Skip to main content
SpringerLink
Log in

Fault Attacks, Injection Techniques and Tools for Simulation

  • Chapter
  • First Online:
Hardware Security and Trust

Abstract

Faults attacks are a serious threat to secure devices, because they are powerful and they can be performed with extremely cheap equipment. Resistance against fault attacks is often evaluated directly on the manufactured devices, as commercial tools supporting fault evaluation do not usually provide the level of details needed to assert the security of a device. Early identification of weak points would instead be very useful as it would allow to immediately apply the appropriate countermeasures directly at design time. Moving towards this goal, in this work, we survey existing fault attacks and techniques for injecting faults, and we analyze the suitability of existing electronic design automaton commodities for estimating resistance against fault attacks. Our exploration, which includes the type of attacks that can be simulated and the limitations of each considered simulation approach, is an initial step towards the development of a complete framework for asserting fault attack robustness.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 139.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Kocher P, Jaffe J, Jun B. Differential power analysis. In: Advances in CryptologyCRYPTO99. Springer; 1999. p. 388–97.

    Google Scholar 

  2. Kocher PC. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Advances in CryptologyCRYPTO96. Springer; 1996. p. 104–13.

    Google Scholar 

  3. Rohatgi P. Electromagnetic attacks and countermeasures. In: Cryptographic engineering. Springer; 2009. p. 407–30.

    Google Scholar 

  4. Schlösser A, Nedospasov D, Krämer J, Orlic S, Seifert J-P. Simple photonic emission analysis of AES. In: Cryptographic hardware and embedded systems—CHES 2012. Springer; 2012. p. 41–57.

    Google Scholar 

  5. Barenghi A. Bertoni GM, Breveglieri L, Pelosi G. A fault induction technique based on voltage underfeeding with application to attacks against AES and RSA. J Syst Softw. 2013;86(7):1864–78.

    Google Scholar 

  6. Selmane N, Guilley S, Danger J-L. Practical setup time violation attacks on AES. In: Seventh European dependable computing conference, EDCC-7 2008, Kaunas, Lithuania, 7–9 May 2008, IEEE Computer Society; 2008. p. 91–6.

    Google Scholar 

  7. Otto M. Fault attacks and countermeasures. PhD thesis, Universit at Paderborn; 2005.

    Google Scholar 

  8. International organization for standardization. ISO/IEC 7816-3: electronic signals and transmission protocols. 2002. http://www.iso.ch.

  9. Balasch J, Gierlichs B, Verbauwhede I. An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Breveglieri L, Guilley S, Koren I, Naccache D, Takahashi J, editors. 2011 workshop on fault diagnosis and tolerance in cryptography, FDTC 2011, Tokyo, Japan, September 29, 2011. IEEE; 2011. p. 105–14

    Google Scholar 

  10. Govindavajhala S, Appel AW. Using memory errors to attack a virtual machine. In: Proceedings of the 2003 IEEE symposium on security and privacy, SP ’03. Washington, DC, USA: IEEE Computer Society; 2003. p. 154.

    Google Scholar 

  11. Skorobogatov S. Optical fault masking attacks. In: Breveglieri L, Joye M, Koren I, Naccache D, Verbauwhede I, editors. 2010 workshop on fault diagnosis and tolerance in cryptography, FDTC 2010, Santa Barbara, California, USA, 21 August 2010. IEEE Computer Society; 2010. p. 23–9

    Google Scholar 

  12. Barenghi A, Breveglieri L, Koren I, Naccache D. Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc IEEE. 2012;100(11):3056–76.

    Google Scholar 

  13. J-J Quisquater, D Samyde. Eddy current for magnetic analysis with active sensor. In: Esmart 2002, Nice, France, 9 2002.

    Google Scholar 

  14. Torrance R, James D. The state-of-the-art in IC reverse engineering. In: Cryptographic hardware and embedded systems-CHES 2009. Springer; 2009. p. 363–81.

    Google Scholar 

  15. Karaklajic D, Schmidt J-M, Verbauwhede I. Hardware designer’s guide to fault attacks. IEEE Trans VLSI Syst. 2013;21(12):2295–306.

