Fault Attacks on Cryptosystems: Novel Threat Models, Countermeasures and Evaluation Metrics

Farhady Ghalaty, Nahid

19 August 2016

Recent research has demonstrated that there is no sharp distinction between passive attacks based on side-channel leakage and active attacks based on fault injection. Fault behavior can be processed as side-channel information, offering all the benefits of Differential Power Analysis including noise averaging and hypothesis testing by correlation. In fault attacks, the adversary induces faults into a device while it is executing a known program and observes the reaction. The abnormal reactions of the device are later analyzed to obtain the secrets of the program under execution. Fault attacks are a powerful threat. They are used to break cryptosystems, Pay TVs, smart cards and other embedded applications. In fault attack resistant design, the fault is assumed to be induced by a smart, malicious, determined attacker who has high knowledge of the design under attack. Moreover, the purpose of fault attack resistant design is for the system to work correctly under intentional fault injection without leaking any secret data information. Towards building a fault attack resistant design, the problem can be categorized into three main subjects: • Investigating novel and more powerful threat models and attack procedures. • Proposing countermeasures to build secure systems against fault attacks • Building evaluation metrics to measure the security of designs In this regard, my thesis has covered the first bullet, by proposing the Differential Fault Intensity Analysis (DFIA) based on the biased fault model. The biased fault model in this attack means the gradual behavior of the fault as a cause of increasing the intensity of fault injection. The DFIA attack has been successfully launched on AES, PRESENT and LED block ciphers. Our group has also recently proposed this attack on the AES algorithm running on a LEON3 processor. In our work, we also propose a countermeasure against one of the most powerful types of fault attacks, namely, Fault Sensitivity Analysis (FSA). This countermeasure is based on balancing the delay of the circuit to destroy the correlation of secret data and timing delay of a circuit. Additionally, we propose a framework for assessing the vulnerability of designs against fault attacks. An example of this framework is the Timing Violation Vulnerability Factor (TVVF) that is a metric for measuring the vulnerability of hardware against timing violation attacks. We compute TVVF for two implementations of AES algorithm and measure the vulnerability of these designs against two types of fault attacks. For future work, we plan to propose an attack that is a combination of power measurements and fault injections. This attack is more powerful in the sense that it has less fault injection restrictions and requires less amount of information from the block cipher's data. We also plan to design more efficient and generic evaluation metrics than TVVF. As shown in this thesis, fault attacks are more serious threat than considered by the cryptography community. This thesis provides a deep understanding of the fault behavior in the circuit and therefore a better knowledge on powerful fault attacks. The techniques developed in this dissertation focus on different aspects of fault attacks on hardware architectures and microprocessors. Considering the proposed fault models, attacks, and evaluation metrics in this thesis, there is hope to develop robust and fault attack resistant microprocessors. We conclude this thesis by observing future areas and opportunities for research. / Ph. D.

Hardware Security

Physical Attacks

Cryptography

Advancing the Utility of Manufacturing Data for Modeling, Monitoring, and Securing Machining Processes

