Skip to main content
SpringerLink
Log in

Instruction Duplication: Leaky and Not Too Fault-Tolerant!

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10728))

Abstract

Fault injection attacks alter the intended behavior of micro-controllers, compromising their security. These attacks can be mitigated using software countermeasures. A widely-used software-based solution to deflect fault attacks is instruction duplication and n -plication. We explore two main limitations with these approaches: first, we examine the effect of instruction duplication under fault attacks, demonstrating that as fault tolerance mechanism, code duplication does not provide a strong protection in practice. Second, we show that instruction duplication increases side-channel leakage of sensitive code regions using a multivariate exploitation technique both in theory and in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The code is available at: https://github.com/cojocar/llvm-iskip.

  2. 2.

    https://www.riscure.com/security-tools/hardware/vc-glitcher.

  3. 3.

    Infective countermeasures in this [19] work do not pertain to the modular arithmetic infective techniques used by Rauzy and Guilley [3].

  4. 4.

    https://newae.com/tools/chipwhisperer/.

  5. 5.

    SNR() = 2.23 and SNR() = 18.20.

  6. 6.

    https://github.com/kokke/tiny-AES128-C.

  7. 7.

    These are the faults useful for DFA on AES.

References

  1. Viterbi, A.: Error bounds for convolutional codes and an asymptotically optimum decoding algorithm. IEEE Trans. Inf. Theor. 13(2), 260–269 (1967). https://doi.org/10.1109/TIT.1967.1054010. ISSN 0018-9448

    Article  MATH  Google Scholar 

  2. Rabiner, L.R.: A tutorial on hidden Markov models and selected applications in speech recognition. Proc. IEEE 77(2), 257–286 (1989). https://doi.org/10.1109/5.18626. ISSN 0018-9219

    Article  Google Scholar 

  3. Rauzy, P., Guilley, S.: Countermeasures against high-order fault-injection attacks on CRT-RSA. In: 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 68–82, September 2014. https://doi.org/10.1109/FDTC.2014.17

  4. Agosta, G., Barenghi, A., Pelosi, G.: Automated instantiation of side-channel attacks countermeasures for software cipher implementations. In: Proceedings of the ACM International Conference on Computing Frontiers, CF 2016, Como, pp. 455–460. ACM (2016). https://doi.org/10.1145/2903150.2911707. ISBN: 978-1-4503-4128-8

  5. Amiel, F., et al.: Passive and active combined attacks: combining fault attacks and side channel analysis. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2007, pp. 92–102. IEEE (2007)

    Google Scholar 

  6. Barenghi, A., et al.: countermeasures against fault attacks on software implemented AES: effectiveness and cost. In: Proceedings of the 5th Workshop on Embedded Systems Security, p. 7. ACM (2010). http://dl.acm.org/citation.cfm?id=1873555. Accessed 14 Oct 2016

  7. Barenghi, A., et al.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)

    Article  Google Scholar 

  8. Barry, T., Couroussé, D., Robisson, B.: Compilation of a countermeasure against instruction-skip fault attacks. In: Proceedings of the Third Workshop on Cryptography and Security in Computing Systems, pp. 1–6. ACM (2016). http://dl.acm.org/citation.cfm?id=2858931. Accessed 14 Oct 2016

  9. Bayrak, A.G., et al.: A first step towards automatic application of power analysis countermeasures. In: Proceedings of the 48th Design Automation Conference, DAC 2011, San Diego, pp. 230–235. ACM (2011). https://doi.org/10.1145/2024724.2024778. ISBN: 978-1-4503-0636-2

  10. Bayrak, A.G., et al.: Automatic application of power analysis countermeasures. IEEE Trans. Comput. 64(2), 329–341 (2015)

    Article  MathSciNet  Google Scholar 

  11. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  12. Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44499-8_20

    Chapter  Google Scholar 

  13. Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: another look on second-order DPA. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 112–129. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_7

    Chapter  Google Scholar 

  14. Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: a comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_44

    Chapter  Google Scholar 

  15. Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_17

    Google Scholar 

  16. Durvaux, F., Renauld, M., Standaert, F.-X., van Oldeneel tot Oldenzeel, L., Veyrat-Charvillon, N.: Efficient removal of random delays from embedded software implementations using Hidden Markov Models. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 123–140. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37288-9_9

