Fault Attacks on Cryptosystems: Novel Threat Models, Countermeasures and Evaluation Metrics

Farhady Ghalaty, Nahid

19 August 2016

Recent research has demonstrated that there is no sharp distinction between passive attacks based on side-channel leakage and active attacks based on fault injection. Fault behavior can be processed as side-channel information, offering all the benefits of Differential Power Analysis including noise averaging and hypothesis testing by correlation. In fault attacks, the adversary induces faults into a device while it is executing a known program and observes the reaction. The abnormal reactions of the device are later analyzed to obtain the secrets of the program under execution. Fault attacks are a powerful threat. They are used to break cryptosystems, Pay TVs, smart cards and other embedded applications. In fault attack resistant design, the fault is assumed to be induced by a smart, malicious, determined attacker who has high knowledge of the design under attack. Moreover, the purpose of fault attack resistant design is for the system to work correctly under intentional fault injection without leaking any secret data information. Towards building a fault attack resistant design, the problem can be categorized into three main subjects: • Investigating novel and more powerful threat models and attack procedures. • Proposing countermeasures to build secure systems against fault attacks • Building evaluation metrics to measure the security of designs In this regard, my thesis has covered the first bullet, by proposing the Differential Fault Intensity Analysis (DFIA) based on the biased fault model. The biased fault model in this attack means the gradual behavior of the fault as a cause of increasing the intensity of fault injection. The DFIA attack has been successfully launched on AES, PRESENT and LED block ciphers. Our group has also recently proposed this attack on the AES algorithm running on a LEON3 processor. In our work, we also propose a countermeasure against one of the most powerful types of fault attacks, namely, Fault Sensitivity Analysis (FSA). This countermeasure is based on balancing the delay of the circuit to destroy the correlation of secret data and timing delay of a circuit. Additionally, we propose a framework for assessing the vulnerability of designs against fault attacks. An example of this framework is the Timing Violation Vulnerability Factor (TVVF) that is a metric for measuring the vulnerability of hardware against timing violation attacks. We compute TVVF for two implementations of AES algorithm and measure the vulnerability of these designs against two types of fault attacks. For future work, we plan to propose an attack that is a combination of power measurements and fault injections. This attack is more powerful in the sense that it has less fault injection restrictions and requires less amount of information from the block cipher's data. We also plan to design more efficient and generic evaluation metrics than TVVF. As shown in this thesis, fault attacks are more serious threat than considered by the cryptography community. This thesis provides a deep understanding of the fault behavior in the circuit and therefore a better knowledge on powerful fault attacks. The techniques developed in this dissertation focus on different aspects of fault attacks on hardware architectures and microprocessors. Considering the proposed fault models, attacks, and evaluation metrics in this thesis, there is hope to develop robust and fault attack resistant microprocessors. We conclude this thesis by observing future areas and opportunities for research. / Ph. D.

Hardware Security

Physical Attacks

Cryptography

CacheLight: A Lightweight Approach for Preventing Malicious Use of Cache Locking Mechanisms

January 2018

abstract: With the rise of the Internet of Things, embedded systems have become an integral part of life and can be found almost anywhere. Their prevalence and increased interconnectivity has made them a prime target for malicious attacks. Today, the vast majority of embedded devices are powered by ARM processors. To protect their processors from attacks, ARM introduced a hardware security extension known as TrustZone. It provides an isolated execution environment within the embedded device in which to deploy various memory integrity and malware detection tools. Even though Secure World can monitor the Normal World, attackers can attempt to bypass the security measures to retain control of a compromised system. CacheKit is a new type of rootkit that exploits such a vulnerability in the ARM architecture to hide in Normal World cache from memory introspection tools running in Secure World by exploiting cache locking mechanisms. If left unchecked, ARM processors that provide hardware assisted cache locking for performance and time-critical applications in real-time and embedded systems would be completely vulnerable to this undetectable and untraceable attack. Therefore, a new approach is needed to ensure the correct use of such mechanisms and prevent malicious code from being hidden in the cache. CacheLight is a lightweight approach that leverages the TrustZone and Virtualization extensions of the ARM architecture to allow the system to continue to securely provide these hardware facilities to users while preventing attackers from exploiting them. CacheLight restricts the ability to lock the cache to the Secure World of the processor such that the Normal World can still request certain memory to be locked into the cache by the secure operating system (OS) through a Secure Monitor Call (SMC). This grants the secure OS the power to verify and validate the information that will be locked in the requested cache way thereby ensuring that any data that remains in the cache will not be inconsistent with what exists in main memory for inspection. Malicious attempts to hide data can be prevented and recovered for analysis while legitimate requests can still generate valid entries in the cache. / Dissertation/Thesis / Masters Thesis Computer Science 2018

Computer science

Cybersecurity

Embedded Systems

Hardware Security

Low-Power, Stable and Secure On-Chip Identifiers Design

Vivekraja, Vignesh

09 September 2010

Trustworthy authentication of an object is of extreme importance for secure protocols. Traditional methods of storing the identity of an object using non-volatile memory is insecure. Novel chip-identifiers called Silicon Physical Unclonable Functions (PUFs) extract the random process characteristics of an Integrated Circuit to establish the identity. Though such types of IC identifiers are difficult to clone and provide a secure, yet an area and power efficient authentication mechanism, they suffer from instability due to variations in environmental conditions and noise. The decreased stability imposes a penalty on the area of the PUF circuit and the corresponding error correcting hardware, when trying to generate error-free bits using a PUF. In this thesis, we propose techniques to improve the popular delay-based PUF architectures holistically, with a focus on its stability. In the first part, we investigate the effectiveness of circuit-level optimizations of the delay based PUF architectures. We show that PUFs which operate in the subthreshold region, where the transistor supply voltage is maintained below the threshold voltage of CMOS, are inherently more stable than PUFs operating at nominal voltage because of the increased difference in characteristics of transistors at this region. Also, we show that subthreshold PUF enjoys higher energy and area efficiency. In the second part of the thesis, we propose a feedback-based supply voltage control mechanism and a corresponding architecture to improve the stability of delay-based PUFs against variations in temperature. / Master of Science

