research-article

FaultDroid: An Algorithmic Approach for Fault-Induced Information Leakage Analysis

Authors:

Chester Rebeiro,

Swarup BhuniaAuthors Info & Claims

ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 26, Issue 1

Article No.: 2, Pages 1 - 27

https://doi.org/10.1145/3410336

Published: 01 September 2020 Publication History

Abstract

Fault attacks belong to a potent class of implementation-based attacks that can compromise a crypto-device within a few milliseconds. Out of the large numbers of faults that can occur in the device, only a very few are exploitable in terms of leaking the secret key. Ignorance of this fact has resulted in countermeasures that have either significant overhead or inadequate protection. This article presents a framework, referred to as FaultDroid, for automated vulnerability analysis of fault attacks. It explores the entire fault attack space, identifies the single/multiple fault scenarios that can be exploited by a differential fault attack, rank-orders them in terms of criticality, and provides design guidance to mitigate the vulnerabilities at low cost. The framework enables a designer to automatically evaluate the fault attack vulnerabilities of a block cipher implementation and then incorporate efficient countermeasures. FaultDroid uses a formal model of fault attacks on a high-level specification of a block cipher and hence is equally applicable to both software and hardware implementation of the cipher. As case studies, we employ FaultDroid to comprehensively evaluate the fault scenarios in several common ciphers—AES, CLEFIA, CAMELLIA, SMS4, SIMON, PRESENT, and GIFT—and assess their vulnerability.

References

[1]

Giovanni Agosta, Alessandro Barenghi, Gerardo Pelosi, and Michele Scandale. 2014. Differential fault analysis for block ciphers: An automated conservative analysis. In Proceedings of the International Conference on Security of Information and Networks (SIN’14). ACM, New York, NY, Article 137, 8 pages.

Digital Library

[2]

Michel Agoyan, Jean-Max Dutertre, Amir-Pasha Mirbaha, David Naccache, Anne-Lise Ribotta, and Assia Tria. 2010. How to flip a bit? In Proceedings of the 16th IEEE International On-Line Testing Symposium (IOLTS’10). IEEE, Los Alamitos, CA, 235--239.

Digital Library

[3]

S. Ali, D. Mukhopadhyay, and M. Tunstall. 2013. Differential fault analysis of AES: Towards reaching its limits. Journal of Cryptographic Engineering 3, 2 (2013), 73--97.

[4]

Subidh Ali, Rajat Subhra Chakraborty, Debdeep Mukhopadhyay, and Swarup Bhunia. 2011. Multi-level attacks: An emerging security concern for cryptographic hardware. In Proceedings of the Design, Automation, and Test and Europe Conference and Exhibition (DATE’11). IEEE, Los Alamitos, CA, 1176--1179.

[5]

Kazumaro Aoki, Tetsuya Ichikawa, Masayuki Kanda, Mitsuru Matsui, Shiho Moriai, Junko Nakajima, and Toshio Tokita. 2000. Camellia: A 128-bit block cipher suitable for multiple platforms—Design and analysis. In Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography (SAC’00). 39--56.

[6]

Subhadeep Banik, Sumit Kumar Pandey, Thomas Peyrin, Yu Sasaki, Siang Meng Sim, and Yosuke Todo. 2017. GIFT: A small PRESENT. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems. 321--345.

[7]

Alberto Battistello and Christophe Giraud. 2013. Fault analysis of infective AES computations. In Proceedings of the 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE, Los Alamitos, CA, 101--107.

Digital Library

[8]

Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, and Louis Wingers. 2015. SIMON and SPECK: Block ciphers for the Internet of Things. IACR Cryptology ePrint Archive 2015 (2015), 585. http://eprint.iacr.org/2015/585.

[9]

Ray Beaulieu, Stefan Treatman-Clark, Douglas Shors, Bryan Weeks, Jason Smith, and Louis Wingers. 2015. The SIMON and SPECK lightweight block ciphers. In Proceedings of the 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). IEEE, Los Alamitos, CA, 1--6.

Digital Library

[10]

Guido Bertoni, Luca Breveglieri, Israel Koren, Paolo Maistri, and Vincenzo Piuri. 2003. Error analysis and detection procedures for a hardware implementation of the advanced encryption standard. IEEE Transactions on Computers 52, 4 (2003), 492--505.

Digital Library

[11]

Ingrid Biehl, Bernd Meyer, and Volker Müller. 2000. Differential fault attacks on elliptic curve cryptosystems. In Advances in Cryptology—CRYPTO 2000. Lecture Notes in Computer Science, Vol. 1880. Springer, 131--146.

