Advertisement

Fault Attack Protection and Evaluation

Chapter
  • 117 Downloads

Abstract

Fault attacks can obstruct the normal system execution by injecting errors into the hardware. By radiating the critical circuit components with high energy particle strikes, voltage transients are created to make the circuit malfunction temporarily. In recent years, fault attacks have demonstrated a great capability of leaking the cryptographics keys, and nullifying the entire system security mechanisms. The chapter introduces two protection schemes, including a new security primitive, i.e., public physical unclonable function (PPUF), that has provable time gap between the execution and simulation (ESG) to derive security, and a new analysis framework to identify critical circuit components for general purpose processors and guide the design optimization.

Keywords

Fault attack PPUF ESG Challenge-response pair System security evaluation Importance sampling Statistical attack space 

References

  1. 1.
    32nm LP Predictive Technology Model ver. 2.1 (2008). http://ptm.asu.edu
  2. 2.
    Agrawal, D., Archambeault, B., Rao, J. R., & Rohatgi, P. (2002). The EM side-channels. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems.Google Scholar
  3. 3.
    Barenghi, A., Breveglieri, L., Koren, I., & Naccache, D. (2012). Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures. In Proceedings of the IEEE.Google Scholar
  4. 4.
    Beckmann, N., & Potkonjak, M. (2009). Hardware-based public-key cryptography with public physically unclonable functions. In Information Hiding (pp. 206–220).Google Scholar
  5. 5.
    Biham, E., Granboulan, L., & Nguyen, P. Q. (2005). Impossible fault analysis of RC4 and differential fault analysis of RC4. In Proceedings of the International Workshop on Fast Software Encryption.Google Scholar
  6. 6.
    Boost C++ Library. http://www.boost.org
  7. 7.
    Chasta, N. K. (2013). A very high speed, high resolution current comparator design. Journal of Electric, Electronics Science and Engineering, 7(11), 1204–1207.Google Scholar
  8. 8.
    Chen, C.-N., & Yen, S.-M. (2003). Differential fault analysis on AES key schedule and some countermeasures. In Proceedings of the Australasian Conference on Information Security and Privacy.Google Scholar
  9. 9.
    Cunningham, P., & Delany, S. J. (2007). k-nearest neighbour classifiers. Multiple Classifier Systems, 34(8), 1–17.Google Scholar
  10. 10.
    Dinic, E. A. (1970). Algorithm for solution of a problem of maximum flow in networks with power estimation. Soviet Mathematics. Doklady, 11(5), 1277–1280.Google Scholar
  11. 11.
    Fan, J., Guo, X., De Mulder, E., Schaumont, P., Preneel, B., & Verbauwhede, I. (2010). State-of-the-art of secure ECC implementations: A survey on known side-channel attacks and countermeasures. In Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust.Google Scholar
  12. 12.
    Fazeli, M., Ahmadian, S. N., Miremadi, S. G., Asadi, H., & Tahoori, M. B. (2011). Soft error rate estimation of digital circuits in the presence of multiple event transients (METs). In Proceedings of the Design, Automation and Test in Europe.Google Scholar
  13. 13.
    Gao, M., Lai, K., & Qu, G. (2014). A highly flexible ring oscillator PUF. In Proceedings of the IEEE/ACM Design Automation Conference (pp. 1–6).Google Scholar
  14. 14.
    Gassend, B., Clarke, D., Van Dijk, M., & Devadas, S. (2002). Silicon physical random functions. In Proceedings of the ACM Conference on Computer & Communications Security (pp. 148–160).Google Scholar
  15. 15.
    Goldberg, A. V., & Tarjan, R. E. (1988). A new approach to the maximum-flow problem. Journal of the ACM, 35(4), 921–940.MathSciNetCrossRefGoogle Scholar
  16. 16.
    Goldschlager, L. M., Shaw, R. A., & Staples, J. (1982). The maximum flow problem is log space complete for P. Theoretical Computer Science, 21(1), 105–111.MathSciNetCrossRefGoogle Scholar
