Abstract
Faults attacks are a serious threat to secure devices, because they are powerful and they can be performed with extremely cheap equipment. Resistance against fault attacks is often evaluated directly on the manufactured devices, as commercial tools supporting fault evaluation do not usually provide the level of details needed to assert the security of a device. Early identification of weak points would instead be very useful as it would allow to immediately apply the appropriate countermeasures directly at design time. Moving towards this goal, in this work, we survey existing fault attacks and techniques for injecting faults, and we analyze the suitability of existing electronic design automaton commodities for estimating resistance against fault attacks. Our exploration, which includes the type of attacks that can be simulated and the limitations of each considered simulation approach, is an initial step towards the development of a complete framework for asserting fault attack robustness.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kocher P, Jaffe J, Jun B. Differential power analysis. In: Advances in CryptologyCRYPTO99. Springer; 1999. p. 388–97.
Kocher PC. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Advances in CryptologyCRYPTO96. Springer; 1996. p. 104–13.
Rohatgi P. Electromagnetic attacks and countermeasures. In: Cryptographic engineering. Springer; 2009. p. 407–30.
Schlösser A, Nedospasov D, Krämer J, Orlic S, Seifert J-P. Simple photonic emission analysis of AES. In: Cryptographic hardware and embedded systems—CHES 2012. Springer; 2012. p. 41–57.
Barenghi A. Bertoni GM, Breveglieri L, Pelosi G. A fault induction technique based on voltage underfeeding with application to attacks against AES and RSA. J Syst Softw. 2013;86(7):1864–78.
Selmane N, Guilley S, Danger J-L. Practical setup time violation attacks on AES. In: Seventh European dependable computing conference, EDCC-7 2008, Kaunas, Lithuania, 7–9 May 2008, IEEE Computer Society; 2008. p. 91–6.
Otto M. Fault attacks and countermeasures. PhD thesis, Universit at Paderborn; 2005.
International organization for standardization. ISO/IEC 7816-3: electronic signals and transmission protocols. 2002. http://www.iso.ch.
Balasch J, Gierlichs B, Verbauwhede I. An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Breveglieri L, Guilley S, Koren I, Naccache D, Takahashi J, editors. 2011 workshop on fault diagnosis and tolerance in cryptography, FDTC 2011, Tokyo, Japan, September 29, 2011. IEEE; 2011. p. 105–14
Govindavajhala S, Appel AW. Using memory errors to attack a virtual machine. In: Proceedings of the 2003 IEEE symposium on security and privacy, SP ’03. Washington, DC, USA: IEEE Computer Society; 2003. p. 154.
Skorobogatov S. Optical fault masking attacks. In: Breveglieri L, Joye M, Koren I, Naccache D, Verbauwhede I, editors. 2010 workshop on fault diagnosis and tolerance in cryptography, FDTC 2010, Santa Barbara, California, USA, 21 August 2010. IEEE Computer Society; 2010. p. 23–9
Barenghi A, Breveglieri L, Koren I, Naccache D. Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc IEEE. 2012;100(11):3056–76.
J-J Quisquater, D Samyde. Eddy current for magnetic analysis with active sensor. In: Esmart 2002, Nice, France, 9 2002.
Torrance R, James D. The state-of-the-art in IC reverse engineering. In: Cryptographic hardware and embedded systems-CHES 2009. Springer; 2009. p. 363–81.
Karaklajic D, Schmidt J-M, Verbauwhede I. Hardware designer’s guide to fault attacks. IEEE Trans VLSI Syst. 2013;21(12):2295–306.
Blömer J, Seifert J-P. Fault based cryptanalysis of the advanced encryption standard (AES). In: Wright RN, editor. Financial cryptography, 7th international conference, FC 2003, Guadeloupe, French West Indies, January 27–30, 2003, revised papers. Lecture notes in computer science, vol. 2742. Springer; 2003. p. 162–81.
Ciet M, Joye M. Elliptic curve cryptosystems in the presence of permanent and transient faults. Des Codes Crypt. 2005;36(1):33–43.
Naccache D, Nguyen PQ, Tunstall M, Whelan C. Experimenting with faults, lattices and the DSA. In: Vaudenay S, editor. Public key cryptography—PKC 2005, proceedings of the 8th international workshop on theory and practice in public key cryptography, Les Diablerets, Switzerland, January 23–26, 2005. Lecture notes in computer science, vol. 3386, Springer; 2005. p. 16–28.
