FISSC: A Fault Injection and Simulation Secure Collection

Dureuil, Louis; Petiot, Guillaume; Potet, Marie-Laure; Le, Trung-Nghia; Crohen, Aude; Choudens, Philippe de

doi:10.1007/978-3-319-45477-1_1

Cited by 36 publications

(43 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The weakness detection and code securing processes can be performed at different code levels: source code [6], any intermediate code such as during the compilation process [7,8], or binary code [9]. Working at the assembly or binary code level seems to be the most adapted level when considering physical faults.…”

Section: Introductionmentioning

confidence: 99%

“…We consider control-flow disruption, which is a harmful consequence of fault attacks that encompass both instruction skip faults and larger jumps that are easily performed with physical fault injection means. Such control-flow disruption enables an attacker to retrieve secret keys [15,3], bypass certain implemented countermeasures [6], or obtain certain unauthorized privileges [16,17]. Our approach, which is supported by tools and is illustrated in Figure 1, enables 1) the automatic detection of the weaknesses of native C programs to be embedded into a secure element (weakness detection is performed at the source code level and considers attacks that disrupt the control flow) and 2) the automatic injection of formally verified countermeasures at the granularity of single C statements.…”

Section: Introductionmentioning

confidence: 99%

“…As the previous ones, they have been formally verified. New experiments were conducted on the FISSC benchmark [6] (two versions of the VerifyPIN code), at both the C code and the assembly code level.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Formally verified software countermeasures for control-flow integrity of smart card C code

Heydemann¹,

Lalande²,

Berthomé³

2019

Computers & Security

View full text Add to dashboard Cite

Fault attacks can target smart card programs to disrupt an execution and take control of the data or the embedded functionalities. Among all possible attacks, control-flow attacks aim at disrupting the normal execution flow. Identifying harmful control-flow attacks and designing countermeasures at the software level are tedious and tricky for developers. In this paper, we propose a methodology to detect harmful inter-and intra-procedural jump attacks at the source code level and automatically inject formally proven countermeasures into a C code. The proposed software countermeasures protect the integrity of individual statements at the granularity of single C statements. They support many control-flow constructs of the C language. The countermeasure scheme can detect an attack early either inside a control-flow construct or only at its exit. The secured source code defeats 100% of attacks that jump over at least two C source code statements. Experiments showed that the resulting code is also hardened against unexpected function calls and jump attacks at the assembly code level. Securing a source code automatically and extensively with our scheme degrades the performance. The performance overhead of our countermeasures on three well-known encryption algorithms available in C ranged from +41% to +138% on an x86 platform and from +45% to +217% on an ARM-v7 platform. However, combining code rewriting with hardening of sensitive code regions identified by the weakness detection step enables an application to be fully hardened while limiting the overhead.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Formally verified software countermeasures for control-flow integrity of smart card C code

Heydemann¹,

Lalande²,

Berthomé³

2019

Computers & Security

View full text Add to dashboard Cite

show abstract

“…This fault model corresponds to targeted attacks that attempt to bypass code, or significantly disrupt the control flow. 18,19 Note that this is a superset of other faults that may target the same bits of the target address. and Xoring the left word to the right word.…”

Section: Fault Modelsmentioning

confidence: 99%

“…In both cases, the fault model simulates any possible change to the jump target address. This fault model corresponds to targeted attacks that attempt to bypass code, or significantly disrupt the control flow . Note that this is a superset of other faults that may target the same bits of the target address.…”

Section: Introductionmentioning

confidence: 99%

An automated and scalable formal process for detecting fault injection vulnerabilities in binaries

Given-Wilson

Heuser²,

Jafri

et al. 2018

Concurrency and Computation

View full text Add to dashboard Cite

Fault injection has increasingly been used both to attack software applications, and to test system robustness. Detecting fault injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes an extension of a recently published general model checking based process to detect fault injection vulnerabilities in binaries. This new extension makes the general process scalable to real-world implementions which is demonstrated by detecting vulnerabilities in different cryptographic implementations.

show abstract

Experimental Analysis of the Laser-Induced Instruction Skip Fault Model

Dutertre

Riom

Potin

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Microcontrollers storing valuable data or using security functions are vulnerable to fault injection attacks. Among the various types of faults, instruction skips induced at runtime proved to be effective against identification routines or encryption algorithms. Several research works assessed a fault model that consists in a single instruction skip, i.e. the ability to prevent one chosen instruction in a program from being executed. This assessment is used to design countermeasures able to withstand a single instruction skip. We question this fault model on experimental basis and report the possibility to induce with a laser an arbitrary number of instruction skips. This ability to erase entire sections of a firmware has strong implications regarding the design of countermeasures.

show abstract

FISSC: A Fault Injection and Simulation Secure Collection

Cited by 36 publications

References 15 publications

Formally verified software countermeasures for control-flow integrity of smart card C code

Formally verified software countermeasures for control-flow integrity of smart card C code

An automated and scalable formal process for detecting fault injection vulnerabilities in binaries

Experimental Analysis of the Laser-Induced Instruction Skip Fault Model

Contact Info

Product

Resources

About