Top

Journal of Cryptographic Engineering

Published in:

01-09-2014 | Special Section on Proofs 2013

Formal verification of a software countermeasure against instruction skip attacks

Authors: N. Moro, K. Heydemann, E. Encrenaz, B. Robisson

Published in: Journal of Cryptographic Engineering | Issue 3/2014

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Fault attacks against embedded circuits enabled to define many new attack paths against secure circuits. Every attack path relies on a specific fault model which defines the type of faults that the attacker can perform. On embedded processors, a fault model consisting in an assembly instruction skip can be very useful for an attacker and has been obtained by using several fault injection means. To avoid this threat, some countermeasure schemes which rely on temporal redundancy have been proposed. Nevertheless, double fault injection in a long enough time interval is practical and can bypass those countermeasure schemes. Some fine-grained countermeasure schemes have also been proposed for specific instructions. However, to the best of our knowledge, no approach that enables to secure a generic assembly program in order to make it fault-tolerant to instruction skip attacks has been formally proven yet. In this paper, we provide a fault-tolerant replacement sequence for almost all the instructions of the Thumb-2 instruction set and provide a formal verification for this fault tolerance. This simple transformation enables to add a reasonably good security level to an embedded program and makes practical fault injection attacks much harder to achieve.

next article Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

It turns out that, in the ARM calling conventions, the r12 register can be used to hold intermediate values and does not need to be saved on the stack. Thus, this register can be used, if available, as a temporary register for such replacement scenarios.

stmdb stores multiple registers into the memory and decrements the address before each access.

ldmia loads a memory segment into multiple registers and increments the address after each access.

A register is alive at a given point in an instructions sequence if there is a path to the end in which it is read before being written.

http://vlsi.colorado.edu/~vis/.

ARM: ARM Architecture Reference Manual—Thumb-2 Supplement (2005)

Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE (2011). doi:10.1109/FDTC.2011.9

Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice guide to fault attacks. In: Proceedings of the IEEE 94 (2006). doi:10.1109/JPROC.2005.862424

Barenghi, A., Bertoni, G.M., Breveglieri, L., Pelliccioli, M., Pelosi, G.: Injection technologies for fault attacks on microprocessors. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography, Information Security and Cryptography, pp. 275–293. Springer, Berlin (2012). doi:10.1007/978-3-642-29656-7

Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012). doi:10.1109/JPROC.2012.2188769 CrossRef

Barenghi, A., Breveglieri, L., Koren, I., Pelosi, G., Regazzoni, F.: Countermeasures against fault attacks on software implemented AES. In: Proceedings of the 5th Workshop on Embedded Systems Security—WESS ’10. ACM Press, New York (2010). doi:10.1145/1873548.1873555

Boneh, D., DeMillo, R., Lipton, R.: On the importance of checking cryptographic protocols for faults. In: Advances in Cryptology—EUROCRYPT ’97, Lecture Notes in Computer Science, vol. 1233, pp. 37–51. Springer, Berlin (1997). doi:10.1007/3-540-69053-0_4

Chetali, B., Nguyen, Q.H.: Industrial use of formal methods for a high-level security evaluation. FM 2008: Formal Methods. Lecture Notes in Computer Science, vol. 5014, pp. 198–213. Springer, Berlin (2008)

Christofi, M., Chetali, B., Goubin, L., Vigilant, D.: Formal verification of a CRT-RSA implementation against fault attacks. J. Cryptogr. Eng. (2013). doi:10.1007/s13389-013-0049-3

10.

Dehbaoui, A., Dutertre, J.M., Robisson, B., Tria, A.: Electromagnetic transient faults injection on a hardware and a software implementations of AES. In: FDTC 2012. IEEE (2012). doi:10.1109/FDTC.2012.15

11.

Fox, A., Myreen, M.: A trustworthy monadic formalization of the armv7 instruction set architecture. Interactive Theorem Proving. Lecture Notes in Computer Science, vol. 6172, pp. 243–258. Springer, Berlin (2010)

12.

Guthaus, M., Ringenberg, J., Ernst, D., Austin, T., Mudge, T., Brown, R.: MiBench: a free, commercially representative embedded benchmark suite. In: Proceedings of the Fourth Annual IEEE International Workshop on Workload Characterization. WWC-4. IEEE (2001). doi:10.1109/WWC.2001.990739

13.

Karaklajić, D., Schmidt, J.M., Verbauwhede, I.: Hardware Designer’s Guide to Fault Attacks. In: IEEE Transactions on Very Large Scale Integration (VLSI) Systems (2013). doi:10.1109/TVLSI.2012.2231707

14.

Medwed, M., Schmidt, J.M.: A generic fault countermeasure providing data and program flow integrity. In: 2008 Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE (2008). doi:10.1109/FDTC.2008.11

15.

Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., Encrenaz, E.: Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE (2013). doi:10.1109/FDTC.2013.9

16.

Nguyen, M.H., Robisson, B., Agoyan, M., Drach, N.: Low-cost recovery for the code integrity protection in secure embedded processors. In: 2011 IEEE International Symposium on Hardware-Oriented Security and Trust. IEEE (2011). doi:10.1109/HST.2011.5955004

17.

Rauzy, P., Guilley, S.: A formal proof of countermeasures against fault injection attacks on CRT-RSA. J. Cryptogr. Eng. (2013). doi:10.1007/s13389-013-0065-3

18.

Schmidt, J.M., Herbst, C.: A practical fault attack on square and multiply. In: 2008 Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE (2008). doi:10.1109/FDTC.2008.10

19.

Skorobogatov, S.: Local heating attacks on Flash memory devices. In: 2009 IEEE International Workshop on Hardware-Oriented Security and Trust, pp. 1–6. IEEE (2009). doi:10.1109/HST.2009.5225028

20.

Trichina, E., Korkikyan, R.: Multi fault laser attacks on protected CRT-RSA. In: 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE (2010). doi:10.1109/FDTC.2010.14

21.

Yiu, J.: The Definitive Guide To The ARM Cortex-M3. Elsevier Science, London (2009)

22.

Zussa, L., Dutertre, J.M., Clédière, J., Robisson, B., Tria, A.: Investigation of timing constraints violation as a fault injection means. In: DCIS. Avignon, France (2012)

Title: Formal verification of a software countermeasure against instruction skip attacks
Authors: N. Moro
K. Heydemann
E. Encrenaz
B. Robisson
Publication date: 01-09-2014
Publisher: Springer Berlin Heidelberg
Published in: Journal of Cryptographic Engineering / Issue 3/2014
Print ISSN: 2190-8508
Electronic ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-014-0077-7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2014

Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis

A model of the leakage in the frequency domain and its application to CPA and DPA

Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations

A formal proof of countermeasures against fault injection attacks on CRT-RSA

Premium Partner