Duursma IM, Lee H-S. Tate pairing implementation for hyperelliptic curves \(\text{y}^{2} = \text{ x }^{\text{ p }}-\text{ x } + \text{ d }\). In: Laih C-S, editor. ASIACRYPT 2003, proceedings of the 9th international conference on the theory and application of cryptology and information security: advances in cryptology, Taipei, Taiwan, November 30–December 4, 2003. Lecture notes in computer science, vol. 2894. Springer; 2003. p. 111–23.
Biham E, Shamir A. Differential fault analysis of secret key cryptosystems. In: Kaliski BS Jr., editor. CRYPTO ’97, proceedings of the 17th annual international cryptology conference on advances in cryptology, Santa Barbara, California, USA, August 17–21, 1997. Lecture notes in computer science, vol. 1294. Springer; 1997. p. 513–25.
Tunstall M, Mukhopadhyay D, Ali S. Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna CA, Zhou J, editors. Proceedings of the 5th IFIP WG 11.2 international workshop on information security theory and practice. Security and privacy of mobile devices in wireless communication, WISTP 2011, Heraklion, Crete, Greece, June 1–3, 2011. Lecture notes in computer science, vol. 6633. Springer; 2011. p. 224–33.
Rivain M. Differential fault analysis of DES. In: Joye M, Tunstall M, editors. Fault analysis in cryptography. Information security and cryptography. Springer; 2012. p. 37–54
Giraud C. Dfa on aes. In: Advanced encryption standard—AES, 4th International conference, AES 2004. Springer; 2003. p. 27–41.
Biehl I, Meyer B, Müller V. Differential fault attacks on elliptic curve cryptosystems. In: Bellare M, editor. CRYPTO 2000, proceedings of the 20th annual international cryptology conference on advances in cryptology, Santa Barbara, California, USA, August 20–24, 2000. Lecture notes in computer science, vol. 1880. Springer; 2000. p. 131–146.
Berzati A, Canovas C, Goubin L. Perturbating RSA public keys: an improved attack. In: Oswald E, Rohatgi P, editors. CHES 2008, proceedings of the 10th international workshop on cryptographic hardware and embedded systems, Washington, D.C., USA, August 10–13, 2008. Lecture notes in computer science, vol. 5154. Springer; 2008. p. 380–395.
Boneh D, DeMillo RA, Lipton RJ. On the importance of checking cryptographic protocols for faults (extended abstract). In: Fumy W, editor. Advances in cryptology—proceedings of the EUROCRYPT ’97, international conference on the theory and application of cryptographic techniques, Konstanz, Germany, May 11–15, 1997. Lecture notes in computer science, vol. 1233. Springer; 1997. p. 37–51.
Li Y, Sakiyama K, Gomisawa S, Fukunaga T, Takahashi J, Ohta K. Fault sensitivity analysis. In: Mangard S, Standaert F-X, editors. CHES 2010, proceedings of the 12th international workshop on cryptographic hardware and embedded systems, Santa Barbara, CA, USA, August 17–20, 2010. Lecture notes in computer science, vol. 6225. Springer; 2010. p. 320–34.
Schmidt J-M, Herbst C. A practical fault attack on square and multiply. In: Breveglieri et al. [56], p. 53–8.
Schmidt J-M, Medwed M. A fault attack on ECDSA. In: Breveglieri L, Koren I, Naccache D, Oswald E, Seifert J-P, editors. Sixth international workshop on fault diagnosis and tolerance in cryptography, FDTC 2009, Lausanne, Switzerland, 6 September 2009. IEEE Computer Society; 2009. p. 93–9.
Page D, Vercauteren F. A fault attack on pairing-based cryptography. IEEE Trans Comput. 2006;55(9):1075–80.
Schmidt J-M, Medwed M. Fault attacks on the montgomery powering ladder. In: Rhee KH, Nyang DH, editors. Information security and cryptology—ICISC 2010: 13th international conference, Seoul, Korea, December 1–3, 2010, revised selected papers. Lecture notes in computer science, vol. 6829. Springer; 2010. p. 396–406.
Kim CH, Shin JH, Quisquater J-J, Lee PJ. Safe-error attack on SPA-FA resistant exponentiations using a HW modular multiplier. In: Nam K-H, Rhee G, editors. ICISC 2007, proceedings of the 10th international conference on information security and cryptology, Seoul, Korea, November 29–30, 2007. Lecture notes in computer science, vol. 4817. Springer; 2007. p. 273–81.
Barenghi A, Hocquet C, Bol D, Standaert F-X, Regazzoni F, Koren I. A combined design-time/test-time study of the vulnerability of sub-threshold devices to low voltage fault attacks. IEEE Trans Emerg Top Comput. 2014;2(2):107–18.
