Abstract
While the number of embedded systems is continuously increasing, securing software against physical attacks is costly and error-prone. Several works proposed solutions that automatically insert protections against these attacks in order to reduce this cost and this risk of error. In this chapter, we present a survey of existing approaches and classify them by the level at which they apply the countermeasure. We consider three different levels: the source code level, the compilation level, and the assembly/binary level. We explain the advantages and disadvantages of each level considering different criteria. Finally, we encourage future works to take compilation into account when designing tools, to consider the problem of combining countermeasures, as well as the interactions between countermeasures and compiler optimisations. Going one step further, we encourage future works to imagine how compilation could be modified or redesigned to optimise both performance and security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
G. Agosta, A. Barenghi, G. Pelosi, A code morphing methodology to automate power analysis countermeasures, in Proceedings of DAC (2012), pp. 77–82
G. Agosta, A. Barenghi, M. Maggi, G. Pelosi, Compiler-based side channel vulnerability analysis and optimized countermeasures application, in 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC) (IEEE, Piscataway, 2013), pp. 1–6
G. Agosta, A. Barenghi, G. Pelosi, M. Scandale, Information Leakage Chaff: Feeding Red Herrings to Side Channel Attackers (ACM Press, New York, 2015), pp. 1–6
G. Agosta, A. Barenghi, G. Pelosi, M. Scandale, The MEET approach: securing cryptographic embedded software against side channel attacks. IEEE TCAD 34(8), 1320–1333 (2015)
M. Agoyan, J.-M. Dutertre, D. Naccache, B. Robisson, A. Tria, When clocks fail: on critical paths and clock faults. Lect. Notes Comput. Sci. 6035, 182–193 (2010)
D. Agrawal, B. Archambeault, J. Rao, P. Rohatgi, The em Side-Channel(s). Lect. Notes Comput. Sci. 2523, 29–45 (2003)
M.-L. Akkar, L. Goubin, O. Ly, Automatic integration of counter-measures against fault injection attacks (2003). Pre-print found at http://www.labri.fr/Perso/ly/index.htm
A. Amarilli, S. Müller, D. Naccache, D. Page, P. Rauzy, M. Tunstall, Can code polymorphism limit information leakage? in IFIP International Workshop on Information Security Theory and Practices (Springer, 2011), pp. 1–21
J. Ambrose, R. Ragel, S. Parameswaran, RIJID: Random code injection to mask power analysis based side channel attacks, in 44th ACM/IEEE Design Automation Conference, DAC ’07, June 2007, pp. 489–492
F. Amiel, K. Villegas, B. Feix, L. Marcel, Passive and active combined attacks: combining fault attacks and side channel analysis, in Workshop on Fault Diagnosis and Tolerance in Cryptography, 2007. FDTC 2007 (IEEE, 2007), pp. 92–99
A.W. Appel, M. Ginsburg, Modern Compiler Implementation in C (Cambridge University Press, New York, 2004)
C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, J.-P. Seifert, Fault attacks on RSA with CRT: concrete results and practical countermeasures. Lect. Notes Comput. Sci. 2523, 260–275 (2003)
J. Balasch, B. Gierlichs, V. Grosso, O. Reparaz, F.-X. Standaert, On the cost of lazy engineering for masked software implementations. Lect. Notes Comput. Sci. 8968, 64–81 (2015)
H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, C. Whelan, The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)
M. Barbosa, A. Moss, D. Page, Constructive and destructive use of compilers in elliptic curve cryptography. J. Cryptol. 22(2), 259–281 (2009)
T. Barry, D. Couroussé, B. Robisson, Compilation of a countermeasure against instruction-skip fault attacks, in Proceedings of the Third Workshop on Cryptography and Security in Computing Systems (ACM, New York, 2016), pp. 1–6
