FEDS: Comprehensive Fault Attack Exploitability Detection for Software Implementations of Block Ciphers

By: Keerthi K (IIT Madras), Indrani Roy (IIT Madras) , Chester Rebeiro (IIT Madras), Aritra Hazra (IIT Kharagpur), and Swarup Bhunia (University of Florida)

Stage: RTL, HDL

Summary

FEDS is an automated fault attack exploitability detection tool that works on software implementation of block ciphers. FEDS can automatically map vulnerable locations (output of XFC) tools like XFC to software implementation of the block ciphers and then finds all the possible fault exploitable instructions at the IR level using a LLVM parser. FEDS can also provide appropriate countermeasures at the IR level and generate fault attack resistant executables. Details about input and output are given in the folder.

Contact

Keerti K

Input/Output Interface

Input: Block Cipher Specification and software Implementation of Block Cipher
Output: All fault exploitable instructions that can retrieve the key with complexity provided by HLE Tools like XFC

Dependencies

LLVM, CBMC, python

Licensing Info

Tool Link

References

K, Keerthi; Roy, Indrani; Rebeiro, Chester; Hazra, Aritra; Bhunia, Swarup

FEDS: Comprehensive Fault Attack Exploitability Detection for Software Implementations of Block Ciphers Journal Article

In: IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2020, no. 2, pp. 272-299, 2020.

Abstract | Links | BibTeX

@article{Keerthi2020,

title = {FEDS: Comprehensive Fault Attack Exploitability Detection for Software Implementations of Block Ciphers},

author = {Keerthi K and Indrani Roy and Chester Rebeiro and Aritra Hazra and Swarup Bhunia},

url = {https://tches.iacr.org/index.php/TCHES/article/view/8552},

doi = {https://doi.org/10.13154/tches.v2020.i2.272-299},

year  = {2020},

date = {2020-03-02},

journal = {IACR Transactions on Cryptographic Hardware and Embedded Systems},

volume = {2020},

number = {2},

pages = { 272-299},

abstract = {Fault injection attacks are one of the most powerful forms of cryptanalytic attacks on ciphers. A single precisely injected fault during the execution of a cipher like the AES, can completely reveal the key within a few milliseconds. Software implementations of ciphers, therefore, need to be thoroughly evaluated for such attacks. In recent years, automated tools have been developed to perform these evaluations. These tools either work on the cipher algorithm or on their implementations. Tools that work at the algorithm level can provide a comprehensive assessment of fault attack vulnerability for different fault attacks and with different fault models. Their application is, however, restricted because every realization of the cipher has unique vulnerabilities. On the other hand, tools that work on cipher implementations have a much wider application but are often restricted by the range of fault attacks and the number of fault models they can evaluate.

In this paper, we propose a framework, called FEDS, that uses a combination of compiler techniques and model checking to merge the advantages of both, algorithmic level tools as well as implementation level tools. Like the algorithmic level tools, FEDS can provide a comprehensive assessment of fault attack exploitability considering a wide range of fault attacks and fault models. Like implementation level tools, FEDS works with implementations, therefore has wide applications. We demonstrate the versatility of FEDS by evaluating seven different implementations of AES (including bitsliced implementation) and implementations of CLEFIA and CAMELLIA for Differential Fault Attacks. The framework automatically identifies exploitable instructions in all implementations. Further, we present an application of FEDS in a Fault Attack Aware Compiler, that can automatically identify and protect exploitable regions of the code. We demonstrate that the compiler can generate significantly more efficient code than a naïvely protected equivalent while maintaining the same level of protection.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Fault injection attacks are one of the most powerful forms of cryptanalytic attacks on ciphers. A single precisely injected fault during the execution of a cipher like the AES, can completely reveal the key within a few milliseconds. Software implementations of ciphers, therefore, need to be thoroughly evaluated for such attacks. In recent years, automated tools have been developed to perform these evaluations. These tools either work on the cipher algorithm or on their implementations. Tools that work at the algorithm level can provide a comprehensive assessment of fault attack vulnerability for different fault attacks and with different fault models. Their application is, however, restricted because every realization of the cipher has unique vulnerabilities. On the other hand, tools that work on cipher implementations have a much wider application but are often restricted by the range of fault attacks and the number of fault models they can evaluate.
In this paper, we propose a framework, called FEDS, that uses a combination of compiler techniques and model checking to merge the advantages of both, algorithmic level tools as well as implementation level tools. Like the algorithmic level tools, FEDS can provide a comprehensive assessment of fault attack exploitability considering a wide range of fault attacks and fault models. Like implementation level tools, FEDS works with implementations, therefore has wide applications. We demonstrate the versatility of FEDS by evaluating seven different implementations of AES (including bitsliced implementation) and implementations of CLEFIA and CAMELLIA for Differential Fault Attacks. The framework automatically identifies exploitable instructions in all implementations. Further, we present an application of FEDS in a Fault Attack Aware Compiler, that can automatically identify and protect exploitable regions of the code. We demonstrate that the compiler can generate significantly more efficient code than a naïvely protected equivalent while maintaining the same level of protection.

Acknowledgments

We would like to thank the Ministry of Electronics and Information Technology (MeitY), India, DIST-FIST Grant Program 2016, from Department of Science and Technology, India and Cisco Grant Program 2018 for partially funding this project