    Google Scholar 

  16. Blömer J, Seifert J-P. Fault based cryptanalysis of the advanced encryption standard (AES). In: Wright RN, editor. Financial cryptography, 7th international conference, FC 2003, Guadeloupe, French West Indies, January 27–30, 2003, revised papers. Lecture notes in computer science, vol. 2742. Springer; 2003. p. 162–81.

    Google Scholar 

  17. Ciet M, Joye M. Elliptic curve cryptosystems in the presence of permanent and transient faults. Des Codes Crypt. 2005;36(1):33–43.

    Article  MathSciNet  MATH  Google Scholar 

  18. Naccache D, Nguyen PQ, Tunstall M, Whelan C. Experimenting with faults, lattices and the DSA. In: Vaudenay S, editor. Public key cryptography—PKC 2005, proceedings of the 8th international workshop on theory and practice in public key cryptography, Les Diablerets, Switzerland, January 23–26, 2005. Lecture notes in computer science, vol. 3386, Springer; 2005. p. 16–28.

    Google Scholar 

  19. Duursma IM, Lee H-S. Tate pairing implementation for hyperelliptic curves \(\text{y}^{2} = \text{ x }^{\text{ p }}-\text{ x } + \text{ d }\). In: Laih C-S, editor. ASIACRYPT 2003, proceedings of the 9th international conference on the theory and application of cryptology and information security: advances in cryptology, Taipei, Taiwan, November 30–December 4, 2003. Lecture notes in computer science, vol. 2894. Springer; 2003. p. 111–23.

    Google Scholar 

  20. Biham E, Shamir A. Differential fault analysis of secret key cryptosystems. In: Kaliski BS Jr., editor. CRYPTO ’97, proceedings of the 17th annual international cryptology conference on advances in cryptology, Santa Barbara, California, USA, August 17–21, 1997. Lecture notes in computer science, vol. 1294. Springer; 1997. p. 513–25.

    Google Scholar 

  21. Tunstall M, Mukhopadhyay D, Ali S. Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna CA, Zhou J, editors. Proceedings of the 5th IFIP WG 11.2 international workshop on information security theory and practice. Security and privacy of mobile devices in wireless communication, WISTP 2011, Heraklion, Crete, Greece, June 1–3, 2011. Lecture notes in computer science, vol. 6633. Springer; 2011. p. 224–33.

    Google Scholar 

  22. Rivain M. Differential fault analysis of DES. In: Joye M, Tunstall M, editors. Fault analysis in cryptography. Information security and cryptography. Springer; 2012. p. 37–54

    Google Scholar 

  23. Giraud C. Dfa on aes. In: Advanced encryption standard—AES, 4th International conference, AES 2004. Springer; 2003. p. 27–41.

    Google Scholar 

  24. Biehl I, Meyer B, Müller V. Differential fault attacks on elliptic curve cryptosystems. In: Bellare M, editor. CRYPTO 2000, proceedings of the 20th annual international cryptology conference on advances in cryptology, Santa Barbara, California, USA, August 20–24, 2000. Lecture notes in computer science, vol. 1880. Springer; 2000. p. 131–146.

    Google Scholar 

  25. Berzati A, Canovas C, Goubin L. Perturbating RSA public keys: an improved attack. In: Oswald E, Rohatgi P, editors. CHES 2008, proceedings of the 10th international workshop on cryptographic hardware and embedded systems, Washington, D.C., USA, August 10–13, 2008. Lecture notes in computer science, vol. 5154. Springer; 2008. p. 380–395.

    Google Scholar 

  26. Boneh D, DeMillo RA, Lipton RJ. On the importance of checking cryptographic protocols for faults (extended abstract). In: Fumy W, editor. Advances in cryptology—proceedings of the EUROCRYPT ’97, international conference on the theory and application of cryptographic techniques, Konstanz, Germany, May 11–15, 1997. Lecture notes in computer science, vol. 1233. Springer; 1997. p. 37–51.

    Google Scholar 

  27. Li Y, Sakiyama K, Gomisawa S, Fukunaga T, Takahashi J, Ohta K. Fault sensitivity analysis. In: Mangard S, Standaert F-X, editors. CHES 2010, proceedings of the 12th international workshop on cryptographic hardware and embedded systems, Santa Barbara, CA, USA, August 17–20, 2010. Lecture notes in computer science, vol. 6225. Springer; 2010. p. 320–34.

    Google Scholar 

  28. Schmidt J-M, Herbst C. A practical fault attack on square and multiply. In: Breveglieri et al. [56], p. 53–8.

    Google Scholar 

  29. Schmidt J-M, Medwed M. A fault attack on ECDSA. In: Breveglieri L, Koren I, Naccache D, Oswald E, Seifert J-P, editors. Sixth international workshop on fault diagnosis and tolerance in cryptography, FDTC 2009, Lausanne, Switzerland, 6 September 2009. IEEE Computer Society; 2009. p. 93–9.

    Google Scholar 

  30. Page D, Vercauteren F. A fault attack on pairing-based cryptography. IEEE Trans Comput. 2006;55(9):1075–80.

    Google Scholar 

  31. Schmidt J-M, Medwed M. Fault attacks on the montgomery powering ladder. In: Rhee KH, Nyang DH, editors. Information security and cryptology—ICISC 2010: 13th international conference, Seoul, Korea, December 1–3, 2010, revised selected papers. Lecture notes in computer science, vol. 6829. Springer; 2010. p. 396–406.

    Google Scholar 

  32. Kim CH, Shin JH, Quisquater J-J, Lee PJ. Safe-error attack on SPA-FA resistant exponentiations using a HW modular multiplier. In: Nam K-H, Rhee G, editors. ICISC 2007, proceedings of the 10th international conference on information security and cryptology, Seoul, Korea, November 29–30, 2007. Lecture notes in computer science, vol. 4817. Springer; 2007. p. 273–81.

    Google Scholar 

  33. Barenghi A, Hocquet C, Bol D, Standaert F-X, Regazzoni F, Koren I. A combined design-time/test-time study of the vulnerability of sub-threshold devices to low voltage fault attacks. IEEE Trans Emerg Top Comput. 2014;2(2):107–18.

    Google Scholar 

  34. Folkesson P, Svensson S, Karlsson J. A comparison of simulation based and scan chain implemented fault injection. In: Digest of papers: FTCS-28, the twenty-eigth annual international symposium on fault-tolerant computing, Munich, Germany, June 23–25, 1998. IEEE Computer Society; 1998. p. 284–93.

    Google Scholar 

  35. Sieh V, Tschäche O, Balbach F. Verify: evaluation of reliability using vhdl-models with embedded fault descriptions. In: FTCS. IEEE Computer Society; 1997. p. 32–6.

    Google Scholar 

  36. Rousselle C, Pflanz M, Behling A, Mohaupt T, Vierhaus HT. A register-transfer-level fault simulator for permanent and transient faults in embedded processors. In: DATE; 2001. p. 811.

    Google Scholar 

  37. Baraza JC, Gracia J, Gil D, Gil PJ. A prototype of a VHDL-based fault injection tool: description and application. J Syst Arch. 2002;47(10):847–67.

    Google Scholar 

  38. López C, Entrena L, Olías E. Automatic generation of fault tolerant VHDL designs in RTL. In: FDL (Forum on Design Languages), Lyon, France, September 2001.

    Google Scholar 

  39. Carreira J, Madeira H, Silva JG. Xception: software fault injection and monitoring in processor functional units; 1995.

    Google Scholar 

  40. Kanawati GA, Kanawati NA, Abraham JA. Ferrari: a flexible software-based fault and error injection system. IEEE Trans Comput. 1995;44(2):248–60.

    Google Scholar 

  41. Cotroneo D, Natella R. Fault injection for software certification. In: IEEE security and privacy, special issue on safety-critical systems: the next generation, vol. 11(4). IEEE Computer Society. p. 38–45.