A.G. Bayrak, F. Regazzoni, P. Brisk, F.-X. Standaert, P. Ienne, A first step towards automatic application of power analysis countermeasures, in Proceedings of the 48th Design Automation Conference (ACM, 2011), pp. 230–235
A.G. Bayrak, N. Velickovic, P. Ienne, W. Burleson, An architecture-independent instruction shuffler to protect against side-channel attacks. ACM Trans. Archit. Code Optim. 8(4), 20:1–20:19 (2012)
A.G. Bayrak, F. Regazzoni, D. Novo, P. Brisk, F.-X. Standaert, P. Ienne, Automatic application of power analysis countermeasures. IEEE Trans. Comput. 64(2), 329–341 (2015)
I. Biehl, B. Meyer, V. Müller, Differential fault attacks on ellitic curve cryptosystems, in Advances in Cryptology (CRYPTO 2000), ed. by M. Bellare. Lecture Notes in Computer Science, vol. 1880 (Springer, Berlin, 2000)
D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of checking cryptographic protocols for faults, in International Conference on the Theory and Applications of Cryptographic Techniques (Springer, Berlin, 1997), pp. 37–51
D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14, 101–119 (2001)
E. Brier, C. Clavier, F. Olivier, Correlation power analysis with a leakage model. Lect. Notes Comput. Sci. 3156, 16–29 (2004)
R.B. Carpi, S. Picek, L. Batina, F. Menarini, D. Jakobovic, M. Golub, Glitch it if you can: parametersearch strategies for successful fault injection, in Smart Card Research and Advanced Applications. Lecture Notes in Computer Science (Springer, Cham, 2013)
Z. Chen, J. Shen, A. Nicolau, A. Veidenbaum, N. Farhady. CAMFAS: a compiler approach to mitigate fault attacks via enhanced SIMDization, in 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, Piscataway, 2017), pp. 57–64
C. Clavier, J.-S. Coron, N. Dabbous, Differential power analysis in the presence of hardware countermeasures, in Cryptographic Hardware and Embedded Systems - CHES 2000. Lecture Notes in Computer Science (Springer, Berlin, 2000), pp. 252–263
J.-S. Coron, I. Kizhvatov, An efficient method for random delay generation in embedded software, in International Workshop on Cryptographic Hardware and Embedded Systems. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5747 (2009), pp. 156–170
J.-S. Coron, I. Kizhvatov, Analysis and improvement of the random delay countermeasure of CHES 2009, in International Workshop on Cryptographic Hardware and Embedded Systems. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6225 (2010), pp. 95–109
D. Couroussé, T. Barry, B. Robisson, P. Jaillon, O. Potin, J.-L. Lanet, Runtime Code Polymorphism as a Protection Against Side Channel Attacks, vol. 9895, Sept. 2016, pp. 136–152
S. Crane, A. Homescu, S. Brunthaler, P. Larsen, M. Franz, Thwarting cache side-channel attacks through dynamic software diversity. Internet Society, 2015
J.-L. Danger, S. Guilley, T. Porteboeuf, F. Praden, M. Timbert, HCODE: Hardware-Enhanced Real-Time CFI (ACM Press, New York, 2014), pp. 1–11
F. Dassance, A. Venelli, Combined fault and side-channel attacks on the AES key schedule (2012), pp. 63–71
R. de Clercq, I. Verbauwhede, A survey of Hardware-based Control Flow Integrity (CFI) (2017). arXiv:1706.07257
R. De Keulenaer, J. Maebe, K. De Bosschere, B. De Sutter, Link-time smart card code hardening. Int. J. Inf. Secur. 15(2), 111–130 (2016)
A. Dehbaoui, J.-M. Dutertre, B. Robisson, P. Orsatelli, P. Maurine, A. Tria, Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system-. IACR Cryptology EPrint Archive 2012, 123 (2012)
J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, J.-L. Willems, A practical implementation of the timing attack. Lect. Notes Comput. Sci. 1820, 167–182 (2000)
L. Dureuil, M. Potet, P. de Choudens, C. Dumas, J. Clédière, From code review to fault injection attacks: filling the gap using fault model inference, in Smart Card Research and Advanced Applications - 14th International Conference, CARDIS 2015, Bochum, Germany, November 4–6, 2015. Revised Selected Papers (2015), pp. 107–124