    Chapter  Google Scholar 

  17. Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_1

    Chapter  Google Scholar 

  18. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  19. Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization - a countermeasure for AES against differential fault attacks. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 93–111. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_6

    Google Scholar 

  20. Battistello, A., Giraud, C.: A note on the security of CHES 2014 symmetric infective countermeasure. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 144–159. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-43283-0_9

    Chapter  Google Scholar 

  21. Lomné, V., Roche, T., Thillard, A.: On the need of randomness in fault attack countermeasures - application to AES. In: FDTC 2012 (2012)

    Google Scholar 

  22. Malkin, T.G., Standaert, F.-X., Yung, M.: A comparative cost/security analysis of fault attack countermeasures. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 159–172. Springer, Heidelberg (2006). https://doi.org/10.1007/11889700_15

    Chapter  Google Scholar 

  23. Gierlichs, B., Schmidt, J.-M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 305–321. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_17

    Chapter  Google Scholar 

  24. Patranabis, S., Chakraborty, A., Mukhopadhyay, D.: Fault tolerant infective countermeasure for AES. In: Chakraborty, R.S., Schwabe, P., Solworth, J. (eds.) SPACE 2015. LNCS, vol. 9354, pp. 190–209. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24126-5_12

    Chapter  Google Scholar 

  25. Joye, M., Manet, P., Rigaud, J.-B.: Strengthening hardware AES implementations against fault attacks. In: IET Information Security (2007)

    Google Scholar 

  26. Regazzoni, F., Breveglieri, L., Ienne, P., Koren, I.: Interaction between fault attack countermeasures and the resistance against power analysis attacks. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography. Information Security and Cryptography, pp. 257–272. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29656-7_15

    Chapter  Google Scholar 

  27. Dureuil, L., Potet, M.-L., de Choudens, P., Dumas, C., Clédière, J.: From code review to fault injection attacks: filling the gap using fault model inference. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 107–124. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31271-2_7

    Chapter  Google Scholar 

  28. Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45203-4_23

    Chapter  Google Scholar 

  29. Korak, T., et al.: Clock glitch attacks in the presence of heating. In: FDTC 2014 (2014)

    Google Scholar 

  30. Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 320–334. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_22

    Chapter  Google Scholar 

  31. Luo, P., et al.: Side-channel power analysis of different protection schemes against fault attacks on AES. In: ReConfig 2014 (2014)

    Google Scholar 

  32. Maebe, J., De Keulenaer, R., De Sutter, B., De Bosschere, K.: Mitigating smart card fault injection with link-time code rewriting: a feasibility study. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 221–229. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_19

    Chapter  Google Scholar 

  33. Maistri, P., Leveugle, R.: Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans. Comput. 57(11), 1528–1539 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  34. Malagón, P., et al.: Compiler optimizations as a countermeasure against side-channel analysis in MSP430-based devices. Sensors 12(6), 7994–8012 (2012)

    Article  Google Scholar 

  35. Medwed, M., Schmidt, J.-M.: A generic fault countermeasure providing data and program flow integrity. In: 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2008, pp. 68–73. IEEE (2008)

    Google Scholar 

  36. Moro, N., et al.: Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: FDTC 2013 (2013)

    Google Scholar 

  37. Moro, N., et al.: Formal verification of a software countermeasure against instruction skip attacks. J. Cryptogr. Eng. 4(3), 145–156 (2014)

    Article  Google Scholar 

  38. Moro, N., et al.: Experimental evaluation of two software countermeasures against fault attacks. In: HOST 2014 (2014)

    Google Scholar 

  39. Moss, A., Oswald, E., Page, D., Tunstall, M.: Compiler assisted masking. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 58–75. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_4

    Chapter  Google Scholar 

  40. Pahlevanzadeh, H., Dofe, J., Yu, Q.: Assessing CPA resistance of AES with different fault tolerance mechanisms. In: ASP-DAC 2016 (2016)

    Google Scholar 

  41. Patranabis, S., et al.: One plus one is more than two: a practical combination of power and fault analysis attacks on PRESENT and PRESENT-like block ciphers. In: FDTC 2017. IEEE (2017)

    Google Scholar 

  42. Prouff, E., Rivain, M.: Masking against side-channel attacks: a formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 142–159. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_9

    Chapter  Google Scholar 

  43. Regazzoni, F., et al.: Power attacks resistance of cryptographic s-boxes with added error detection circuits. In: DFT 2007 (2007)

