Abstract

Fault injection attacks are one of the most powerful forms of cryptanalytic attacks on ciphers. A single, precisely injected fault during the execution of a cipher like the AES, can completely reveal the key within a few milliseconds. Software implementations of ciphers, therefore, need to be thoroughly evaluated for such attacks. In recent years, automated tools have been developed to perform these evaluations. These tools either work on the cipher algorithm or on their implementations. Tools that work at the algorithm level can provide a comprehensive assessment of fault attack vulnerability for different fault attacks and with different fault models. Their application is, however, restricted because every realization of the cipher has unique vulnerabilities. On the other hand, tools that work on cipher implementations have a much wider application but are often restricted by the range of fault attacks and the number of fault models they can evaluate.In this paper, we propose a framework, called FEDS, that uses a combination of compiler techniques and model checking to merge the advantages of both, algorithmic level tools as well as implementation level tools. Like the algorithmic level tools, FEDS can provide a comprehensive assessment of fault attack exploitability considering a wide range of fault attacks and fault models. Like implementation level tools, FEDS works with implementations, therefore has wide application. We demonstrate the versatility of FEDS by evaluating seven different implementations of AES (including bitsliced implementation) and implementations of CLEFIA and CAMELLIA for Differential Fault Attacks. The framework automatically identifies exploitable instructions in all implementations. Further, we present an application of FEDS in a Fault Attack Aware Compiler, that can automatically identify and protect exploitable regions of the code. We demonstrate that the compiler can generate significantly more efficient code than a naïvely protected equivalent, while maintaining the same level of protection.

Highlights

  • Fault attacks are a potent form of physical attacks, where the attacker injects a fault during the execution of a cipher to determine its secret key

  • Definition 2. [Intermediate Representation (IR) Instructions] IR is an intermediate representation used by the LLVM compiler that is generated during the transformation pass

  • The evaluation with multiple AES implementations and block cipher CLEFIA and CAMELLIA for Differential Fault Attacks demonstrates the ability of FEDS to uniquely identify exploitable instructions

Read more

Summary

Introduction

Fault attacks are a potent form of physical attacks, where the attacker injects a fault during the execution of a cipher to determine its secret key. Similar to ILE tools, FEDS works at the implementation level and can pinpoint vulnerable locations in the source code. This makes FEDS widely applicable and usable for different implementations of a cipher. Similar to the HLE tools, FEDS promises to provide a comprehensive fault attack vulnerability evaluation and can identify vulnerabilities in complex fault attack situations It can consider the cryptographic properties of the cipher, such as the differential and impossible differential properties of the S-Boxes, reversibility of the key expansion algorithm, etc. It first runs an HLE tool, such as XFC [KRH17] or ExpFault [SKMD17], on the cipher’s high-level representation, to obtain a list of fault attack exploitable operations present in the cipher.

Fault Attacks
Intermediate Representation of a Program
Model Checking
Related Work
Block Cipher Algorithms and their Implementations
The FEDS Framework
High-Level Exploitability Tool
Fault Mapping
Define
Fault Evaluation
IR to Control Flow Graph
Exploitable Node Detection
Using FEDS to Evaluate Implementations of Block Ciphers
High Level Exploitability Tool
Using FEDS to Design a Fault Attack Aware Compiler
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.