P. Dusart, G. Letourneux, O. Vivolo, Differential fault analysis on AES, in Applied Cryptography and Network Security (ANCS 2003), ed. by M. Yung, Y. Han, J. Zhou. Lecture Notes in Computer Science, vol. 2846 (Springer, Berlin, 2003), pp. 293–306
J.-M. Dutertre, S. De Castro, A. Sarafianos, N. Boher, B. Rouzeyre, M. Lisart, J. Damiens, P. Candeier, M.-L. Flottes, G. Di Natale, Laser attacks on integrated circuits: from CMOS to FD-SOI, in 2014 9th IEEE International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS) (IEEE, 2014), pp. 1–6
H. Eldib, C. Wang, Synthesis of masking countermeasures against side channel attacks, in International Conference on Computer Aided Verification (Springer, Berlin, 2014), pp. 114–130
J. Fan, B. Gierlichs, F. Vercauteren, To infinity and beyond: combined attack on ECC using points of low order. Lect. Notes Comput. Sci. 6917, 143–159 (2011)
K. Gandolfi, C. Mourtel, F. Olivier, Electromagnetic analysis: concrete results. Lect. Notes Comput. Sci. 2162, 251–261 (2001)
D. Genkin, A. Shamir, E. Tromer, Acoustic cryptanalysis. J. Cryptol. 30(2), 392–443 (2017)
L. Goubin, J. Patarin, DES and differential power analysis (The “duplication” method), in Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems, CHES ’99 (Springer, London, 1999), pp. 158–172
A. Homescu, S. Brunthaler, P. Larsen, M. Franz, Librando: Transparent Code Randomization for Just-in-Time Compilers (ACM Press, New York, 2013), pp. 993–1004
M. Hutter, J.-M. Schmidt, The temperature side channel and heating fault attacks. Lect. Notes Comput. Sci. 8419 LNCS, 219–235 (2014)
A. Journault, F.-X. Standaert, Very high order masking: efficient implementation and security evaluation, in Cryptographic Hardware and Embedded Systems - CHES 2017. Lecture Notes in Computer Science (Springer, Cham, 2017), pp. 623–643
P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in Advances in Cryptology - CRYPTO’96 (Springer, Berlin, 1996), pp. 104–113
P. Kocher, J. Jaffe, B. Jun, Differential power analysis. Lect. Notes Comput. Sci. 1666, 388–397 (1999)
J.-F. Lalande, K. Heydemann, P. Berthomé, Software countermeasures for control flow integrity of smart card C codes, in European Symposium on Research in Computer Security (Springer, Berlin, 2014), pp. 200–218
P. Luo, L. Zhang, Y. Fei, A.A. Ding, Towards secure cryptographic software implementation against side-channel power analysis attacks, in 2015 IEEE 26th International Conference on Application-Specific Systems, Architectures and Processors (ASAP) (IEEE, Piscataway, 2015), pp. 144–148
P. Luo, K. Athanasiou, L. Zhang, Z.H. Jiang, Y. Fei, A.A. Ding, T. Wahl, Compiler-Assisted Threshold Implementation Against Power Analysis Attacks (IEEE, Piscataway, 2017), pp. 541–544
P. Malagón, J.M. de Goyeneche, M. Zapater, J. Moya, Z. Banković, Compiler optimizations as a countermeasure against side-channel analysis in MSP430-based devices. Sensors (Switzerland) 12(6), 7994–8012 (2012)
S. Mangard, E. Oswald, T. Popp, Power Analysis attacks: revealing the secrets of smart cards (2007). https://doi.org/10.1007/978-0-387-38162-6
N. Moro, Security of assembly programs against fault attacks on embedded processors, Theses, Université Pierre et Marie Curie - Paris VI, Nov. 2014
N. Moro, A. Dehbaoui, K. Heydemann, B. Robisson, E. Encrenaz, Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller, in 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, Piscataway, 2013), pp. 77–88
N. Moro, K. Heydemann, E. Encrenaz, B. Robisson, Formal verification of a software countermeasure against instruction skip attacks. J. Cryptogr. Eng. 4(3), 145–156 (2014)
A. Moss, E. Oswald, D. Page, M. Tunstall, Compiler assisted masking. Lect. Notes Comput. Sci. 7428, 58–75 (2012)
S.S. Muchnick, Advanced Compiler Design and Implementation (Morgan Kaufmann Publishers Inc., San Francisco, 1997)
S. Ordas, L. Guillaume-Sage, K. Tobich, J.-M. Dutertre, P. Maurine, Evidence of a larger EM-induced fault model, in International Conference on Smart Card Research and Advanced Applications (Springer, Berlin, 2014), pp. 245–259
S. Ordas, L. Guillaume-Sage, P. Maurine, EM injection: fault model and locality, in 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (2015), pp. 3–13
S. Ordas, L. Guillaume-Sage, K. Tobich, J.-M. Dutertre, P. Maurine, Evidence of a larger EM-induced fault model. Lect. Notes Comput. Sci. 8968, 245–259 (2015)
E. Peeters, Advanced DPA Theory and Practice: Towards the Security Limits of Secure Embedded Circuits (2013). https://doi.org/10.1007/978-1-4614-6783-0
J. Proy, K. Heydemann, A. Berzati, A. Cohen, Compiler-assisted loop hardening against fault attacks. ACM Trans. Archit. Code Optim. 14(4), 36:1–36:25 (2017)
J.-J. Quisquater, D. Samyde, ElectroMagnetic analysis (EMA): measures and counter-measures for smart cards, in Smart Card Programming and Security. Lecture Notes in Computer Science (Springer, Berlin, 2001), pp. 200–210. https://doi.org/10.1007/3-540-45418-7_17
A. Rane, C. Lin, M. Tiwari, Raccoon: closing digital side-channels through obfuscated execution, in Proceedings of the 24th USENIX Conference on Security Symposium, SEC’15 (USENIX Association, Berkeley, 2015), pp. 431–446
P. Rauzy, S. Guilley, Countermeasures against high-order fault-injection attacks on CRT-RSA, in 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, 2014), pp. 68–82
P. Rauzy, S. Guilley, Z. Najm, Formally proved security of assembly code against power analysis: a case study on balanced logic. J. Cryptogr. Eng. 6(3), 201–216 (2016)
G.A. Reis, J. Chang, N. Vachharajani, R. Rangan, D.I. August, SWIFT: software implemented fault tolerance, in Proceedings of the international symposium on Code generation and optimization (IEEE Computer Society, Piscataway, 2005), pp. 243–254
M. Rivain, E. Prouff, J. Doget, Higher-order masking and shuffling for software implementations of block ciphers, in Cryptographic Hardware and Embedded Systems - CHES 2009. Lecture Notes in Computer Science (Springer, Berlin, 2009), pp. 171–188. https://doi.org/10.1007/978-3-642-04138-9_13
T. Roche, V. Lomné, K. Khalfallah, Combined fault and side-channel attack on protected implementations of AES. Lect. Notes Comput. Sci. 7079, 65–83 (2011)
H. Seuschek, F. De Santis, O.M. Guillen, Side-Channel Leakage Aware Instruction Scheduling (ACM Press, New York, 2017), pp. 7–12
J. Sifakis, A vision for computer science - the system perspective. Cent. Eur. J. Comput. Sci. 1(1), 108–116 (2011)
S. Skorobogatov, Local heating attacks on flash memory devices, in IEEE International Workshop on Hardware-Oriented Security and Trust (HOST’09) (IEEE Computer Society, 2009), pp. 1–6
S. Skorobogatov, R. Anderson, Optical fault induction attacks. Lect. Notes Comput. Sci. 2523, 2–12 (2003)
Y. Srikant, P. Shankar, The Compiler Design Handbook: Optimizations and Machine Code Generation, 2nd edn. (CRC Press, Boca Raton, 2007)
N. Timmers, A. Spruyt, M. Witteman, Controlling PC on ARM using fault injection, in 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, 2016), pp. 25–35
J. VanLaven, M. Brehob, K. Compton, A computationally feasible SPA attack on AES via optimized search. IFIP Adv. Inf. Commun. Technol. 181, 577–588 (2005)
Acknowledgements
This work was partially funded by the French National Research Agency (ANR) as part of the projects COGITO and PROSECCO, respectively funded by the programs INS-2013 under grant agreement ANR-13-INSE-0006-01 and AAP-2015 under grant agreement ANR-15-CE39.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Belleville, N. et al. (2018). Automatic Application of Software Countermeasures Against Physical Attacks. In: Koç, Ç.K. (eds) Cyber-Physical Systems Security. Springer, Cham. https://doi.org/10.1007/978-3-319-98935-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-98935-8_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98934-1
Online ISBN: 978-3-319-98935-8
eBook Packages: Computer ScienceComputer Science (R0)