参考文献:1. Boneh, D, DeMillo, RA, Lipton, RJ On the importance of checking cryptographic protocols for faults. In: Fumy, W eds. (1997) Advances in Cryptology - EUROCRYPT 鈥?7. Springer, Heidelberg, pp. 37-51 CrossRef 2. Biham, E, Shamir, A Differential fault analysis of secret key cryptosystems. In: Kaliski, BS eds. (1997) Advances in Cryptology - CRYPTO 鈥?7. Springer, Heidelberg, pp. 513-525 CrossRef 3. CSE, Scssi, BSI, Nlncsa, CESG, Nist, and NSA. Common Criteria 2. https://www.commoncriteriaportal.org 4. Quisquater, J-J, Couvreur, C (1982) Fast decipherment algorithm for rsa public-key cryptosystem. Electron. Lett. 18: pp. 905-907 CrossRef 5. Potet, M.-L., Mounier, L., Puys, M., Dureuil, L.: Lazart: a symbolic approach for evaluation the robustness of secured codes against control flow fault injection. In: ICST (2014) 6. Joye, M, Lenstra, AK, Quisquater, J-J (1999) Chinese remaindering based cryptosystems in the presence of faults. J. Cryptol. 12: pp. 241-245 CrossRef 7. Miani, R.-S., Cukier, M., Zarpel茫o, B.B., de Souza Mendes, L.: Relationships between information security metrics: an empirical study. In: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, CSIIRW 2013, pp. 22:1鈥?2:4. ACM, New York (2013) 8. Vaughn, R.B., Henning, R.R., Siraj, A.: Information assurance measures and metrics - state of practice and proposed taxonomy. In: HICSS, p. 331 (2003) 9. Savola, R.: Towards a taxonomy for information security metrics. In: Karjoth, G., St酶len, K. (eds.) QoP, pp. 28鈥?0. ACM (2007) 10. Jansen, W.: Directions in security metrics research. DIANE Publishing, NISTIR 7564 (2010) 11. Christofi, M.: Preuves de s茅curit茅 outill茅es d鈥檌mpl茅mentation cryptographiques. Ph.D. thesis, Laboratoire PRiSM, Universit茅 de Versailles Saint Quentin-en-Yvelines, France (2013) 12. Christofi, M, Chetali, B, Goubin, L, Vigilant, D (2013) Formal verification of a CRT-RSA implementation against fault attacks. J. Crypt. Eng. 3: pp. 157-167 CrossRef 13. Rauzy, P., Guilley, S.: A formal proof of countermeasures against fault injection attacks on CRT-RSA, vol. 2013, pp. 506 (2013) 14. A. Shamir. Method and apparatus for protecting public key schemes from timing and fault attacks. Patent Number 5,991,415, November 1999 (Also presented at the rump session of EUROCRYPT 1997) 15. Aum眉ller, C, Bier, P, Fischer, W, Hofreiter, P, Seifert, J-P Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: Kaliski, BS, Ko莽, 脟K, Paar, C eds. (2002) Cryptographic Hardware and Embedded Systems - CHES 2002. Springer, Heidelberg, pp. 260-275 16. Rauzy, P., Guilley. S.: Formal analysis of CRT-RSA vigilant鈥檚 countermeasure against the bellcore attack: a pledge for formal methods in the field of implementation security. In: Jagannathan, S., Sewell, P. (eds.) PPREW@POPL, p. 2. ACM (2014) 17. Kauffmann-Tourkestansky, X.: Analyses securitaires de code de carte a puce sous attaques physiques simulees. Ph.D. thesis, Universit茅 d鈥橭rl茅ans (2012) 18. Heydemann, K., Moro, N., Encrenaz, E., Robisson, B., Formal verification of a software countermeasure against instruction skip attacks. In: PROOFS 2013, Aot, Santa-Barbara, 脡tats-Unis (2013) 19. ARM Architecture Reference Manual - Thumb-2 Supplement (2005) 20. Brayton, RK VIS: A system for verification and synthesis. In: Alur, R, Henzinger, TA eds. (1996) Computer Aided Verification. Springer, Heidelberg, pp. 428-432 CrossRef 21. Berthier, M, Bringer, J, Chabanne, H, Le, T-H, Rivi猫re, L, Servant, V Idea: embedded fault injection simulator on smartcard. In: J眉rjens, J, Piessens, F, Bielova, N eds. (2014) Engineering Secure Software and Systems. Springer, Heidelberg, pp. 222-229 CrossRef 22. The KLEE symbolic virtual machine. http://klee.llvm.org/ 23. Vigilant, D RSA with CRT: a new cost-effective solution to thwart fault attacks. In: Oswald, E, Rohatgi, P eds. (2008) Cryptographic Hardware and Embedded Systems 鈥?CHES 2008. Springer, Heidelberg, pp. 130-145 CrossRef 24. Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., Encrenaz, E.: Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: FDTC, pp. 77鈥?8. IEEE (2013) 25. Kosuri, VK, Fazal, N (2013) FPGA modeling of fault-injection attacks on cryptographic devices. IJERA 3: pp. 937-943 26. http://www.sourceware.org/gdb/ 27. Kim, S-K, Kim, TH, Han, D-G, Hong, S (2011) An efficient CRT-RSA algorithm secure against power and fault attacks. J. Syst. Softw. 84: pp. 1660-1669 CrossRef 28. Dehbaoui, A, Mirbaha, A-P, Moro, N, Dutertre, J-M, Tria, A Electromagnetic glitch on the AES round counter. In: Prouff, E eds. (2013) Constructive Side-Channel Analysis and Secure Design. Springer, Heidelberg, pp. 17-31 CrossRef
作者单位:Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance
丛书名:978-3-319-17015-2
刊物类别:Computer Science
刊物主题:Artificial Intelligence and Robotics Computer Communication Networks Software Engineering Data Encryption Database Management Computation by Abstract Devices Algorithm Analysis and Problem Complexity
出版者:Springer Berlin / Heidelberg
ISSN:1611-3349
文摘
Faults injection attacks have become a hot topic in the domain of smartcards. This work exposes a source code-base simulation approach designed to evaluate the robustness of high-level secured implementations against single and multiple fault injections. In addition to an unprotected CRT-RSA implementation, we successfully attacked two countermeasures with the high-level simulation under the data fault model. We define a filtering criterion that operates on found attacks and we refine our simulation analysis accordingly. We introduce a broader fault model that consists in skipping C lines of code and exhibit benefits of such high-level fault model in term of simulation performance and attack coverage.