    Google Scholar 

  42. Han S, Rosenberg HA, Shin KG. Doctor: an integrated software fault injection environment; 1995.

    Google Scholar 

  43. Ziade H, Ayoubi RA, Velazco R. A survey on fault injection techniques. Int Arab J Inf Technol. 2004;1(2):171–86.

    Google Scholar 

  44. Miele A. A fault-injection methodology for the system-level dependability analysis of multiprocessor embedded systems. Microprocess Microsyst Embed Hardw Des. 2014;38(6):567–80.

    Google Scholar 

  45. de Moraes RLO, Martins E. JACA—a software fault injection tool. In: DSN. IEEE Computer Society; 2003. p. 667.

    Google Scholar 

  46. Marinescu PD, Candea G. LFI: a practical and general library-level fault injector. In: DSN. IEEE; 2009. p. 379–88.

    Google Scholar 

  47. Dinn AE. Flexible, dynamic injection of structured advice using byteman. In: Proceedings of the tenth international conference on aspect-oriented software development companion, AOSD’ 11. New York, NY, USA: ACM; 2011. p. 41–50.

    Google Scholar 

  48. Lattner C, Adve V. LLVM: a compilation framework for lifelong program analysis and transformation. In: Proceedings of the international symposium on code generation and optimization: feedback-directed and runtime optimization, CGO ’04. Washington, DC, USA: IEEE Computer Society; 2004. p. 75.

    Google Scholar 

  49. Kooli M, Benoit P, Di Natale G, Torres L, Sieh V. Fault injection tools based on virtual machines. In: 2014 9th international symposium on reconfigurable and communication-centric systems-on-chip (ReCoSoC), May 2014. p. 1–6.

    Google Scholar 

  50. Bellard F. QEMU, a fast and portable dynamic translator. In: Proceedings of the annual conference on USENIX annual technical conference, ATEC ’05. Berkeley, CA, USA: USENIX Association; 2005. p. 41.

    Google Scholar 

  51. Wan H, Li Y, Xu P. A fault injection system based on QEMU simulator and designed for bit software testing. Appl Mech Mater. 2013;347–350:580–7.

    Google Scholar 

  52. Watson J. Virtualbox: bits and bytes masquerading as machines. Linux J. 2008(166).

    Google Scholar 

  53. Potyra S, Sieh V, Cin MD. Evaluating fault-tolerant system designs using faumachine. In: Guelfi N, Muccini H, Pelliccione P, Romanovsky A, editors. EFTS. ACM; 2007. p. 9.

    Google Scholar 

  54. Breveglieri L, Gueron S, Koren I, Naccache D, Seifert J-P (eds). Fifth international workshop on fault diagnosis and tolerance in cryptography, 2008, FDTC 2008, Washington, DC, USA, 10 August 2008. IEEE Computer Society; 2008.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. EGI.eu, Science Park 140, Amsterdam, The Netherlands

    Roberta Piscitelli

  2. Temasek Labs@NTU, 21 Nanyang Link, Singapore, 637371, Singapore

    Shivam Bhasin

  3. ALaRI-USI, via Buffi, 13, 6900, Lugano, Switzerland

    Francesco Regazzoni

Authors
  1. Roberta Piscitelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shivam Bhasin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Francesco Regazzoni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Roberta Piscitelli .

Editor information

Editors and Affiliations

  1. Computer & Informatics Engineering Department, Technological Educational Institute of Western Greece, Antirrio, Greece

    Nicolas Sklavos

  2. INESC-ID, IST, University of Lisbon, Lisbon, Portugal

    Ricardo Chaves

  3. UMR 5506 - CC 477, LIRMM - CNRS / University of Montpellier, Montpellier, France

    Giorgio Di Natale

  4. ALaRI Institute, University of Lugano, Lugano, Switzerland

    Francesco Regazzoni

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Piscitelli, R., Bhasin, S., Regazzoni, F. (2017). Fault Attacks, Injection Techniques and Tools for Simulation. In: Sklavos, N., Chaves, R., Di Natale, G., Regazzoni, F. (eds) Hardware Security and Trust. Springer, Cham. https://doi.org/10.1007/978-3-319-44318-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44318-8_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44316-4

  • Online ISBN: 978-3-319-44318-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation