nach oben

International Journal of Information Security

Erschienen in:

01.04.2016 | Regular Contribution

Link-time smart card code hardening

verfasst von: Ronald De Keulenaer, Jonas Maebe, Koen De Bosschere, Bjorn De Sutter

Erschienen in: International Journal of Information Security | Ausgabe 2/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This paper presents a feasibility study to protect smart card software against fault-injection attacks by means of link-time code rewriting. This approach avoids the drawbacks of source code hardening, avoids the need for manual assembly writing, and is applicable in conjunction with closed third-party compilers. We implemented a range of cookbook code hardening recipes in a prototype link-time rewriter and evaluate their coverage and associated overhead to conclude that this approach is promising. We demonstrate that the overhead of using an automated link-time approach is not significantly higher than what can be obtained with compile-time hardening or with manual hardening of compiler-generated assembly code.

Nächster Artikel Behavior-based approach to detect spam over IP telephony attacks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

http://diablo.elis.ugent.be.

http://sourceware.org/newlib/.

http://www.gnu.org/software/libc/.

http://www.uclibc.org/.

http://llvm.org/.

Note that this feature has nothing to do with enforcing control flow integrity. It only relates to ensuring that the application behaves the same before and after rewriting, whether that is as intended by the developer or not.

A brief overview of ARM & Thumb architecture is given in the electronic appendix to this article.

The truly avoidable overhead can only be determined precisely by developing a hardening compiler or by applying all protections manually, for which we lack the time and resources.

The presented verification technique aims to ensure that write operations take place as intended. For protecting the values once they are stored in memory, complementary techniques such as error-correction codes can be used [23].

http://www.keil.com/smartcards.

In our link-time rewriter, the set of functions that can be invoked through function calls is conservatively approximated by computing the set of functions whose absolute address is stored or can be computed somewhere in the program, as indicated by the available relocation information.

In qsort_large, this loop (which swaps a pair of elements in the array to be sorted) is also present, as it is linked from the standard C library. But in qsort_large, that loop is not hot because the elements to be swapped are very small, whereas in qsort_small the elements are quite long strings.

Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 4:1–4:40 (2009)CrossRef

Ammann, P.E., Knight, J.C.: Data diversity: an approach to software fault tolerance. IEEE Trans. Comput. 37(4), 418–425 (1988)CrossRef

Anand, K., Smithson, M., Elwazeer, K., Kotha, A., Gruen, J., Giles, N., Barua, R.: A compiler-level intermediate representation based binary analysis and rewriting system. In: Proceedings of the 8th ACM European Conference on Computer Systems, pp. 295–308 (2013)

Anckaert, B., Madou, M., De Sutter, B., De Bus, B., De Bosschere, K., Preneel, B.: Program obfuscation: a quantitative approach. In: ACM QoP, pp. 15–20 (2007)

Anckaert, B., Vandeputte, F., De Bus, B., De Sutter, B., De Bosschere, K.: Link-time optimization of IA64 binaries. In: Proceedings of Euro-Par, pp. 284–291 (2004)

Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: Proceedings of CHES, pp. 260–275 (2002)

Avizienis, A.: The n-version approach to fault-tolerant software. IEEE Trans. Softw. Eng. 11(12), 1491–1501 (1985)CrossRef

Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Cryptology ePrint Archive, Report 2004/100 (2004)

Bellard, F.: QEMU, a fast and portable dynamic translator. In: Proceedings of USENIX, pp. 41–46 (2005)

10.

Bertran, R., Gil, M., Cabezas, J., Jimenez, V., Vilanova, L., Morancho, E., Navarro, N.: Building a global system view for optimization purposes. In: Proceedings of Workshop Interaction between Operating Systems and Computer Architecture (2006)

11.

Chanet, D.: Memory Footprint Reduction for Operating System Kernels. PhD thesis, Ghent University (2007)

12.

Chanet, D., De Sutter, B., De Bus, B., Van Put, L., De Bosschere, K.: Automated reduction of the memory footprint of the Linux kernel. ACM Trans. Embed. Comput. Syst. 6(4), 23:1–23:48 (2007)CrossRef

13.

Choukri, H., Tunstall, M.: Round reduction using faults. In: Proceedings of FDTC, pp. 13–24 (2005)

14.

Claes, L.: Colos: een optimaliserende linker voor de superH. Master’s thesis, Ghent University (2003)

15.

De Bus, B.: Reliable, retargetable and extensible link-time program rewriting. Ph.D. thesis, Ghent University (2005)

16.

De Bus, B., Chanet, D., De Sutter, B., Van Put, L., De Bosschere, K.: The design and implementation of FIT: a flexible instrumentation toolkit. In: Proceedings of ACM PASTE, pp. 29–34 (2004)

17.

De Sutter, B., De Bus, B., De Bosschere, K.: Link-time binary rewriting techniques for program compaction. ACM Trans. Prog. Lang. Syst. 27(5), 882–945 (2005)CrossRef

18.

De Sutter, B., De Bus, B., De Bosschere, K.: Bidirectional liveness analysis, or how less than half of the Alpha’s registers are used. J. Syst. Archit. 52(10), 535–548 (2006)CrossRef

19.

De Sutter, B., Van Put, L., Chanet, D., De Bus, B., De Bosschere, K.: Link-time compaction and optimization of ARM executables. ACM Trans. Embed. Comput. Syst. 6(1), 5:1–5:43 (2007)CrossRef

20.

Debray, S., Muth, R., Weippert, M.: Alias analysis of executable code. In: Proceedings of ACM POPL, pp. 12–24 (1998)

21.

Dolgova, E.N., Chernov, A.V.: Automatic reconstruction of data types in the decompilation problem. Program. Comput. Softw. 35(2), 105–119 (2009)CrossRefMATH

22.

Guthaus, M.R., Ringenberg, J.S., Ernst, D., Austin, T.M., Mudge, T., Brown, R.B.: Mibench: a free, commercially representative embedded benchmark suite. In: Proceedings of IEEE WWC-4, pp. 3–14 (2001)

23.

Huffman, W.C., Pless, V.: Fundamentals of Error-Correcting Codes. Cambridge University Press, Cambridge (2003)CrossRefMATH

24.

Karpovsky, M., Kulikowski, K.J., Taubin, A.: Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard. In: Proceedings of International Conference on Dependable Systems and Networks, pp. 93–101 (2004)

25.

Kim, C.H., Quisquater, J.-J.: Fault attacks for CRT based RSA: new attacks, new results and new countermeasures. In: Proceedings of WISTP, pp. 215–228 (2007)

26.

Kinder, J., Zuleger, F., Veith, H.: An abstract interpretation-based framework for control flow reconstruction from binaries. In: Proceedings of 10th International Conference on Verification, Model Checking, and Abstract Interpretation, pp. 214–228 (2009)

27.

Lackner, M., Berlach, R., Hraschan, M., Weiss, R., Steger, C.: A defensive java card virtual machine to thwart fault attacks by microarchitectural support. In: Proceedings of International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1–8 (2013)

28.

Lackner, M., Berlach, R., Raschke, W., Weiss, R., Steger, C.: A defensive virtual machine layer to counteract fault attacks on java cards. In: Information Security Theory and Practice. Security of Mobile and Cyber-Physical Systems, volume 7886 of Lecture Notes in Computer Science, pp. 82–97 (2013)

29.

Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: Proceedings of 2004 international symposium on code generation and optimization (CGO’04), Palo Alto, California (2004)

30.

Levine, J.R.: Linkers and Loaders. Morgan Kaufmann Publishers Inc., Los Altos, CA (1999)

31.

Lim, J., Reps, T.: TSL: a system for generating abstract interpreters and its application to machine-code analysis. ACM Trans. Program. Lang. Syst. 35(1), 4:1–4:59 (2013)CrossRef

32.

Madou, M., Anckaert, B., De Sutter, B., De Bosschere, K.: Hybrid static-dynamic attacks against software protection mechanisms. In: ACM DRM, pp. 75–82 (2005)

33.

Madou, M., De Sutter, B., De Bus, B., Van Put, L., De Bosschere, K.: Link-time optimization of MIPS programs. In: Proceedings of ESA, pp. 70–75 (2004)

34.

Madou, M., Van Put, L., De Bosschere, K.: Loco: an interactive code (de)obfuscation tool. In: Proceedings of PEPM ’06, pp. 140–144 (2006)

35.

Maebe, J., De Keulenaer, R., De Sutter, B., De Bosschere, K.: Mitigating smart card fault injection with link-time code rewriting: a feasibility study. In: Proceedings of 17th International Conference on Financial Cryptography and Data Security (2013)

36.

Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer, Berlin (2007)MATH

37.

Markantonakis, C., Mayes, K., Tunstall, M., Sauveron, D., Piper, F.: Smart card security. In: Nedjah, N., Abraham, A., de Macedo Mourelle, L. (eds.) Computational Intelligence in Information Assurance and Security, pp. 201–233. Springer, Berlin (2007)

38.

Muchnick, S.S.: Advanced Compiler Design and Implementation. Morgan Kaufmann, Los Altos, CA (1997)

39.

Oh, N., Mitra, S., McCluskey, E.J.: ED4I: error detection by diverse data and duplicated instructions. IEEE Trans. Comput. 51(2), 180–199 (2002)CrossRef

40.

O’Sullivan, P., Anand, K., Kotha, A., Smithson, M., Barua, R., Keromytis, A.D. Retrofitting security in COTS software with binary rewriting. In: Proceedings of 26th IFIP TC 11 International Information Security Conference, pp. 154–172 (2011)

41.

Randell, B.: System structure for software fault tolerance. In: Proceedings of the International Conference on Reliable Software, pp. 437–449 (1975)

42.

Rebaudengo, M., Reorda, M.S., Violante, M., Torchiano, M.: A source-to-source compiler for generating dependable software. In: Proceedings of IEEE SCAM, pp. 33–42 (2001)

43.

Reis, G.A., Chang, J., Vachharajani, N., Rangan, R., August, D.I.: SWIFT: Software implemented fault tolerance. In: Proceedings of ACM CGO, pp. 243–254 (2005)

44.

Sere, A.A., Iguchi-Cartigny, J., Lanet, J.-L.: Automatic detection of fault attack and countermeasures. In: Proceedings of the 4th Workshop on Embedded Systems Security, pp. 7:1–7:7 (2009)

45.

Smithson, M., Anand, K., Kotha, A., Elwazeer, K., Giles, N., Barua, R.: Binary rewriting without relocation information. Technical report, University of Maryland (2010)

46.

Torres-Pomales, W.: Software fault tolerance-tutorial, NASA/TM-2000-210616 (2000)

47.

Trichina, E., Korkikyan, R.: Multi fault laser attacks on protected CRT-RSA. In: 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 75–86 (2010)

48.

Van Put, L., Chanet, D., De Bus, B., De Sutter, B., De Bosschere, K.: DIABLO: a reliable, retargetable and extensible link-time rewriting framework. In: Proceedings of ISSPIT, pp. 7–12 (2005)

49.

Van Put, L., De Sutter, B., Madou, M., De Bus, B., Chanet, D., Smits, K., De Bosschere, K.: LANCET: a nifty code editing tool. In: ACM PASTE, pp. 75–81 (2005)

50.

Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Securing untrusted code via compiler-agnostic binary rewriting. In: Proceedings of 28th Annual Computer Security Applications Conference, pp. 299–308 (2012)

51.

Williams, D., Hu, W., Davidson, J.W., Hiser, J.D., Knight, J.C., Nguyen-Tuong, A.: Security through diversity: leveraging virtual machine technology. IEEE Secur. Priv. 7(1), 26–33 (2009)CrossRef

52.

Yiu, J.: The Definitive Guide to the ARM Cortex-M0. Newnes, London (2011)

53.

Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of Usenix Security (2013)

54.

Zhao, L., Li, G., De Sutter, B., Regehr, J.: ARMor: fully verified software fault isolation. In: Proceedings of EMSOFT, pp. 289–298 (2011)

Titel: Link-time smart card code hardening
verfasst von: Ronald De Keulenaer
Jonas Maebe
Koen De Bosschere
Bjorn De Sutter
Publikationsdatum: 01.04.2016
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 2/2016
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-015-0282-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2016

A hybrid approach to vector-based homomorphic tallying remote voting

Preventing sensitive relationships disclosure for better social media preservation

A uniform approach for access control and business models with explicit rule realization

Message from the Guest Editors

Behavior-based approach to detect spam over IP telephony attacks

Resolving privacy-preserving relationships over outsourced encrypted data storages

Premium Partner