  17. 17.
    Hemme, L. (2004). A differential fault attack against early rounds of (triple-) DES. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems.Google Scholar
  18. 18.
    Hund, R., Willems, C., & Holz, T. (2013). Practical timing side channel attacks against kernel space ASLR. In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
  19. 19.
    International technology roadmap for semiconductor 2014. Available: https://www.itrs.net/ [Online; accessed Nov. 2014].
  20. 20.
    Kelner, J. A., Lee, Y. T., Orecchia, L., & Sidford, A. (2014). An almost-linear-time algorithm for approximate max flow in undirected graphs, and its multicommodity generalizations. In Proceedings of ACM-SIAM Symposium on Discrete Algorithms (pp. 217–226). Philadelphia: SIAM.CrossRefGoogle Scholar
  21. 21.
    Lee, J. W., Lim, D., Gassend, B., Suh, G. E., Van Dijk, M., & Devadas, S. (2004). A technique to build a secret key in integrated circuits for identification and authentication applications. In Proceedings of the Symposium on VLSI Technology and Circuits (pp. 176–179).Google Scholar
  22. 22.
    Li, M., Miao, J., Zhong, K., & Pan, D. Z. (2016). Practical public PUF enabled by solving max-flow problem on chip. In Proceedings of the IEEE/ACM Design Automation Conference (p. 164). New York: ACM.Google Scholar
  23. 23.
    Li, M., Wang, Y., & Orshansky, M. (2016). A Monte Carlo simulation flow for SEU analysis of sequential circuits. In Proceedings of the IEEE/ACM Design Automation Conference.Google Scholar
  24. 24.
    Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., & Ohta, K. (2010). Fault sensitivity analysis. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems.Google Scholar
  25. 25.
    Lin, T.-M., & Mead, C. (1984). Signal delay in general RC networks. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 3(4), 331–349.Google Scholar
  26. 26.
    Maiti, A., Gunreddy, V., & Schaumont, P. (2013). A systematic method to evaluate and compare the performance of physical unclonable functions. In Embedded systems design with FPGAs (pp. 245–267). New York: Springer.CrossRefGoogle Scholar
  27. 27.
    Majzoobi, M., & Koushanfar, F. (2011). Time-bounded authentication of FPGAs. IEEE Transactions on Information Forensics and Security, 6(3), 1123–1135.CrossRefGoogle Scholar
  28. 28.
    Mead, C., & Ismail, M. (2012). Analog VLSI implementation of neural systems (Vol. 80). Berlin/Heidelberg: Springer Science & Business Media.Google Scholar
  29. 29.
    Mehr, I., & Welland, D. R. (1997). A CMOS continuous-time G m-C filter for PRML read channel applications at 150 mb/s and beyond. IEEE Journal of Solid-State Circuits, 32(4), 499–513.CrossRefGoogle Scholar
  30. 30.
    Miao, J., Li, M., Roy, S., & Yu, B. (2016). LRR-DPUF: Learning resilient and reliable digital physical unclonable function. In Proceedings of the International Conference on Computer Aided Design.Google Scholar
  31. 31.
    Mitra, S., Seifert, N., & Zhang, M. (2005). Robust system design with built-in soft-error resilience. Journal of Computer, 38, 43–52.Google Scholar
  32. 32.
    Mukherjee, S. S., Emer, J., & Reinhardt, S. K. (2005). The soft error problem: An architectural perspective. In Proceedings of the International Symposium on High-Performance Computer Architecture.Google Scholar
  33. 33.
    Nahiyan, A., Xiao, K., Yang, K., Jin, Y., Forte, D., & Tehranipoor, M. (2016). AVFSM: A framework for identifying and mitigating vulnerabilities in FSMs. In Proceedings of the IEEE/ACM Design Automation Conference.Google Scholar
  34. 34.
    Plotkin, M. (1960). Binary codes with specified minimum distance. IRE Transactions on Information Theory, 6(4), 445–450.MathSciNetCrossRefGoogle Scholar
  35. 35.
    Potkonjak, M., & Goudar, V. (2014). Public physical unclonable functions. Proceedings of IEEE, 102(8), 1142–1156.CrossRefGoogle Scholar