[12]

Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin, and C. Vikkelsoe. 2007. PRESENT: An ultra-lightweight block cipher. In Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’07). 450--466.

[13]

D. Boneh, R. A. DeMillo, and R. J. Lipton. 2001. On the importance of eliminating errors in cryptographic computations. Journal of Cryptology 14, 2 (2001), 101--119.

Digital Library

[14]

Jakub Breier and Xiaolu Hou. 2017. Automated Fault Analysis of Assembly Code With a Case Study on PRESENT Implementation.

[15]

Jakub Breier, Xiaolu Hou, and Yang Liu. 2018. Fault attacks made easy: Differential fault analysis automation on assembly code. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018, 2 (2018), 96--122.

[16]

M. Christofi, B. Chetali, L. Goubin, and D. Vigilant. 2013. Formal verification of a CRT-RSA implementation against fault attacks. Journal of Cryptographic Engineering 3, 3 (2013), 157--167.

[17]

Ang Cui and Rick Housley. 2017. BADFET: Defeating modern secure boot using second-order pulsed electromagnetic fault injection. In Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT’17). https://www.usenix.org/conference/woot17/workshop-program/presentation/cui.

[18]

Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael: AES—The Advanced Encryption Standard. Springer-Verlag.

Digital Library

[19]

Whitfield Diffie and George Ledin. 2008. SMS4 encryption algorithm for wireless networks. IACR Cryptology ePrint Archive 2008 (2008), 329.

[20]

E. Biham and A. Shamir. 1997. Differential fault analysis of secret key cryptosystems. In Advances in Cryptology—CRYPTO 1997. Lecture Notes in Computer Science, Vol. 1294. Springer, 513--525.

[21]

Nahid Farhady Ghalaty, Bilgiday Yuce, Mostafa M. I. Taha, and Patrick Schaumont. 2014. Differential fault intensity analysis. In Proceedings of the 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’14). IEEE, Los Alamitos, CA, 49--58.

Digital Library

[22]

Benedikt Gierlichs, Jörn-Marc Schmidt, and Michael Tunstall. 2012. Infective computation and dummy rounds: Fault protection for block ciphers without check-before-output. In Progress in Cryptology—LATINCRYPT 2012. Lecture Notes in Computer Science, Vol. 7533. Springer, 305--321.

Digital Library

[23]

Lucien Goubet, Karine Heydemann, Emmanuelle Encrenaz, and Ronald De Keulenaer. 2015. Efficient design and evaluation of countermeasures against fault attacks using formal verification. In Smart Card Research and Advanced Applications. Lecture Notes in Computer Science, Vol. 9514. Springer, 177--192.

[24]

Xiaofei Guo and Ramesh Karri. 2012. Invariance-based concurrent error detection for advanced encryption standard. In Proceedings of the 49th Annual Design Automation Conference (DAC’12). 573--578.

Digital Library

[25]

Keerthi K, Indrani Roy, Chester Rebeiro, Aritra Hazra, and Swarup Bhunia. 2020. FEDS: Comprehensive fault attack exploitability detection for software implementations of block ciphers. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020, 2 (2020), 272--299.

[26]

Michael Kara-Ivaniov, Eran Iceland, and Aviad Kipnis. 2008. Attacks on authentication and signature schemes involving corruption of public key (modulus). In Proceedings of the 5th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’08). IEEE, Los Alamitos, CA, 108--115.

Digital Library

[27]

Dusko Karaklajic, Jörn-Marc Schmidt, and Ingrid Verbauwhede. 2013. Hardware designer’s guide to fault attacks. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 21, 12 (2013), 2295--2306.

Digital Library

[28]

Mark G. Karpovsky, Konrad J. Kulikowski, and Alexander Taubin. 2004. Differential fault analysis attack resistant architectures for the advanced encryption standard. In Smart Card Research and Advanced Applications VI. IFIP International Federation for Information Processing, Vol. 153. Springer, 177--192.

[29]

Mark G. Karpovsky, Konrad J. Kulikowski, and Alexander Taubin. 2004. Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard. In Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN’04). 93--101.

[30]

Ramesh Karri, Grigori Kuznetsov, and Michael Gössel. 2003. Parity-based concurrent error detection of substitution-permutation network block ciphers. In Cryptographic Hardware and Embedded Systems—CHES 2003. Lecture Notes in Computer Science, Vol. 2779. Springer, 113--124.

[31]

Punit Khanna, Chester Rebeiro, and Aritra Hazra. 2017. XFC: A framework for eXploitable fault characterization in block ciphers. In Proceedings of the 54th Annual Design Automation Conference (DAC’17). ACM, New York, Article 8, 6 pages.

Digital Library

[32]

Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Toshinori Fukunaga, Junko Takahashi, and Kazuo Ohta. 2010. Fault sensitivity analysis. In Cryptographic Hardware and Embedded Systems—CHES 2010. Lecture Notes in Computer Science, Vol. 6225. Springer, 320--334.

[33]

Victor Lomné, Thomas Roche, and Adrian Thillard. 2012. On the need of randomness in fault attack countermeasures—Application to AES. In Proceedings of the 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography. 85--94.

Digital Library

[34]

Paolo Maistri and Régis Leveugle. 2008. Double-data-rate computation as a countermeasure against fault analysis. IEEE Transactions on Computers 57, 11 (2008), 1528--1539.

Digital Library

[35]

Konstantinos Markantonakis, Michael Tunstall, Gerhard P. Hancke, Ioannis G. Askoxylakis, and Keith Mayes. 2009. Attacking smart card systems: Theory and practice. Information Security Technical Report 14, 2 (2009), 46--56.

[36]

N. Moro, K. Heydemann, E. Encrenaz, and B. Robisson. 2014. Formal verification of a software countermeasure against instruction skip attacks. Journal of Cryptographic Engineering 4, 3 (2014), 145--156.

[37]

Debdeep Mukhopadhyay. 2009. An improved fault based attack of the advanced encryption standard. In Progress in Cryptology—AFRICACRYPT 2009. Lecture Notes in Computer Science, Vol. 5580. Springer, 421--434.

Digital Library

[38]

P. Rauzy and S. Guilley. 2014. A formal proof of countermeasures against fault injection attacks on CRT-RSA. Journal of Cryptographic Engineering 4, 3 (2014), 173--185.

[39]

I. Roy, C. Rebeiro, A. Hazra, and S. Bhunia. 2019. SAFARI: Automatic synthesis of fault-attack resistant block cipher implementations. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 39, 4 (2019), 752--765.

[40]

D. Saha, D. Mukhopadhyay, and D. RoyChowdhury. 2009. A diagonal fault attack on the advanced encryption standard. IACR Cryptology ePrint Archive 2009 (2009), 581--597.

[41]

Sayandeep Saha, Dirmanto Jap, Sikhar Patranabis, Debdeep Mukhopadhyay, Shivam Bhasin, and Pallab Dasgupta. 2017. Automatic characterization of exploitable faults: A machine learning approach. IACR Cryptology ePrint Archive 2017 (2017), 1008. http://eprint.iacr.org/2017/1008.

[42]

Sayandeep Saha, Ujjawal Kumar, Debdeep Mukhopadhyay, and Pallab Dasgupta. 2017. An automated framework for exploitable fault identification in block ciphers—A data mining approach. In Proceedings of the 6th International Workshop on Security Proofs for Embedded Systems (PROOFS@CHES’17). 50--67. http://www.easychair.org/publications/paper/3gJ6.

[43]

Sayandeep Saha, Debdeep Mukhopadhyay, and Pallab Dasgupta. 2018. ExpFault: An automated framework for exploitable fault characterization in block ciphers. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018, 2 (2018), 242--276.

[44]

Bruce Schneier. 1994. The Blowfish encryption algorithm. Dr. Dobb’s Journal—Software Tools for the Professional Programmer 19, 4 (1994), 38--43.

[45]

Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. 1998. Twofish: A 128-bit block cipher. NIST AES Proposal 15 (1998), 23.

[46]

Nidhal Selmane, Sylvain Guilley, and Jean-Luc Danger. 2008. Practical setup time violation attacks on AES. In Proceedings of the 7th European Dependable Computing Conference (EDCC’08). IEEE, Los Alamitos, CA, 91--96.

Digital Library

[47]

Taizo Shirai, Kyoji Shibutani, Toru Akishita, Shiho Moriai, and Tetsu Iwata. 2007. The 128-bit blockcipher CLEFIA. In Proceedings of the 14th Annual Fast Software Encryption Workshop (FSE’07). 181--195.

[48]

Milind Srivastava, Patanjali Slpsk, Indrani Roy, Chester Rebeiro, Aritra Hazra, and Swarup Bhunia. 2020. SOLOMON: An automated framework for detecting fault attack vulnerabilities in hardware. In Proceedings of the Design, Automation, and Test in Europe Conference and Exhibition (DATE’20). IEEE, Los Alamitos, CA, 1--4.