Folkesson P, Svensson S, Karlsson J. A comparison of simulation based and scan chain implemented fault injection. In: Digest of papers: FTCS-28, the twenty-eigth annual international symposium on fault-tolerant computing, Munich, Germany, June 23–25, 1998. IEEE Computer Society; 1998. p. 284–93.
Sieh V, Tschäche O, Balbach F. Verify: evaluation of reliability using vhdl-models with embedded fault descriptions. In: FTCS. IEEE Computer Society; 1997. p. 32–6.
Rousselle C, Pflanz M, Behling A, Mohaupt T, Vierhaus HT. A register-transfer-level fault simulator for permanent and transient faults in embedded processors. In: DATE; 2001. p. 811.
Baraza JC, Gracia J, Gil D, Gil PJ. A prototype of a VHDL-based fault injection tool: description and application. J Syst Arch. 2002;47(10):847–67.
López C, Entrena L, OlÃas E. Automatic generation of fault tolerant VHDL designs in RTL. In: FDL (Forum on Design Languages), Lyon, France, September 2001.
Carreira J, Madeira H, Silva JG. Xception: software fault injection and monitoring in processor functional units; 1995.
Kanawati GA, Kanawati NA, Abraham JA. Ferrari: a flexible software-based fault and error injection system. IEEE Trans Comput. 1995;44(2):248–60.
Cotroneo D, Natella R. Fault injection for software certification. In: IEEE security and privacy, special issue on safety-critical systems: the next generation, vol. 11(4). IEEE Computer Society. p. 38–45.
Han S, Rosenberg HA, Shin KG. Doctor: an integrated software fault injection environment; 1995.
Ziade H, Ayoubi RA, Velazco R. A survey on fault injection techniques. Int Arab J Inf Technol. 2004;1(2):171–86.
Miele A. A fault-injection methodology for the system-level dependability analysis of multiprocessor embedded systems. Microprocess Microsyst Embed Hardw Des. 2014;38(6):567–80.
de Moraes RLO, Martins E. JACA—a software fault injection tool. In: DSN. IEEE Computer Society; 2003. p. 667.
Marinescu PD, Candea G. LFI: a practical and general library-level fault injector. In: DSN. IEEE; 2009. p. 379–88.
Dinn AE. Flexible, dynamic injection of structured advice using byteman. In: Proceedings of the tenth international conference on aspect-oriented software development companion, AOSD’ 11. New York, NY, USA: ACM; 2011. p. 41–50.
Lattner C, Adve V. LLVM: a compilation framework for lifelong program analysis and transformation. In: Proceedings of the international symposium on code generation and optimization: feedback-directed and runtime optimization, CGO ’04. Washington, DC, USA: IEEE Computer Society; 2004. p. 75.
Kooli M, Benoit P, Di Natale G, Torres L, Sieh V. Fault injection tools based on virtual machines. In: 2014 9th international symposium on reconfigurable and communication-centric systems-on-chip (ReCoSoC), May 2014. p. 1–6.
Bellard F. QEMU, a fast and portable dynamic translator. In: Proceedings of the annual conference on USENIX annual technical conference, ATEC ’05. Berkeley, CA, USA: USENIX Association; 2005. p. 41.
Wan H, Li Y, Xu P. A fault injection system based on QEMU simulator and designed for bit software testing. Appl Mech Mater. 2013;347–350:580–7.
Watson J. Virtualbox: bits and bytes masquerading as machines. Linux J. 2008(166).
Potyra S, Sieh V, Cin MD. Evaluating fault-tolerant system designs using faumachine. In: Guelfi N, Muccini H, Pelliccione P, Romanovsky A, editors. EFTS. ACM; 2007. p. 9.
Breveglieri L, Gueron S, Koren I, Naccache D, Seifert J-P (eds). Fifth international workshop on fault diagnosis and tolerance in cryptography, 2008, FDTC 2008, Washington, DC, USA, 10 August 2008. IEEE Computer Society; 2008.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Piscitelli, R., Bhasin, S., Regazzoni, F. (2017). Fault Attacks, Injection Techniques and Tools for Simulation. In: Sklavos, N., Chaves, R., Di Natale, G., Regazzoni, F. (eds) Hardware Security and Trust. Springer, Cham. https://doi.org/10.1007/978-3-319-44318-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-44318-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44316-4
Online ISBN: 978-3-319-44318-8
eBook Packages: EngineeringEngineering (R0)