    Google Scholar 

  44. Regazzoni, F., et al.: Can knowledge regarding the presence of countermeasures against fault attacks simplify power attacks on cryptographic devices? In: DFT 2008 (2008)

    Google Scholar 

  45. Riviere, L., et al.: High precision fault injections on the instruction cache of ARMv7-M architectures. In: HOST 2015 (2015)

    Google Scholar 

  46. Timmers, N., Spruyt, A., Witteman, M.: Controlling PC on ARM Using Fault Injection. In: FDTC 2016 (2016)

    Google Scholar 

  47. Verbauwhede, I., Karaklajic, D., Schmidt, J.-M.: The fault attack jungle-a classification model to guide you. In: FDTC 2011 (2011)

    Google Scholar 

  48. Yuce, B., et al.: Software fault resistance is futile: effective single-glitch attacks. In: FDTC 2016, pp. 47–58 (2016)

    Google Scholar 

Download references

Acknowledgements

This research was supported by the NWO CYBSEC “OpenSesame” project (628.001.005) and the NWO project ProFIL (628.001.007). We thank our anonymous reviewers and our shepherds, Fischer Jean-Bernard and Romailler Yolan for their invaluable feedback. We also thank Marius Schilder and Dominic Rizzo from Google Inc. for their support in developing the compiler.

Author information

Authors and Affiliations

  1. Vrije Universiteit Amsterdam, Amsterdam, The Netherlands

    Lucian Cojocar

  2. Radboud University Nijmegen, Nijmegen, The Netherlands

    Kostas Papagiannopoulos

  3. Security Lab, Riscure, Delft, The Netherlands

    Niek Timmers

Authors
  1. Lucian Cojocar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kostas Papagiannopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Niek Timmers
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lucian Cojocar .

Editor information

Editors and Affiliations

  1. University of Lübeck and WPI, Lübeck, Germany

    Thomas Eisenbarth

  2. Gemalto, La Ciotat, France

    Yannick Teglia

Appendix

Appendix

1.1 Differential Fault Analysis (DFA) Attack on Software AES-128

In Sect. 5 we determined the impact of ID as a fault tolerance mechanism on synthetic code. Now we show the interaction between ID and the number of trials needed to conduct a fault based attack. To this extent, we automatically apply ID on a large and complex code construction, the AES-128 cryptographic algorithm, and perform the DFA attack described by Dusart et al. [28]. The goal of the attack is to extract the fixed key by observing the faulty output.

We use the tiny-AES128-CFootnote 6 implementation of the AES-128 cipher, in ECB mode for our target to encrypt a fixed input with a fixed key. A trigger is implemented between the \(9^{th}\) and the \(10^{th}\) round to guarantee we always hit the right location within the algorithm. Two versions of the AES-128 implementation are compiled: a hardened version (with ID in place) and an non-hardened version.

A 2 K trace set containing traces with faulty outputs is acquired for each implementation. We randomly select \(n_t\) from these trace sets and use them in the DFA attack. We repeat this process 100 times for each implementation and we plot how often the attack is successful in Fig. 9.

Fig. 9.
figure 9

DFA on AES-128

Full size image
Table 2. Bytes changed in the output
Full size table

The non-hardened implementation outperforms the hardened implementation in terms of FI tolerance. A clear indication that ID is not effective for protecting the AES-128 algorithm when the instruction corruption fault model holds. Depending on the time penalty required for a single experiment, the small difference can have a noticeable effect. If the target needs to be reset before each experiment then tens of seconds are added for each experiment. Moreover, the target might remove or change the keys after a limited amount of encryptions.

We analyzed the outputs in more detail and counted how often multi byte changes are observed in both implementations (Table 2). From the number of all faults observed (i.e. at least 1 byte difference), 4 bytes faultsFootnote 7 are more probable to be observed in the hardened implementation.

To conclude, fewer successful faults are needed to attack the hardened AES.

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cojocar, L., Papagiannopoulos, K., Timmers, N. (2018). Instruction Duplication: Leaky and Not Too Fault-Tolerant!. In: Eisenbarth, T., Teglia, Y. (eds) Smart Card Research and Advanced Applications. CARDIS 2017. Lecture Notes in Computer Science(), vol 10728. Springer, Cham. https://doi.org/10.1007/978-3-319-75208-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-75208-2_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-75207-5

  • Online ISBN: 978-3-319-75208-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation