2020
Srivastava, Milind; SLPSK, Patanjali; Roy, Indrani; Rebeiro, Chester; Hazra, Aritra; Bhunia, Swarup
SOLOMON: An Automated Framework for Detecting Fault Attack Vulnerabilities in Hardware Proceedings Article
In: Design, Automation, and Test in Europe Conference Exhibition (DATE), pp. 310-313, DATE IEEE, 2020, ISBN: 978-3-9819263-4-7.
Abstract | Links | BibTeX | Tags: Fault Injection Attacks
@inproceedings{Srivastava2020b,
title = {SOLOMON: An Automated Framework for Detecting Fault Attack Vulnerabilities in Hardware},
author = {Milind Srivastava and Patanjali SLPSK and Indrani Roy and Chester Rebeiro and Aritra Hazra and Swarup Bhunia},
url = {https://ieeexplore.ieee.org/document/9116380},
doi = {10.23919/DATE48585.2020.9116380},
isbn = {978-3-9819263-4-7},
year = {2020},
date = {2020-03-09},
booktitle = {Design, Automation, and Test in Europe Conference Exhibition (DATE)},
pages = {310-313},
publisher = {IEEE},
organization = {DATE},
abstract = {Fault attacks are potent physical attacks on crypto-devices. A single fault injected during encryption can reveal the cipher's secret key. In a hardware realization of an encryption algorithm, only a tiny fraction of the gates is exploitable by such an attack. Finding these vulnerable gates has been a manual and tedious task requiring considerable expertise. In this paper, we propose SOLOMON, the first automatic fault attack vulnerability detection framework for hardware designs. Given a cipher implementation, either at RTL or gate-level, SOLOMON uses formal methods to map vulnerable regions in the cipher algorithm to specific locations in the hardware thus enabling targeted countermeasures to be deployed with much lesser overheads. We demonstrate the efficacy of the SOLOMON framework using three ciphers: AES, CLEFIA, and Simon.},
keywords = {Fault Injection Attacks},
pubstate = {published},
tppubtype = {inproceedings}
}
Fault attacks are potent physical attacks on crypto-devices. A single fault injected during encryption can reveal the cipher's secret key. In a hardware realization of an encryption algorithm, only a tiny fraction of the gates is exploitable by such an attack. Finding these vulnerable gates has been a manual and tedious task requiring considerable expertise. In this paper, we propose SOLOMON, the first automatic fault attack vulnerability detection framework for hardware designs. Given a cipher implementation, either at RTL or gate-level, SOLOMON uses formal methods to map vulnerable regions in the cipher algorithm to specific locations in the hardware thus enabling targeted countermeasures to be deployed with much lesser overheads. We demonstrate the efficacy of the SOLOMON framework using three ciphers: AES, CLEFIA, and Simon.
K, Keerthi; Roy, Indrani; Rebeiro, Chester; Hazra, Aritra; Bhunia, Swarup
FEDS: Comprehensive Fault Attack Exploitability Detection for Software Implementations of Block Ciphers Journal Article
In: IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2020, no. 2, pp. 272-299, 2020.
Abstract | Links | BibTeX | Tags: Fault Injection Attacks
@article{Keerthi2020,
title = {FEDS: Comprehensive Fault Attack Exploitability Detection for Software Implementations of Block Ciphers},
author = {Keerthi K and Indrani Roy and Chester Rebeiro and Aritra Hazra and Swarup Bhunia},
url = {https://tches.iacr.org/index.php/TCHES/article/view/8552},
doi = {https://doi.org/10.13154/tches.v2020.i2.272-299},
year = {2020},
date = {2020-03-02},
journal = {IACR Transactions on Cryptographic Hardware and Embedded Systems},
volume = {2020},
number = {2},
pages = { 272-299},
abstract = {Fault injection attacks are one of the most powerful forms of cryptanalytic attacks on ciphers. A single precisely injected fault during the execution of a cipher like the AES, can completely reveal the key within a few milliseconds. Software implementations of ciphers, therefore, need to be thoroughly evaluated for such attacks. In recent years, automated tools have been developed to perform these evaluations. These tools either work on the cipher algorithm or on their implementations. Tools that work at the algorithm level can provide a comprehensive assessment of fault attack vulnerability for different fault attacks and with different fault models. Their application is, however, restricted because every realization of the cipher has unique vulnerabilities. On the other hand, tools that work on cipher implementations have a much wider application but are often restricted by the range of fault attacks and the number of fault models they can evaluate.
In this paper, we propose a framework, called FEDS, that uses a combination of compiler techniques and model checking to merge the advantages of both, algorithmic level tools as well as implementation level tools. Like the algorithmic level tools, FEDS can provide a comprehensive assessment of fault attack exploitability considering a wide range of fault attacks and fault models. Like implementation level tools, FEDS works with implementations, therefore has wide applications. We demonstrate the versatility of FEDS by evaluating seven different implementations of AES (including bitsliced implementation) and implementations of CLEFIA and CAMELLIA for Differential Fault Attacks. The framework automatically identifies exploitable instructions in all implementations. Further, we present an application of FEDS in a Fault Attack Aware Compiler, that can automatically identify and protect exploitable regions of the code. We demonstrate that the compiler can generate significantly more efficient code than a naïvely protected equivalent while maintaining the same level of protection.},
keywords = {Fault Injection Attacks},
pubstate = {published},
tppubtype = {article}
}
Fault injection attacks are one of the most powerful forms of cryptanalytic attacks on ciphers. A single precisely injected fault during the execution of a cipher like the AES, can completely reveal the key within a few milliseconds. Software implementations of ciphers, therefore, need to be thoroughly evaluated for such attacks. In recent years, automated tools have been developed to perform these evaluations. These tools either work on the cipher algorithm or on their implementations. Tools that work at the algorithm level can provide a comprehensive assessment of fault attack vulnerability for different fault attacks and with different fault models. Their application is, however, restricted because every realization of the cipher has unique vulnerabilities. On the other hand, tools that work on cipher implementations have a much wider application but are often restricted by the range of fault attacks and the number of fault models they can evaluate.
In this paper, we propose a framework, called FEDS, that uses a combination of compiler techniques and model checking to merge the advantages of both, algorithmic level tools as well as implementation level tools. Like the algorithmic level tools, FEDS can provide a comprehensive assessment of fault attack exploitability considering a wide range of fault attacks and fault models. Like implementation level tools, FEDS works with implementations, therefore has wide applications. We demonstrate the versatility of FEDS by evaluating seven different implementations of AES (including bitsliced implementation) and implementations of CLEFIA and CAMELLIA for Differential Fault Attacks. The framework automatically identifies exploitable instructions in all implementations. Further, we present an application of FEDS in a Fault Attack Aware Compiler, that can automatically identify and protect exploitable regions of the code. We demonstrate that the compiler can generate significantly more efficient code than a naïvely protected equivalent while maintaining the same level of protection.
In this paper, we propose a framework, called FEDS, that uses a combination of compiler techniques and model checking to merge the advantages of both, algorithmic level tools as well as implementation level tools. Like the algorithmic level tools, FEDS can provide a comprehensive assessment of fault attack exploitability considering a wide range of fault attacks and fault models. Like implementation level tools, FEDS works with implementations, therefore has wide applications. We demonstrate the versatility of FEDS by evaluating seven different implementations of AES (including bitsliced implementation) and implementations of CLEFIA and CAMELLIA for Differential Fault Attacks. The framework automatically identifies exploitable instructions in all implementations. Further, we present an application of FEDS in a Fault Attack Aware Compiler, that can automatically identify and protect exploitable regions of the code. We demonstrate that the compiler can generate significantly more efficient code than a naïvely protected equivalent while maintaining the same level of protection.
2019
Roy, Indrani; Rebeiro, Chester; Hazra, Aritra; Bhunia, Swarup
SAFARI: Automatic Synthesis of Fault-Attack Resistant Block Cipher Implementations Journal Article
In: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 39, no. 4, pp. 752-765, 2019, ISBN: 19545508.
Abstract | Links | BibTeX | Tags: Fault Injection Attacks
@article{Roy2019,
title = {SAFARI: Automatic Synthesis of Fault-Attack Resistant Block Cipher Implementations},
author = {Indrani Roy and Chester Rebeiro and Aritra Hazra and Swarup Bhunia},
url = {https://ieeexplore.ieee.org/document/8634921},
doi = {10.1109/TCAD.2019.2897629},
isbn = {19545508},
year = {2019},
date = {2019-12-01},
journal = {IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems},
volume = {39},
number = {4},
pages = {752-765},
abstract = {Most cipher implementations are vulnerable to a class of cryptanalytic attacks known as fault injection attacks. To reveal the secret key, these attacks make use of faults induced at specific locations during the execution of the cipher. Countermeasures for fault injection attacks require these vulnerable locations in the implementation to be first identified and then protected. However, both these steps are difficult and error-prone and, hence, it requires considerable expertise to design efficient countermeasures. Incorrect or insufficient application of the countermeasures would cause the implementation to remain vulnerable, while inefficient application of the countermeasures could lead to significant performance penalties to achieve the desired fault-attack resistance. In this paper, we present a novel framework called SAFARI for automatically synthesizing fault-attack resistant implementations of block ciphers. The framework takes as input the security requirements and a high-level specification of the block cipher. It automatically detects the vulnerable locations from the specification, applies an appropriate countermeasure based on the user-specified security requirements, and then synthesizes an efficient, fault-attack protected, RTL, or C code for the cipher. We take AES, CAMELLIA, and CLEFIA as case studies and demonstrate how the framework would explore different countermeasures, based on the vulnerability of the locations, the output format, and the required security margins. We then evaluate the efficacy of SAFARI in hardware and software to the design overhead incurred and the fault coverage.},
keywords = {Fault Injection Attacks},
pubstate = {published},
tppubtype = {article}
}
Most cipher implementations are vulnerable to a class of cryptanalytic attacks known as fault injection attacks. To reveal the secret key, these attacks make use of faults induced at specific locations during the execution of the cipher. Countermeasures for fault injection attacks require these vulnerable locations in the implementation to be first identified and then protected. However, both these steps are difficult and error-prone and, hence, it requires considerable expertise to design efficient countermeasures. Incorrect or insufficient application of the countermeasures would cause the implementation to remain vulnerable, while inefficient application of the countermeasures could lead to significant performance penalties to achieve the desired fault-attack resistance. In this paper, we present a novel framework called SAFARI for automatically synthesizing fault-attack resistant implementations of block ciphers. The framework takes as input the security requirements and a high-level specification of the block cipher. It automatically detects the vulnerable locations from the specification, applies an appropriate countermeasure based on the user-specified security requirements, and then synthesizes an efficient, fault-attack protected, RTL, or C code for the cipher. We take AES, CAMELLIA, and CLEFIA as case studies and demonstrate how the framework would explore different countermeasures, based on the vulnerability of the locations, the output format, and the required security margins. We then evaluate the efficacy of SAFARI in hardware and software to the design overhead incurred and the fault coverage.
2017
Khanna, Punit; Rebeiro, Chester; Hazra, Aritra
XFC: A Framework for eXploitable Fault Characterization in Block Ciphers Proceedings Article
In: ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1-6, DAC ACM/IEEE/EDAC, 2017, ISBN: 978-1-4503-4927-7.
Abstract | Links | BibTeX | Tags: Fault Injection Attacks
@inproceedings{Khanna2017,
title = {XFC: A Framework for eXploitable Fault Characterization in Block Ciphers},
author = {Punit Khanna and Chester Rebeiro and Aritra Hazra},
url = {https://ieeexplore.ieee.org/document/8060292},
doi = {10.1145/3061639.3062340},
isbn = {978-1-4503-4927-7},
year = {2017},
date = {2017-05-08},
booktitle = {ACM/EDAC/IEEE Design Automation Conference (DAC)},
pages = {1-6},
publisher = {ACM/IEEE/EDAC},
organization = {DAC},
abstract = {Fault attacks recover secret keys by exploiting faults injected during the execution of a block cipher. However, not all faults are exploitable and every exploitable fault is associated with an offline complexity to determine the key. The ideal fault attack would recover maximum key bits with minimum offline effort. Finding the ideal fault attack for a block cipher is a laborious manual task, which can take several months to years before such an attack is discovered. In this paper, we present a framework that would analyze block ciphers for their vulnerabilities to faults and automatically predict whether a differential fault attack would be successful. The framework, which we call XFC, uses colors to analyze the fault propagation and exploitability in the cipher. XFC would be able to (a) predict the key bits that can be derived by the fault attack and (b) estimate the offline complexity. It can thus be used to identify the ideal fault attack for a block cipher. As a proof of concept, we have applied XFC to the block ciphers AES, CLEFIA, and SMS4 and were able to automatically derive fault attacks that correspond to the best known to date in the single fault model.},
keywords = {Fault Injection Attacks},
pubstate = {published},
tppubtype = {inproceedings}
}
Fault attacks recover secret keys by exploiting faults injected during the execution of a block cipher. However, not all faults are exploitable and every exploitable fault is associated with an offline complexity to determine the key. The ideal fault attack would recover maximum key bits with minimum offline effort. Finding the ideal fault attack for a block cipher is a laborious manual task, which can take several months to years before such an attack is discovered. In this paper, we present a framework that would analyze block ciphers for their vulnerabilities to faults and automatically predict whether a differential fault attack would be successful. The framework, which we call XFC, uses colors to analyze the fault propagation and exploitability in the cipher. XFC would be able to (a) predict the key bits that can be derived by the fault attack and (b) estimate the offline complexity. It can thus be used to identify the ideal fault attack for a block cipher. As a proof of concept, we have applied XFC to the block ciphers AES, CLEFIA, and SMS4 and were able to automatically derive fault attacks that correspond to the best known to date in the single fault model.