Fault attacks made easy : differential fault analysis automation on assembly code
Over the past decades, fault injection attacks have been extensively studied due to their capability to efficiently break cryptographic implementations. Fault injection attack models are normally determined by analyzing the cipher structure and finding exploitable spots in non-linear and permutation...
Saved in:
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/152440 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-152440 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1524402021-08-13T07:32:14Z Fault attacks made easy : differential fault analysis automation on assembly code Breier, Jakub Hou, Xiaolu Liu, Yang School of Computer Science and Engineering Temasek Laboratories Engineering::Computer science and engineering Automated Fault Attack Software Implementations Assembly Code Over the past decades, fault injection attacks have been extensively studied due to their capability to efficiently break cryptographic implementations. Fault injection attack models are normally determined by analyzing the cipher structure and finding exploitable spots in non-linear and permutation layers. However, this level of abstraction is often too high to distinguish vulnerable parts of software implementations, due to specific operations and optimizations. On the other hand, manually analyzing the assembly code requires non-negligible amount of time and expertise. In this paper, we propose an automated approach for analyzing cipher implementations in assembly. We represent the whole assembly program as a data flow graph so that the vulnerable spots can be found efficiently. Fault propagation is analyzed in a subgraph constructed from each vulnerable spot, allowing equations for Differential Fault Analysis (DFA) to be automatically generated. We have created a tool that implements our approach: DATAC – DFA Automation Tool for Assembly Code. We have successfully used this tool for attacking PRESENT80, being able to find implementation-specific vulnerabilities that can be exploited in order to recover the last round key with 16 faults. Our results show that DATAC is useful in finding attack spots that are not visible from the cipher structure, but can be easily exploited when dealing with real-world implementations. National Research Foundation (NRF) Published version This research is supported (in part) by the National Research Foundation, Prime Min-isters Office, Singapore under its National Cybersecurity R&D Program (Award No.NRF2014NCR-NCR001-30) and administered by the National Cybersecurity R&D Direc-torate. 2021-08-13T07:28:42Z 2021-08-13T07:28:42Z 2018 2018 Journal Article Breier, J., Hou, X. & Liu, Y. (2018). Fault attacks made easy : differential fault analysis automation on assembly code. IACR Transactions On Cryptographic Hardware and Embedded Systems, 2018(2), 96-122. https://dx.doi.org/10.13154/tches.v2018.i2.96-122 2569-2925 https://hdl.handle.net/10356/152440 10.13154/tches.v2018.i2.96-122 2 2018 96 122 206799 en NRF2014NCR-NCR001-3 IACR Transactions on Cryptographic Hardware and Embedded Systems IACR Transactions on Cryptographic Hardware and Embedded Systems © 2018 Jakub Breier, Xiaolu Hou, Yang Liu. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering Automated Fault Attack Software Implementations Assembly Code |
| spellingShingle |
Engineering::Computer science and engineering Automated Fault Attack Software Implementations Assembly Code Breier, Jakub Hou, Xiaolu Liu, Yang Fault attacks made easy : differential fault analysis automation on assembly code |
| description |
Over the past decades, fault injection attacks have been extensively studied due to their capability to efficiently break cryptographic implementations. Fault injection attack models are normally determined by analyzing the cipher structure and finding exploitable spots in non-linear and permutation layers. However, this level of abstraction is often too high to distinguish vulnerable parts of software implementations, due to specific operations and optimizations. On the other hand, manually analyzing the assembly code requires non-negligible amount of time and expertise. In this paper, we propose an automated approach for analyzing cipher implementations in assembly. We represent the whole assembly program as a data flow graph so that the vulnerable spots can be found efficiently. Fault propagation is analyzed in a subgraph constructed from each vulnerable spot, allowing equations for Differential Fault Analysis (DFA) to be automatically generated. We have created a tool that implements our approach: DATAC – DFA Automation Tool for Assembly Code. We have successfully used this tool for attacking PRESENT80, being able to find implementation-specific vulnerabilities that can be exploited in order to recover the last round key with 16 faults. Our results show that DATAC is useful in finding attack spots that are not visible from the cipher structure, but can be easily exploited when dealing with real-world implementations. |
| author2 |
School of Computer Science and Engineering |
| author_facet |
School of Computer Science and Engineering Breier, Jakub Hou, Xiaolu Liu, Yang |
| format |
Article |
| author |
Breier, Jakub Hou, Xiaolu Liu, Yang |
| author_sort |
Breier, Jakub |
| title |
Fault attacks made easy : differential fault analysis automation on assembly code |
| title_short |
Fault attacks made easy : differential fault analysis automation on assembly code |
| title_full |
Fault attacks made easy : differential fault analysis automation on assembly code |
| title_fullStr |
Fault attacks made easy : differential fault analysis automation on assembly code |
| title_full_unstemmed |
Fault attacks made easy : differential fault analysis automation on assembly code |
| title_sort |
fault attacks made easy : differential fault analysis automation on assembly code |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/152440 |
| _version_ |
1709685314163834880 |