[49]

Adrian Tang, Simha Sethumadhavan, and Salvatore J. Stolfo. 2017. CLKSCREW: Exposing the perils of security-oblivious energy management. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). 1057--1074. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang.

[50]

M. Tunstall, D. Mukhopadhyay, and S. Ali. 2011. Differential fault analysis of the advanced encryption standard using a single fault. In Proceedings of the 13th WISTP International Conference on Information Security Theory and Practice(WISTP’11). 224--233.

[51]

Michael Tunstall. 2011. Practical complexity differential cryptanalysis and fault analysis of AES. Journal of Cryptographic Engineering 1, 3 (2011), 219--230.

[52]

Harshal Tupsamudre, Shikha Bisht, and Debdeep Mukhopadhyay. 2014. Destroying fault invariant with randomization—A countermeasure for AES against differential fault attacks. In Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’14). 93--111.

[53]

Aurelien Vasselle, Hugues Thiebeauld, Quentin Maouhoub, Adele Morisset, and Sebastien Ermeneux. 2017. Laser-induced fault injection on smartphone bypassing the secure boot. In Proceedings of the 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’17). IEEE, Los Alamitos, CA, 41--48.

[54]

Kaijie Wu, Ramesh Karri, Grigori Kuznetsov, and Michael Gössel. 2004. Low cost concurrent error detection for the advanced encryption standard. In Proceedings of the 2004 International Test Conference (ITC’04). 1242--1248.

[55]

F. Zhang, S. Guo, X. Zhao, T. Wang, J. Yang, F. Standaert, and D. Gu. 2016. A framework for the analysis and evaluation of algebraic fault attacks on lightweight block ciphers. IEEE Transactions on Information Forensics and Security 11, 5 (2016), 1039--1054.

Digital Library

Cited By

K KRebeiro C(2024)FortiFix: A Fault Attack Aware Compiler Framework for Crypto ImplementationsACM Transactions on Design Automation of Electronic Systems10.1145/365002929:5(1-18)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1145/3650029
Zeng ZZhang J(2021)Based on the Role of Internet of Things Security in the Management of Enterprise Human Resource Information LeakageWireless Communications and Mobile Computing10.1155/2021/59363902021(1-12)Online publication date: 5-Oct-2021
https://doi.org/10.1155/2021/5936390

Index Terms

FaultDroid: An Algorithmic Approach for Fault-Induced Information Leakage Analysis
1. Security and privacy

Recommendations

Multidimensional zero-correlation attacks on lightweight block cipher HIGHT

HIGHT is a block cipher designed in Korea with the involvement of Korea Information Security Agency. It was proposed at CHES 2006 for usage in lightweight applications such as sensor networks and RFID tags. Lately, it has been adopted as ISO standard. ...
Security analysis of the full-round DDO-64 block cipher

DDO-64 is a 64-bit Feistel-like block cipher based on data-dependent operations (DDOs). It is composed of 8 rounds and uses a 128-bit key. There are two versions of DDO-64, named DDO-64V"1 and DDO-64V"2, according to the key schedule. They were designed ...
A related key impossible differential attack against 22 rounds of the lightweight block cipher LBlock

LBlock is a new lightweight block cipher proposed by Wu and Zhang (2011) [12] at ACNS 2011. It is based on a modified 32-round Feistel structure. It uses keys of length 80 bits and message blocks of length 64 bits. In this letter, we examine the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Design Automation of Electronic Systems

ACM Transactions on Design Automation of Electronic Systems Volume 26, Issue 1

January 2021

234 pages

ISSN:1084-4309

EISSN:1557-7309

DOI:10.1145/3422280

Editor:
X. Sharon Hu
University of Notre Dame, USA

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 01 September 2020

Accepted: 01 June 2020

Revised: 01 June 2020

Received: 01 January 2020

Published in TODAES Volume 26, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
186
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

K KRebeiro C(2024)FortiFix: A Fault Attack Aware Compiler Framework for Crypto ImplementationsACM Transactions on Design Automation of Electronic Systems10.1145/365002929:5(1-18)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1145/3650029
Zeng ZZhang J(2021)Based on the Role of Internet of Things Security in the Management of Enterprise Human Resource Information LeakageWireless Communications and Mobile Computing10.1155/2021/59363902021(1-12)Online publication date: 5-Oct-2021
https://doi.org/10.1155/2021/5936390

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents