High-Level Simulation for Multiple Fault Injection Evaluation
详细信息 查看全文
- 作者:Maxime Puys (20)
Lionel Rivi猫re (20) (21)
Julien Bringer (20)
Thanh-ha Le (20)
20. SAFRAN Morpho ; Paris ; France
21. T茅l茅com Paristech ; Paris ; France - 刊名:Lecture Notes in Computer Science
- 出版年:2015
- 出版时间:2015
- 年:2015
- 卷:8872
- 期:1
- 页码:293-308
- 全文大小:269 KB
- 参考文献:1. Boneh, D, DeMillo, RA, Lipton, RJ On the importance of checking cryptographic protocols for faults. In: Fumy, W eds. (1997) Advances in Cryptology - EUROCRYPT 鈥?7. Springer, Heidelberg, pp. 37-51 CrossRef
2. Biham, E, Shamir, A Differential fault analysis of secret key cryptosystems. In: Kaliski, BS eds. (1997) Advances in Cryptology - CRYPTO 鈥?7. Springer, Heidelberg, pp. 513-525 CrossRef
3. CSE, Scssi, BSI, Nlncsa, CESG, Nist, and NSA. Common Criteria 2. https://www.commoncriteriaportal.org
4. Quisquater, J-J, Couvreur, C (1982) Fast decipherment algorithm for rsa public-key cryptosystem. Electron. Lett. 18: pp. 905-907 CrossRef
5. Potet, M.-L., Mounier, L., Puys, M., Dureuil, L.: Lazart: a symbolic approach for evaluation the robustness of secured codes against control flow fault injection. In: ICST (2014)
6. Joye, M, Lenstra, AK, Quisquater, J-J (1999) Chinese remaindering based cryptosystems in the presence of faults. J. Cryptol. 12: pp. 241-245 CrossRef
7. Miani, R.-S., Cukier, M., Zarpel茫o, B.B., de Souza Mendes, L.: Relationships between information security metrics: an empirical study. In: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, CSIIRW 2013, pp. 22:1鈥?2:4. ACM, New York (2013)
8. Vaughn, R.B., Henning, R.R., Siraj, A.: Information assurance measures and metrics - state of practice and proposed taxonomy. In: HICSS, p. 331 (2003)
9. Savola, R.: Towards a taxonomy for information security metrics. In: Karjoth, G., St酶len, K. (eds.) QoP, pp. 28鈥?0. ACM (2007)
10. Jansen, W.: Directions in security metrics research. DIANE Publishing, NISTIR 7564 (2010)
11. Christofi, M.: Preuves de s茅curit茅 outill茅es d鈥檌mpl茅mentation cryptographiques. Ph.D. thesis, Laboratoire PRiSM, Universit茅 de Versailles Saint Quentin-en-Yvelines, France (2013)
12. Christofi, M, Chetali, B, Goubin, L, Vigilant, D (2013) Formal verification of a CRT-RSA implementation against fault attacks. J. Crypt. Eng. 3: pp. 157-167 CrossRef
13. Rauzy, P., Guilley, S.: A formal proof of countermeasures against fault injection attacks on CRT-RSA, vol. 2013, pp. 506 (2013)
14. A. Shamir. Method and apparatus for protecting public key schemes from timing and fault attacks. Patent Number 5,991,415, November 1999 (Also presented at the rump session of EUROCRYPT 1997)
15. Aum眉ller, C, Bier, P, Fischer, W, Hofreiter, P, Seifert, J-P Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: Kaliski, BS, Ko莽, 脟K, Paar, C eds. (2002) Cryptographic Hardware and Embedded Systems - CHES 2002. Springer, Heidelberg, pp. 260-275
16. Rauzy, P., Guilley. S.: Formal analysis of CRT-RSA vigilant鈥檚 countermeasure against the bellcore attack: a pledge for formal methods in the field of implementation security. In: Jagannathan, S., Sewell, P. (eds.) PPREW@POPL, p. 2. ACM (2014)
17. Kauffmann-Tourkestansky, X.: Analyses securitaires de code de carte a puce sous attaques physiques simulees. Ph.D. thesis, Universit茅 d鈥橭rl茅ans (2012)
18. Heydemann, K., Moro, N., Encrenaz, E., Robisson, B., Formal verification of a software countermeasure against instruction skip attacks. In: PROOFS 2013, Aot, Santa-Barbara, 脡tats-Unis (2013)
19. ARM Architecture Reference Manual - Thumb-2 Supplement (2005)
20. Brayton, RK VIS: A system for verification and synthesis. In: Alur, R, Henzinger, TA eds. (1996) Computer Aided Verification. Springer, Heidelberg, pp. 428-432 CrossRef
21. Berthier, M, Bringer, J, Chabanne, H, Le, T-H, Rivi猫re, L, Servant, V Idea: embedded fault injection simulator on smartcard. In: J眉rjens, J, Piessens, F, Bielova, N eds. (2014) Engineering Secure Software and Systems. Springer, Heidelberg, pp. 222-229 CrossRef
22. The KLEE symbolic virtual machine. http://klee.llvm.org/
23. Vigilant, D RSA with CRT: a new cost-effective solution to thwart fault attacks. In: Oswald, E, Rohatgi, P eds. (2008) Cryptographic Hardware and Embedded Systems 鈥?CHES 2008. Springer, Heidelberg, pp. 130-145 CrossRef
24. Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., Encrenaz, E.: Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: FDTC, pp. 77鈥?8. IEEE (2013)
25. Kosuri, VK, Fazal, N (2013) FPGA modeling of fault-injection attacks on cryptographic devices. IJERA 3: pp. 937-943
26. http://www.sourceware.org/gdb/
27. Kim, S-K, Kim, TH, Han, D-G, Hong, S (2011) An efficient CRT-RSA algorithm secure against power and fault attacks. J. Syst. Softw. 84: pp. 1660-1669 CrossRef
28. Dehbaoui, A, Mirbaha, A-P, Moro, N, Dutertre, J-M, Tria, A Electromagnetic glitch on the AES round counter. In: Prouff, E eds. (2013) Constructive Side-Channel Analysis and Secure Design. Springer, Heidelberg, pp. 17-31 CrossRef - 作者单位:Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance
- 丛书名:978-3-319-17015-2
- 刊物类别:Computer Science
- 刊物主题:Artificial Intelligence and Robotics
Computer Communication Networks
Software Engineering
Data Encryption
Database Management
Computation by Abstract Devices
Algorithm Analysis and Problem Complexity - 出版者:Springer Berlin / Heidelberg
- ISSN:1611-3349
文摘
Faults injection attacks have become a hot topic in the domain of smartcards. This work exposes a source code-base simulation approach designed to evaluate the robustness of high-level secured implementations against single and multiple fault injections. In addition to an unprotected CRT-RSA implementation, we successfully attacked two countermeasures with the high-level simulation under the data fault model. We define a filtering criterion that operates on found attacks and we refine our simulation analysis accordingly. We introduce a broader fault model that consists in skipping C lines of code and exhibit benefits of such high-level fault model in term of simulation performance and attack coverage.