Article

Fault Injection Characterization on Modern CPUs: From the ISA to the Micro-Architecture

Authors:

Thomas Trouchkine,

Guillaume Bouffard,

Jessy ClédièreAuthors Info & Claims

Information Security Theory and Practice: 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings

Pages 123 - 138

https://doi.org/10.1007/978-3-030-41702-4_8

Published: 11 December 2019 Publication History

Abstract

Recently, several Fault Attacks (FAs) which target modern Central Processing Units (CPUs) have emerged. These attacks are studied from a practical point of view and, due to the modern CPUs complexity, the underlying fault effect is usually unknown.

In this article, we focus on the characterization of a perturbation (the fault model) on modern CPU. For that, we introduce the first approach to characterize the fault model on modern CPU from the Instruction Set Architecture (ISA) level to the micro-architectural level. This fault model helps at determining which micro-architecture elements are disrupted and how. Our fault model aims at finding original attack paths and design efficient countermeasures. To confront our approach to real modern CPUs, we apply our approach on ARM and x86 architectures CPUs, mainly on the BCM2837 and an Intel Core i3.

References

[1]

Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2016, Santa Barbara, CA, USA, 16 August 2016. IEEE Computer Society (2016)

[2]

Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2017, Taipei, Taiwan, 25 September 2017. IEEE Computer Society (2017)

[3]

Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Breveglieri et al. [7], pp. 105–114

[4]

Barbu Guillaume, Duc Guillaume, and Hoogvorst Philippe Java Card Operand Stack: Fault Attacks, Combined Attacks and Countermeasures Smart Card Research and Advanced Applications 2011 Berlin, Heidelberg Springer Berlin Heidelberg 297-313

Digital Library

[5]

Bouffard Guillaume, Iguchi-Cartigny Julien, and Lanet Jean-Louis Combined Software and Hardware Attacks on the Java Card Control Flow Smart Card Research and Advanced Applications 2011 Berlin, Heidelberg Springer Berlin Heidelberg 283-296

Digital Library

[6]

Bozzato C, Focardi R, and Palmarini F Shaping the glitch: optimizing voltage fault injection attacks IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019 2019 2 199-224

[7]

Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.): Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Tokyo, Japan, 29 September 2011. IEEE Computer Society (2011)

[8]

Kocher, P., et al.: Spectre attacks: exploiting speculative execution, pp. 1–19 (2019)

[9]

Korak, T., Hoefler, M.: On the effects of clock and power supply tampering on two microcontroller platforms. In: Tria, A., Choi, D. (eds.) Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2014, Busan, South Korea, 23 September 2014, pp. 8–17. IEEE Computer Society (2014)

[10]

Kumar DSV, Beckers A, Balasch J, Gierlichs B, and Verbauwhede I Bilgin B and Fischer J-B An in-depth and black-box characterization of the effects of laser pulses on ATmega328P Smart Card Research and Advanced Applications 2019 Cham Springer 156-170

[11]

Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: Enck, W., Felt, A.P. (eds.) 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15–17 August 2018, pp. 973–990. USENIX Association (2018)

[12]

Majéric, F., Bourbao, E., Bossuet, L.: Electromagnetic security tests for SoC. In: 2016 IEEE International Conference on Electronics, Circuits and Systems, ICECS 2016, Monte Carlo, Monaco, 11–14 December 2016, pp. 265–268. IEEE (2016)

[13]

Menu, A., Bhasin, S., Dutertre, J., Rigaud, J., Danger, J.: Precise spatio-temporal electromagnetic fault injections on data transfers. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2019, Atlanta, GA, USA, 24 August 2019, pp. 1–8. IEEE (2019)

[14]

Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., Encrenaz, E.: Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: Fischer, W., Schmidt, J. (eds.) Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, 20 August 2013, pp. 77–88. IEEE Computer Society (2013)

[15]

Obermaier, J., Tatschner, S.: Shedding too much light on a microcontroller’s firmware protection. In: Enck, W., Mulliner, C. (eds.) 11th USENIX Workshop on Offensive Technologies, WOOT 2017, Vancouver, BC, Canada, 14–15 August 2017. USENIX Association (2017)

[16]

Patranabis S, Chakraborty A, Nguyen PH, and Mukhopadhyay D Mangard S and Poschmann AY A biased fault attack on the time redundancy countermeasure for AES Constructive Side-Channel Analysis and Secure Design 2015 Cham Springer 189-203

Digital Library

[17]

Prouff E Smart Card Research and Advanced Applications 2011 Heidelberg Springer

[18]

Proy, J., Heydemann, K., Berzati, A., Majéric, F., Cohen, A.: A first ISA-level characterization of EM pulse effects on superscalar microarchitectures: a secure software perspective. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019, Canterbury, UK, 26–29 August 2019, pp. 7:1–7:10. ACM (2019)

[19]

