined attacks on AES combining fault attacks and side channel analysis. In: 2010 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 10–19
Roche T, Lomné V, Khalfallah K (2011) Combined fault and side-channel attack on protected implementations of AES. Smart Card Res Adv Appl, 65–83
Dassance F, Venelli A (2012) Combined fault and side-channel attacks on the AES key schedule. In: 2012 Workshop on Fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 63–71
Schmidt J-M, Tunstall M, Avanzi RM, Kizhvatov I, Kasper T, Oswald D (2010) Combined implementation attack resistant exponentiation. LATINCRYPT 6212:305–322
Yao Y, Yang M, Patrick C, Yuce B, Schaumont P (2018) Fault-assisted side-channel analysis of masked implementations (to appear). In IEEE International Symposium on hardware oriented security and trust (HOST), 2018. IEEE, pp 72–77
Durumeric Z, Kasten J, Adrian D, Halderman JA, Bailey M, Li F, Weaver N, Amann J, Beekman J, Payer M, Paxson V (2014) The matter of heartbleed. In: Internet Measurement conference (IMC), pp 475–488
Obermaier J, Tatschner S (2017) Shedding too much light on a microcontroller’s firmware protection. In: USENIX Workshop on offensive technologies (WOOT)
Scott ME Glitchy descriptor firmware grab, https://www.youtube.com/watch?v=TeCQatNcF20, Online; Accessed 14 Nov 2017
Bouffard G, Iguchi-Cartigny J, Lanet J-L (2011) Combined software and hardware attacks on the java card control flow. In CARDIS, vol 7079. Springer, pp 283–296
Vasselle A, Thiebeauld H, Maouhoub Q, Morisset A, Ermeneux S (2017) Laser-induced fault injection on smartphone bypassing the secure boot. In: 2017 Workshop on Fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 41–48
Timmers N, Mune C (2017) Escalating privileges in Linux using voltage fault injection. In: Fault Diagnosis and tolerance in cryptography (FDTC), pp 25–35
Seaborn M, Dullien T (2015) Exploiting the dram rowhammer bug to gain kernel privileges. Black Hat
San Pedro M, Soos M, Guilley S (2011) Fire: fault injection for reverse engineering. In: WISTP. Springer, pp 280–293
Le Bouder H, Guilley S, Robisson B, Tria A (2014) Fault injection to reverse engineer DES-like cryptosystems. In: Foundations and practice of security. Springer, pp 105–121
Clavier C, Wurcker A (2013) Reverse engineering of a secret AES-like cipher by ineffective fault analysis. In: 2013 Workshop on Fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 119–128
Jacob M, Boneh D, Felten E (2002) Attacking an obfuscated cipher by injecting faults. In: Digital Rights management workshop, vol 2696, pp 16–31
Courbon F, Fournier JJ, Loubet-Moundi P, Tria A (2015) Combining image processing and laser fault injections for characterizing a hardware AES. IEEE Trans Comput-aided Des Integr Circ Syst 34(6):928–936
Common Criteria Community https://www.commoncriteriaportal.org, Online Sccessed 18 Jan 2018
United States Government Accountability Office, Information assurance, national partnership offers benefits, but faces considerable challenges, Technical Report GAO-06-392, 2006. http://www.gao.gov/new.items/d06392.pdf
EMVCo Product Approval Processes http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf, Online Accessed 18 Jan 2018
National Institute of Standards and Technology (NIST), Security requirements for cryptographic modules, FIPS PUB 140-2, 2001. https://www.emvco.com/processes-forms/product-approval/
Acknowledgements
The authors would like to thank Dennis Vermoen from Riscure Security Lab for his help and support.
Funding
During this work, the first author was supported in part through the National Science Foundation Grant 1441710 and 1314598, and in part through the Semiconductor Research Corporation.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yuce, B., Schaumont, P. & Witteman, M. Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation. J Hardw Syst Secur 2, 111–130 (2018). https://doi.org/10.1007/s41635-018-0038-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-018-0038-1