Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation

Yuce, Bilgiday; Schaumont, Patrick; Witteman, Marc F.

doi:10.1007/s41635-018-0038-1

Cited by 62 publications

(49 citation statements)

References 85 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [26,42] the authors present a survey of the different hardware based approach techniques used to inject a fault. The authors also refer to relevant works where the various fault injection techniques are used.…”

Section: Hardware Based Approachmentioning

confidence: 99%

The State of Fault Injection Vulnerability Detection

Given-Wilson

Jafri

Legay

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Fault injection is a well known method to test the robustness and security vulnerabilities of software. Fault injections can be explored by simulations (cheap, but not validated) and hardware experiments (true, but very expensive). Recent simulation works have started to apply formal methods to the detection, analysis, and prevention of fault injection attacks to address verifiability. However, these approaches are ad-hoc and extremely limited in architecture, fault model, and breadth of application. Further, there is very limited connection between simulation results and hardware experiments. Recent work has started to consider broad spectrum simulation approaches that can cover many fault models and relatively large programs. Similarly the connection between these broad spectrum simulations and hardware experiments is being validated to bridge the gap between the two approaches. This presentation highlights the latest developments in applying formal methods to fault injection vulnerability detection, and validating software and hardware results with one another.

show abstract

Section: Hardware Based Approachmentioning

confidence: 99%

The State of Fault Injection Vulnerability Detection

Given-Wilson

Jafri

Legay

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The first property of out-of-band signal injection attacks is that they aim to change values processed by a system, rather than infer them. This fact distinguishes them from the side-channel [1] and fault-injection attacks [2]- [4] mentioned in the introduction.…”

Section: A Survey Scopementioning

confidence: 95%

“…This set contains recent studies whose novelty and potential has not yet received mainstream attention. 4 For example, the techniques proposed by Tu et al to overcome ADC sampling rate drifts should be applicable to other methods of injection, and against different types of targets. We place the work by Bolton et al [12] in the same category, as it managed to bridge research on HDD attacks (e.g., [53]) with attacks on MEMS sensors, and contained significant insights into why resonance attacks against hard drives work.…”

Section: Acoustic Emanationsmentioning

confidence: 99%

“…Despite the amount of research conducted on out-of-band signal injection attacks, there is no common methodology to evaluate how susceptible systems are to them. This is in contrast to related disciplines, such as side-channel analysis [75], direct power injection and near-field scan immunity [59], fault injection attacks [4], and IEMI attacks [191]. Indeed, although many papers sweep through frequencies to find the resonant ones [5], [13], some do not adopt this terminology [10], [12], [53], and do not specify how wide the frequency steps should be.…”

Section: Future Directionsmentioning

confidence: 99%

See 1 more Smart Citation

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

Giechaskiel

Rasmussen

2020

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Recent research has shown that the integrity of sensor measurements can be violated through out-of-band signal injection attacks. These attacks target the conversion process from a physical quantity to an analog property-a process that fundamentally cannot be authenticated. Out-of-band signal injection attacks thus pose previously-unexplored security risks by exploiting hardware imperfections in the sensors themselves, or in their interfaces to microcontrollers. In response to the growingyet-disjointed literature in the subject, this article presents the first survey of out-of-band signal injection attacks. It focuses on unifying their terminology and identifying commonalities in their causes and effects through a chronological, evolutionary, and thematic taxonomy of attacks. By highlighting cross-influences between different types of out-of-band signal injections, this paper underscores the need for a common language irrespective of the attack method. By placing attack and defense mechanisms in the wider context of their dual counterparts of side-channel leakage and electromagnetic interference, this study identifies common threads and gaps that can help guide and inform future research. Overall, the ever-increasing reliance on sensors embedded in everyday commodity devices necessitates that a stronger focus be placed on improving the security of such systems against out-of-band signal injection attacks.

show abstract

“…Faults can be induced into the chip by using physical perturbations in its execution environment. Several techniques have been successfully demonstrated in the literature [4], [32], [47], [62]. Commonly used ones include:…”

Section: The Conceptmentioning

confidence: 99%

Hiding a fault enabled virus through code construction

Hamadouche

Lanet

Mezghiche

2019

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Smart cards are very secure devices designed to execute applications and store confidential data. Therefore, they become the target of many hardware and software attacks that aim to bypass their embedded security mechanisms in order to gain access to the sensitive stored data. Recently, a new kind of attacks called combined attacks has appeared. They aim to induce perturbations in the application's execution environment. Thus, correct and legitimate application can be dynamically modified to become a hostile one after being loaded in the card using a fault injection. In this paper, we treat the problem from another angle: how to design an innocent looking code in such a way that it becomes intentionally hostile after being activated by a fault injection? We present an original approach of backward code construction based on constraints satisfaction and a tree traversal algorithm. After that, we propose a way to optimize the search process by introducing heuristics for a faster convergence towards more realistic solutions.We implement this approach in a Trace Generator tool; thereafter evaluate its capacity to generate the required solutions while giving a proof-of-concept of the code desynchronization technique.

show abstract

Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation

Cited by 62 publications

References 85 publications

The State of Fault Injection Vulnerability Detection

The State of Fault Injection Vulnerability Detection

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

Hiding a fault enabled virus through code construction

Contact Info

Product

Resources

About