International audienceIn the domain of smart cards, secured devices must be protected against high level attack potential [1]. According to norms such as the Common Criteria [2], the vulnerability analysis must cover the current state-of-the-art in term of attacks. Nowadays, a very classical type of attack is fault injection, conducted by means of laser based techniques. We propose a global approach, called Lazart, to evaluate code robustness against fault injections targeting control flow modifications. The originality of Lazart is twofolds. First, we encompass the evaluation process as a whole: starting from a fault model, we produce (or establish the absence of) attacks, taking into consideration software countermeasures. Furthermore, according to the near state-of-the-art, our methodology takes into account multiple transient fault injections and their combinatory. The proposed approach is supported by an effective tool suite based on the LLVM format [3] and the KLEE symbolic test generator [4]
Applications in secure components (such as smartcards, mobile phones or secure dongles) must be hardened against fault injection to guarantee security even in the presence of a malicious fault. Crafting applications robust against fault injection is an open problem for all actors of the secure application development life cycle, which prompted the development of many simulation tools. A major difficulty for these tools is the absence of representative codes, criteria and metrics to evaluate or compare obtained results. We present FISSC, the first public code collection dedicated to the analysis of code robustness against fault injection attacks. FISSC provides a framework of various robust code implementations and an approach for comparing tools based on predefined attack scenarios.This work has been partially supported by the SERTIF project (ANR-14-ASTR-0003-01): http://sertif-projet.forge.imag.fr. This work has been partially supported by the LabEx PERSYVAL-Lab (ANR-11-LABX-0025).
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.