Hardware Security

Low Power

Process Variation

PUF

ENHANCING PRIVACY OF TRAINING DATA OF DEEP NEURAL NETWORKS ON EDGE USING TRUSTED EXECUTION ENVIRONMENTS

Gowri Ramshankar (18398499)

18 April 2024

<p dir="ltr">Deep Neural Networks (DNNs) are deployed in many applications and protecting the privacy of training data has become a major concern. Membership Inference Attacks (MIAs) occur when an unauthorized person is able to determine whether a piece of data is used in training the DNNs. This paper investigates using Trusted Execution Environments (TEEs) in modern processors to protect the privacy of training data. Running DNNs on TEE, however, encounters many challenges, including limited computing and storage resources as well as a lack of development frameworks. This paper proposes a new method to partition pre-trained DNNs so that parts of the DNNs can fit into TEE to protect data privacy. The existing software infrastructure for running DNNs on TEE requires a significant amount of human effort using C programs. However, most existing DNNs are implemented using Python. This paper presents a framework that can automate most parts of the process of porting Python-based DNNs to TEE. The proposed method is deployed in Arm TrustZone-A on Raspberry Pi 3B+ with OPTEE-OS and evaluated on popular image classification models - AlexNet, ResNet, and VGG. Experimental results show that our method can reduce the accuracy of gradient-based MIAs on AlexNet, VGG- 16, and ResNet-20 evaluated on the CIFAR-100 dataset by 17.9%, 11%, and 35.3%. On average, processing an image in the native execution environment takes 4.3 seconds, whereas in the Trusted Execution Environment (TEE), it takes about 10.1 seconds per image.<br><br></p>

Computer vision

Image processing

Data and information privacy

Data security and protection

Hardware security

Deep Learning

Hardware Security

Hardware Security and Side Channel Power Analysis for 16X16 Booth Multiplier in 65nm CMOS Technology

Vissamsetty, Kanchan

30 August 2021

No description available.

Electrical Engineering

hardware security

side channel

CMOS technology

Trojan detection

Detecting Electromagnetic Injection Attack on FPGAs Using In Situ Timing Sensors

Gujar, Surabhi Satyajit

29 August 2018

Nowadays, security is one of the foremost concerns as the confidence in a system is mostly dependent on its ability to protect itself against any attack. The area of Electromagnetic Fault Injection (EMFI) wherein attackers can use electromagnetic (EM) pulses to induce faults has started garnering increasing attention. It became crucial to understand EM attacks and find the best countermeasures. In this race to find countermeasures, different researchers proposed their ideas regarding the generation of EM attacks and their detection. However, it is difficult to see a universal agreement on the nature of these attacks. In this work, we take a closer look at the analysis of the primary EMFI fault models suggested earlier. Initial studies had shown that EM glitches caused timing violations, but recently it was proposed that EM attacks can create bit sets and bit resets. We performed a detailed experimental evaluation of the existing detection schemes on two different FPGA platforms. We present their comparative design analysis concerning their accuracy, precision, and cost. We propose an in situ timing sensor to overcome the disadvantages of the previously proposed detection approaches. This sensor can successfully detect most of the electromagnetic injected faults with high precision. We observed that the EM attack behaves like a localized timing attack in FPGAs which can be identified using the in situ timing sensors. / MS / When computers are built only for a specific application, they are called embedded systems. Over the past decade, there has been an incredible increase in the number of embedded systems around us. Right from washing machines to electronic locks, we can see embedded systems in almost every aspect of our lives. There is an increasing integration of embedded systems in applications such as cars and buildings with the advent of smart technologies. Due to our heavy reliance on such devices, it is vital to protect them against intentional attacks. Apart from the software attacks, it is possible for an attacker to disrupt or control the functioning of a system by physically attacking its hardware using various techniques. We look at one such technique that uses electromagnetic pulses to create faults in a system. We experimentally evaluate two of the previously suggested methods to detect electromagnetic injection attacks. We present a new sensor for this detection which we believe is more effective than the previously discussed detection schemes.

Hardware Security

Field programmable gate arrays

Electromagnetic Injection

Fault Attacks

Developing RRAM-Based Approaches for Security and Provisioning of ICs

Hanna, Drew E.

28 June 2021

No description available.

Electrical Engineering

Resistive RAM

Hardware Security

Logic Locking

IC Provisioning

Design of DPA-Resistant Integrated Circuits

Gohil, Nikhil N.

January 2017

No description available.

Engineering

Hardware Security

SDMLp

DPA

Side Channel Attacks

PUF based FPGAs for Hardware Security and Trust

Mustapa, Muslim

January 2015

No description available.

Computer Engineering

PUF

Ring Oscillator

FPGA

Hardware Security

DPA Resistant Logic Arrays for Security Applications

Lakkaraju, Harsha Vardhan

January 2015

No description available.

Electrical Engineering

DPA

Logic Arrays

SDMLp

FPGA

Hardware Security