  36. 36.
    Potkonjak, M., Meguerdichian, S., Nahapetian, A., & Wei, S. (2011). Differential public physically unclonable functions: Architecture and applications. In Proceedings of the IEEE/ACM Design Automation Conference (pp. 242–247).Google Scholar
  37. 37.
    Rajendran, J., Rose, G. S., Karri, R., & Potkonjak, M. (2012). Nano-PPUF: A memristor-based security primitive. In Proceedings of the IEEE Annual Symposium on VLSI (pp. 84–87).Google Scholar
  38. 38.
    Rührmair, U. (2009). SIMPL Systems: On a Public Key Variant of Physical Unclonable Functions. IACR Cryptology ePrint Archive, 2009, p. 255.Google Scholar
  39. 39.
    Rührmair, U., Chen, Q., Stutzmann, M., Lugli, P., Schlichtmann, U., & Csaba, G. (2010). Towards electrical, integrated implementations of SIMPL systems. In IFIP International Workshop on Information Security Theory and Practices (pp. 277–292). Heidelberg: Springer.Google Scholar
  40. 40.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., & Schmidhuber, J. (2010). Modeling attacks on physical unclonable functions. In Proceedings of the ACM Conference on Computer & Communications Security (pp. 237–249).Google Scholar
  41. 41.
    Salmani, H., & Tehranipoor, M. (2013). Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level. In Proceedings of the IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems.Google Scholar
  42. 42.
    Shiloach, Y., & Vishkin, U. (1982). An O(n2 log(n)) parallel max-flow algorithm. Journal of Algorithms, 3(2), 128–146.MathSciNetCrossRefGoogle Scholar
  43. 43.
    Sun, Y., Swang, Y., & Lai, F. C. (2007). Low power high speed switched current comparator. In Proceedings of the International Conference Mixed Design of Integrated Circuits and Systems (pp. 305–308).Google Scholar
  44. 44.
    Suykens, J. A. K., & Vandewalle, J. (1999). Least squares support vector machine classifiers. Neural Processing Letters, 9(3), 293–300.CrossRefGoogle Scholar
  45. 45.
    Tunstall, M., Mukhopadhyay, D., & Ali, S. (2011). Differential fault analysis of the advanced encryption standard using a single fault. In Proceedings of the International Workshop on Information Security Theory and Practices.Google Scholar
  46. 46.
    Van Woudenberg, J.G.J., Witteman, M. F., & Menarini, F. (2011). Practical optical fault injection on secure microcontrollers. In Proceedings of the IEEE Workshop Fault Diagnosis and Tolerance in Cryptography.Google Scholar
  47. 47.
    Yoo, A., Chow, E., Henderson, K., McLendon, W., Hendrickson, B., & Çatalyürek, Ü. (2005). A scalable distributed parallel breadth-first search algorithm on BlueGene/L. In Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis (p. 25).Google Scholar
  48. 48.
    Yuce, B., Ghalaty, N. F., Deshpande, C., Patrick, C., Nazhandali, L., & Schaumont, P. (2016). FAME: Fault-attack aware microprocessor extensions for hardware fault detection and software fault response. Proceedings of the International Workshop on Hardware and Architectural Support for Security and Privacy.Google Scholar
  49. 49.
    Yuce, B., Ghalaty, N. F., & Schaumont, P. (2015). Improving fault attacks on embedded software using RISC pipeline characterization. In Proceedings of the IEEE Workshop Fault Diagnosis and Tolerance in Cryptography (2015).Google Scholar
  50. 50.
    Yuce, B., Ghalaty, N. F., & Schaumont, P. (2015). TVVF: Estimating the vulnerability of hardware cryptosystems against timing violation attacks. In Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust.Google Scholar
  51. 51.
    Zhang, M., Mitra, S., Mak, T. M., Seifert, N., Wang, N. J., Shi, Q., et al. (2006). Sequential element design with built-in soft error resilience. IEEE Transactions on Very Large Scale Integration (VLSI) Systems Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringThe University of Texas at AustinAustinUSA

Personalised recommendations