Rivière, L., Najm, Z., Rauzy, P., Danger, J., Bringer, J., Sauvage, L.: High precision fault injections on the instruction cache of ARMv7-M architectures. In: IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2015, Washington, DC, USA, 5–7 May, 2015, pp. 62–67. IEEE Computer Society (2015)

[20]

Schmidt, J.M., Hutter, M.: Optical and EM Fault-Attacks on CRT-based RSA: Concrete Results (2007)

[21]

Schmidt, J., Herbst, C.: A practical fault attack on square and multiply. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J. (eds.) Fifth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2008, Washington, DC, USA, 10 August 2008, pp. 53–58. IEEE Computer Society (2008)

[22]

Schmidt, J., Hutter, M., Plos, T.: Optical fault attacks on AES: a threat in violet. In: Breveglieri, L., Koren, I., Naccache, D., Oswald, E., Seifert, J. (eds.) Sixth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, Lausanne, Switzerland, 6 September 2009, pp. 13–22. IEEE Computer Society (2009)

[23]

Skorobogatov SP and Anderson RJ Kaliski BS Jr, Koç K, and Paar C Optical fault induction attacks Cryptographic Hardware and Embedded Systems - CHES 2002 2003 Heidelberg Springer 2-12

[24]

Tang, A., Sethumadhavan, S., Stolfo, S.J.: CLKSCREW: exposing the perils of security-oblivious energy management. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 1057–1074. USENIX Association (2017)

[25]

Timmers, N., Mune, C.: Escalating Privileges in linux using voltage fault injection. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2017, Taipei, Taiwan, 25 September 2017 [2], pp. 1–8

[26]

Timmers, N., Spruyt, A., Witteman, M.: Controlling PC on ARM using fault injection. In: 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2016, Santa Barbara, CA, USA, 16 August 2016 [1], pp. 25–35

[27]

Vasselle, A., Thiebeauld, H., Maouhoub, Q., Morisset, A., Ermeneux, S.: Laser-induced fault injection on smartphone bypassing the secure boot. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2017, Taipei, Taiwan, 25 September 2017 [2], pp. 41–48

[28]

van der Veen, V., et al.: Drammer: deterministic rowhammer attacks on mobile platforms. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1675–1689. ACM (2016)

[29]

van Woudenberg, J.G.J., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: Breveglieri et al. [7], pp. 91–99

[30]

Yuce, B., Ghalaty, N.F., Santapuri, H., Deshpande, C., Patrick, C., Schaumont, P.: Software fault resistance is futile: effective single-glitch attacks. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2016, Santa Barbara, CA, USA, 16 August 2016 [1], pp. 47–58

[31]

Yuce, B., Ghalaty, N.F., Schaumont, P.: Improving fault attacks on embedded software using RISC pipeline characterization. In: Homma, N., Lomné, V. (eds.) Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2015, Saint Malo, France, 13 September 2015, pp. 97–108. IEEE Computer Society (2015)

Cited By

Marotta ALashermes RBouffard GSentieys ODafali R(2024)Characterizing and Modeling Synchronous Clock-Glitch Fault InjectionConstructive Side-Channel Analysis and Secure Design10.1007/978-3-031-57543-3_1(3-21)Online publication date: 9-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57543-3_1

Recommendations

OpenCL performance evaluation on modern multicore CPUs
Special issue on Programming Models, Languages, and Compilers for Manycore and Heterogeneous Architectures

Utilizing heterogeneous platforms for computation has become a general trend, making the portability issue important. OpenCL (Open Computing Language) serves this purpose by enabling portable execution on heterogeneous architectures. However, ...
OpenCL Performance Evaluation on Modern Multi Core CPUs
IPDPSW '13: Proceedings of the 2013 IEEE 27th International Symposium on Parallel and Distributed Processing Workshops and PhD Forum

Utilizing heterogeneous platforms for computation has become a general trend making the portability issue important. OpenCL (Open Computing Language) serves the purpose by enabling portable execution on heterogeneous architectures. However, ...
Exploring Fine-Grained In-Memory Database Performance for Modern CPUs
Modern CPUs keep integrating more cores and large size cache, which is beneficial for in-memory databases to improve parallel processing power and cache locality. While state-of-the-art CPUs have diverse architectures and roadmaps such as large core count ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Information Security Theory and Practice: 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings

Dec 2019

236 pages

ISBN:978-3-030-41701-7

DOI:10.1007/978-3-030-41702-4

Editors:
Maryline Laurent
Telecom SudParis, Evry, France
,
Thanassis Giannetsos
Technical University of Denmark, Lyngby, Denmark

© IFIP International Federation for Information Processing 2020.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 11 December 2019

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Marotta ALashermes RBouffard GSentieys ODafali R(2024)Characterizing and Modeling Synchronous Clock-Glitch Fault InjectionConstructive Side-Channel Analysis and Secure Design10.1007/978-3-031-57543-3_1(3-21)Online publication date: 9-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57543-3_1

View Options

View options

Figures

Tables

Media

View Table of Conten