Design of reliable and secure devices by algebraic manipulation codes

Ge, Shizun

January 2012

Thesis (M.Sc.Eng.) PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you. / In this thesis, we firstly present the secure multipliers protected by the AMD codes, and demonstrate that the fault masking probabilities are not worse than the results based on the theoretical analysis of error masking probabilities, if the attacker injects faults at outputs of the inside logic gates of the protected devices. Single-errorcorrecting, double-error-detecting (SEC-DED) codes are widely used for the design of errors, thus they are not suitable for memories used in cryptographic devices. Algebraic Manipulation Detection (AMD) codes provide strong protection against fault injection attacks. But traditional AMD codes can not be used for correcting errors. In this thesis, we also present the constructions of the strongly secure algebraic manipulation correction (AMC) codes. The estimation for a probability for miscorrection of multiple errors is given. Hardware implementations of strongly secure SEC-DED memories based on the proposed codes are presented. Comparison with other codes which have been used for SEC-DED memories with security or weak security are given in terms of numbers of undetected errors, sizes of security kernels and miscorrection probabilities as well as latency, area and power consumption for encoders and decoders. An error handling method to distinguish between random errors and fault injection attacks is presented as well. The proposed code can be applied to most secure-critical memories in cryptographic devices. As far as we know, this is the only efficient approach to provide both high reliability for single and double random errors, and high security for strong fault attack when an attacker has a control of both on the messages (outputs of the memories) and the errors. / 2031-01-01

Computer engineering

Computer science

Digital defense systems

Fault injection attacks

Sécurisation de programmes assembleur face aux attaques visant les processeurs embarqués / Security of assembly programs against fault attacks on embedded processors

Moro, Nicolas

13 November 2014

Cette thèse s'intéresse à la sécurité des programmes embarqués face aux attaques par injection de fautes. La prolifération des composants embarqués et la simplicité de mise en œuvre des attaques rendent impérieuse l'élaboration de contre-mesures.Un modèle de fautes par l'expérimentation basé sur des attaques par impulsion électromagnétique a été élaboré. Les résultats expérimentaux ont montré que les fautes réalisées étaient dues à la corruption des transferts sur les bus entre la mémoire Flash et le pipeline du processeur. Ces fautes permettent de réaliser des remplacements ou des saut d'instructions ainsi que des modifications de données chargées depuis la mémoire Flash. Le remplacement d'une instruction par une autre bien spécifique est très difficile à contrôler ; par contre, le saut d'une instruction ciblée a été observé fréquemment, est plus facilement réalisable, et permet de nombreuses attaques simples. Une contre-mesure empêchant ces attaques par saut d'instruction, en remplaçant chaque instruction par une séquence d'instructions, a été construite et vérifiée formellement à l'aide d'outils de model-checking. Cette contre-mesure ne protège cependant pas les chargements de données depuis la mémoire Flash. Elle peut néanmoins être combinée avec une autre contre-mesure au niveau assembleur qui réalise une détection de fautes. Plusieurs expérimentations de ces contre-mesures ont été réalisées, sur des instructions isolées et sur des codes complexes issus d'une implémentation de FreeRTOS. La contre-mesure proposée se révèle être un très bon complément pour cette contre-mesure de détection et permet d'en corriger certains défauts. / This thesis focuses on the security of embedded programs against fault injection attacks. Due to the spreadings of embedded systems in our common life, development of countermeasures is important.First, a fault model based on practical experiments with a pulsed electromagnetic fault injection technique has been built. The experimental results show that the injected faults were due to the corruption of the bus transfers between the Flash memory and the processor’s pipeline. Such faults enable to perform instruction replacements, instruction skips or to corrupt some data transfers from the Flash memory.Although replacing an instruction with another very specific one is very difficult to control, skipping an instruction seems much easier to perform in practice and has been observed very frequently. Furthermore many simple attacks can carried out with an instruction skip. A countermeasure that prevents such instruction skip attacks has been designed and formally verified with model-checking tool. The countermeasure replaces each instruction by a sequence of instructions. However, this countermeasure does not protect the data loads from the Flash memory. To do this, it can be combined with another assembly-level countermeasure that performs a fault detection. A first experimental test of these two countermeasures has been achieved, both on isolated instructions and complex codes from a FreeRTOS implementation. The proposed countermeasure appears to be a good complement for this detection countermeasure and allows to correct some of its flaws.

Attaques par injection de fautes

Injection électromagnétique

Modèle de fautes

Contre-Mesures vérifiées

Assembleur

Saut d'instruction

Fault injection attacks

Countermeasures

005.8