Shafae, Mohammed Saeed Abuelmakarm

23 August 2018

The growing adoption of smart manufacturing systems and its related technologies (e.g., embedded sensing, internet-of-things, cyber-physical systems, big data analytics, and cloud computing) is promising a paradigm shift in the manufacturing industry. Such systems enable extracting and exchanging actionable knowledge across the different entities of the manufacturing cyber-physical system and beyond. From a quality control perspective, this allows for more opportunities to realize proactive product design; real-time process monitoring, diagnosis, prognosis, and control; and better product quality characterization. However, a multitude of challenges are arising, with the growing adoption of smart manufacturing, including industrial data characterized by increasing volume, velocity, variety, and veracity, as well as the security of the manufacturing system in the presence of growing connectivity. Taking advantage of these emerging opportunities and tackling the upcoming challenges require creating novel quality control and data analytics methods, which not only push the boundaries of the current state-of-the-art research, but discover new ways to analyze the data and utilize it. One of the key pillars of smart manufacturing systems is real-time automated process monitoring, diagnosis, and control methods for process/product anomalies. For machining applications, traditionally, deterioration in quality measures may occur due to a variety of assignable causes of variation such as poor cutting tool replacement decisions and inappropriate choice cutting parameters. Additionally, due to increased connectivity in modern manufacturing systems, process/product anomalies intentionally induced through malicious cyber-attacks -- aiming at degrading the process performance and/or the part quality -- is becoming a growing concern in the manufacturing industry. Current methods for detecting and diagnosing traditional causes of anomalies are primarily lab-based and require experts to perform initial set-ups and continual fine-tuning, reducing the applicability in industrial shop-floor applications. As for efforts accounting for process/product anomalies due cyber-attacks, these efforts are in early stages. Therefore, more foundational research is needed to develop a clear understanding of this new type of cyber-attacks and their effects on machining processes, to ensure smart manufacturing security both on the cyber and the physical levels. With primary focus on machining processes, the overarching goal of this dissertation work is to explore new ways to expand the use and value of manufacturing data-driven methods for better applicability in industrial shop-floors and increased security of smart manufacturing systems. As a first step toward achieving this goal, the work in this dissertation focuses on adopting this goal in three distinct areas of interest: (1) Statistical Process Monitoring of Time-Between-Events Data (e.g., failure-time data); (2) Defending against Product-Oriented Cyber-Physical Attacks on Intelligent Machining Systems; and (3) Modeling Machining Process Data: Time Series vs. Spatial Point Cloud Data Structures. / PHD / Recent advancements in embedded sensing, internet-of-things, big data analytics, cloud computing, and communication technologies and methodologies are shifting the modern manufacturing industry toward a novel operational paradigm. Several terms have been coined to refer to this new paradigm such as cybermanufacturing, industry 4.0, industrial internet of things, industrial internet, or more generically smart manufacturing (term to be used henceforth). The overarching goal of smart manufacturing is to transform modern manufacturing systems to knowledge-enabled Cyber-Physical Systems (CPS), in which humans, machines, equipment, and products communicate and cooperate together in real-time, to make decentralized decisions resulting in profound improvements in the entire manufacturing ecosystem. From a quality control perspective, this allows for more opportunities to utilize manufacturing process data to realize proactive product design; real-time process monitoring, diagnosis, prognosis, and control; and better product quality characterization. With primary focus on machining processes, the overarching goal of this work is to explore new ways to expand the use and value of manufacturing data-driven methods for better applicability in industrial shop-floors and increased security of smart manufacturing systems. As a first step toward achieving this goal, the work in this dissertation focuses on three distinct areas of interest: (1) Monitoring of time-between-events data of mechanical components replacements (e.g., failure-time data); (2) Defending against cyber-physical attacks on intelligent machining systems aiming at degrading machined parts quality; and (3) Modeling machining process data using two distinct data structures, namely, time series and spatial point cloud data.

Advanced Manufacturing Systems

Cyber-Physical Attacks

Cyber-Physical Systems Security

Quality Control

Statistical Process Control

Quality Control Tools for Cyber-Physical Security of Production Systems

Elhabashy, Ahmed Essam

15 January 2019

With recent advancements in computer and network technologies, cyber-physical systems have become more susceptible to cyber-attacks; and production systems are no exception. Unlike traditional Information Technology (IT) systems, cyber-physical systems are not limited to attacks aimed at Intellectual Property (IP) theft, but also include attacks that maliciously affect the physical world. In manufacturing, such cyber-physical attacks can destroy equipment, force dimensional product changes, alter a product's mechanical characteristics, or endanger human lives. The manufacturing industry often relies on modern Quality Control (QC) tools to protect against quality losses, such as those that can occur from an attack. However, cyber-physical attacks can still be designed to avoid detection by traditional QC methods, which suggests a strong need for new and more robust QC tools. Such new tools should be able to prevent, or at least minimize, the effects of cyber-physical attacks on production systems. Unfortunately, little to no research has been done on using QC tools for cyber-physical security of production systems. Hence, the overarching goal of this work is to allow QC systems to be designed and used effectively as a second line of defense, when traditional cyber-security techniques fail and the production system is already breached. To this end, this work focuses on: 1) understanding the role of QC systems in cyber-physical attacks within manufacturing through developing a taxonomy encompassing the different layers involved; 2) identifying existing weaknesses in QC tools and exploring the effects of exploiting them by cyber-physical attacks; and 3) proposing more effective QC tools that can overcome existing weaknesses by introducing randomness to the tools, for better security against cyber-physical attacks in manufacturing. / Ph. D. / The recent technological developments in computers and networking have made systems, such as production systems, more vulnerable to attacks having both cyber and physical components; i.e., to cyber-physical attacks. In manufacturing, such attacks are not only capable of stealing valuable information, but can also destroy equipment, force physical product changes, alter product’s mechanical characteristics, or endanger human lives. Typically, the manufacturing industry have relied on various Quality Control (QC) tools, such as product inspection, to detect the effects caused by these attacks. However, these attacks could be still designed in a way to avoid detection by traditional QC methods, which suggests a need for new and more effective QC tools. Such new tools should be able to prevent, or at least minimize, the effects of these attacks in manufacturing. Unfortunately, almost no research has been done on using QC tools for securing production systems against these malicious attacks. Hence, the overarching goal of this work is to allow QC systems to be designed in a more effective manner to act as a second line of defense, when traditional cyber-security measures and attackers have already accessed the production system. To this end, this work focuses on: 1) understanding the role of QC systems during the attack; 2) identifying existing weaknesses in QC tools and determining the effects of exploiting them by the attack; and 3) proposing more effective QC tools, for better protection against these types of cyber-physical attacks in manufacturing.

Advanced Production Systems

Cyber-Physical Attacks

Cyber-Physical Security

Quality Control

Statistical Process Control

Data Analytics for Statistical Learning

Komolafe, Tomilayo A.

05 February 2019

The prevalence of big data has rapidly changed the usage and mechanisms of data analytics within organizations. Big data is a widely-used term without a clear definition. The difference between big data and traditional data can be characterized by four Vs: velocity (speed at which data is generated), volume (amount of data generated), variety (the data can take on different forms), and veracity (the data may be of poor/unknown quality). As many industries begin to recognize the value of big data, organizations try to capture it through means such as: side-channel data in a manufacturing operation, unstructured text-data reported by healthcare personnel, various demographic information of households from census surveys, and the range of communication data that define communities and social networks. Big data analytics generally follows this framework: first, a digitized process generates a stream of data, this raw data stream is pre-processed to convert the data into a usable format, the pre-processed data is analyzed using statistical tools. In this stage, called statistical learning of the data, analysts have two main objectives (1) develop a statistical model that captures the behavior of the process from a sample of the data (2) identify anomalies in the process. However, several open challenges still exist in this framework for big data analytics. Recently, data types such as free-text data are also being captured. Although many established processing techniques exist for other data types, free-text data comes from a wide range of individuals and is subject to syntax, grammar, language, and colloquialisms that require substantially different processing approaches. Once the data is processed, open challenges still exist in the statistical learning step of understanding the data. Statistical learning aims to satisfy two objectives, (1) develop a model that highlights general patterns in the data (2) create a signaling mechanism to identify if outliers are present in the data. Statistical modeling is widely utilized as researchers have created a variety of statistical models to explain everyday phenomena such as predicting energy usage behavior, traffic patterns, and stock market behaviors, among others. However, new applications of big data with increasingly varied designs present interesting challenges. Consider the example of free-text analysis posed above. There's a renewed interest in modeling free-text narratives from sources such as online reviews, customer complaints, or patient safety event reports, into intuitive themes or topics. As previously mentioned, documents describing the same phenomena can vary widely in their word usage and structure. Another recent interest area of statistical learning is using the environmental conditions that people live, work, and grow in, to infer their quality of life. It is well established that social factors play a role in overall health outcomes, however, clinical applications of these social determinants of health is a recent and an open problem. These examples are just a few of many examples wherein new applications of big data pose complex challenges requiring thoughtful and inventive approaches to processing, analyzing, and modeling data. Although a large body of research exists in the area of anomaly detection increasingly complicated data sources (such as side-channel related data or network-based data) present equally convoluted challenges. For effective anomaly-detection, analysts define parameters and rules, so that when large collections of raw data are aggregated, pieces of data that do not conform are easily noticed and flagged. In this work, I investigate the different steps of the data analytics framework and propose improvements for each step, paired with practical applications, to demonstrate the efficacy of my methods. This paper focuses on the healthcare, manufacturing and social-networking industries, but the materials are broad enough to have wide applications across data analytics generally. My main contributions can be summarized as follows: • In the big data analytics framework, raw data initially goes through a pre-processing step. Although many pre-processing techniques exist, there are several challenges in pre-processing text data and I develop a pre-processing tool for text data. • In the next step of the data analytics framework, there are challenges in both statistical modeling and anomaly detection o I address the research area of statistical modeling in two ways: - There are open challenges in defining models to characterize text data. I introduce a community extraction model that autonomously aggregates text documents into intuitive communities/groups - In health care, it is well established that social factors play a role in overall health outcomes however developing a statistical model that characterizes these relationships is an open research area. I developed statistical models for generalizing relationships between social determinants of health of a cohort and general medical risk factors o I address the research area of anomaly detection in two ways: - A variety of anomaly detection techniques exist already, however, some of these methods lack a rigorous statistical investigation thereby making them ineffective to a practitioner. I identify critical shortcomings to a proposed network based anomaly detection technique and introduce methodological improvements - Manufacturing enterprises which are now more connected than ever are vulnerably to anomalies in the form of cyber-physical attacks. I developed a sensor-based side-channel technique for anomaly detection in a manufacturing process / PHD / The prevalence of big data has rapidly changed the usage and mechanisms of data analytics within organizations. The fields of manufacturing and healthcare are two examples of industries that are currently undergoing significant transformations due to the rise of big data. The addition of large sensory systems is changing how parts are being manufactured and inspected and the prevalence of Health Information Technology (HIT) systems in healthcare systems is also changing the way healthcare services are delivered. These industries are turning to big data analytics in the hopes of acquiring many of the benefits other sectors are experiencing, including reducing cost, improving safety, and boosting productivity. However, there are many challenges that exist along with the framework of big data analytics, from pre-processing raw data, to statistical modeling of the data, and identifying anomalies present in the data or process. This work offers significant contributions in each of the aforementioned areas and includes practical real-world applications. Big data analytics generally follows this framework: first, a digitized process generates a stream of data, this raw data stream is pre-processed to convert the data into a usable format, the pre-processed data is analyzed using statistical tools. In this stage, called ‘statistical learning of the data’, analysts have two main objectives (1) develop a statistical model that captures the behavior of the process from a sample of the data (2) identify anomalies or outliers in the process. In this work, I investigate the different steps of the data analytics framework and propose improvements for each step, paired with practical applications, to demonstrate the efficacy of my methods. This work focuses on the healthcare and manufacturing industries, but the materials are broad enough to have wide applications across data analytics generally. My main contributions can be summarized as follows: • In the big data analytics framework, raw data initially goes through a pre-processing step. Although many pre-processing techniques exist, there are several challenges in pre-processing text data and I develop a pre-processing tool for text data. • In the next step of the data analytics framework, there are challenges in both statistical modeling and anomaly detection o I address the research area of statistical modeling in two ways: - There are open challenges in defining models to characterize text data. I introduce a community extraction model that autonomously aggregates text documents into intuitive communities/groups - In health care, it is well established that social factors play a role in overall health outcomes however developing a statistical model that characterizes these relationships is an open research area. I developed statistical models for generalizing relationships between social determinants of health of a cohort and general medical risk factors o I address the research area of anomaly detection in two ways: - A variety of anomaly detection techniques exist already, however, some of these methods lack a rigorous statistical investigation thereby making them ineffective to a practitioner. I identify critical shortcomings to a proposed network-based anomaly detection technique and introduce methodological improvements - Manufacturing enterprises which are now more connected than ever are vulnerable to anomalies in the form of cyber-physical attacks. I developed a sensor-based side-channel technique for anomaly detection in a manufacturing process.

Advanced manufacturing

Anomaly detection

Cyber-physical attacks

Electro-mechanical impedance

Instrumented fixture

Machine learning

Social determinants of health

Analyses sécuritaires de code de carte à puce sous attaques physiques simulées / Security analysis of smart card C code using simulated physical attacks

Kauffmann-Tourkestansky, Xavier

28 November 2012

Cette thèse s’intéresse aux effets des attaques par fautes physiques sur le code d’un système embarqué en particulier la carte à puce. De telles attaques peuvent compromettre la sécurité du système en donnant accès à des informations confidentielles, en compromettant l’intégrité de données sensibles ou en perturbant le fonctionnement pendant l’exécution. Dans cette thèse, nous décrivons des propriétés de sécurité permettant d’exprimer les garanties du système et établissons un modèle d’attaque de haut niveau définissant les capacités d’un attaquant à modifier le système. Ces propriétés et ce modèle nous servent à vérifier la sécurité du code par analyse statique ou test dynamique, combinés avec l’injection d’attaques, simulant les conséquences logicielles des fautes physiques. Deux méthodologies sont ainsi développées afin de vérifier le comportement fonctionnel du code sous attaques, tester le fonctionnement des sécurités implémentées et identifier de nouvelles attaques. Ces méthodologies ont été mises en oeuvre dans un cadre industriel afin de faciliter le travail du développeur chargé de sécuriser un code de carte à puce. / This thesis focuses on the effects of attacks by physical faults on embedded source code specifically for smart cards. Such attacks can compromise the security of the system by providing access to confidential information, compromising the integrity of sensitive data or disrupting the execution flow. In this thesis, we describe security properties to express security guarantees on the system. We also offer an attack model defining at high level an attacker’s ability to disrupt the system. With these properties and model, we check the source code security against physical attacks. We use static analysis and dynamic testing, combined with attack injection to simulate the consequences of physical faults at software level. Two techniques are created to stress the functional behavior of the code under attack, test the reliability of built-in security countermeasures and identify new threats. These techniques were implemented in a framework to help developers secure their source code in an industrial environment.

Code

Sécurité

Attaques physiques

Carte à puce

Confidentialité

Intégrité

Injection de faute

Simulation logicielle

Code

Security

Physical attacks

Smart card

Confidentiality

Integrity

Fault injection

Software simulation

Caractérisation sécuritaire des mémoires magnétiques MRAM / Secure Charactrization of Magnetic Memories MRAM

Sarno, Thomas

22 October 2015

La MRAM est une technologie de mémoire non-volatile émergente, elle a la particularité de stocker les données sous forme d’orientations de moments magnétiques. Ses performances sont intéressantes et surpassent les technologies actuelles sur plusieurs aspects. Crocus Technology développe une nouvelle génération de MRAM, les TAS-MRAM (pour ThermallyAssistedSwitching MRAM). Ces MRAM ont la particularité d’effectuer les opérations d’écritures à hautes températures, améliorant ainsi la consommation électrique et facilitant sa réduction d’échelle. Les TAS-MRAM sont développées pour des applications sécuritaires ou critiques, cependant la technologie MRAM utilise des principes physiques liés aux interactions magnétiques qui sont relativement peu étudiés en termes de sécurité du composant.L’objet du travail de cette thèse est d’évaluer les potentielles faiblesses de sécurité pour cette technologie. En particulier la capacité des MRAM à garantir l’intégrité et la confidentialité des informations qui sont stockées a été étudiée. Ce travail est divisé en deux parties, une première partie est consacrée à l’analyse de la résistance des MRAM aux attaques physiques avec un focus tout particulier sur l’étude des effets des champs magnétiques sur l’écriture, la lecture et la rétention des données ainsi que les différentes solutions envisagées pour réduire ces effets. Une étude des effets de la température a également été réalisée. L’autre partie du travail porte sur l’étude des émissions électromagnétiques et l’analyse de plusieurs méthodes pour retrouver le poids de Hamming des données manipulées par la mémoire et de ce fait en extraire de potentiels secrets ou données sensibles. / MRAM (magnetoresistive RAM) is an emergent non-volatile memory technology; it has the particularity to store data in magnetic moments orientations. It has very interesting characteristics that overwhelm mature technologies on several points. Crocus Technology is developing a new MRAM technology called TAS-MRAM (for Thermally Assisted Switching). During write operations, this new MRAM technology uses a current to heat the memory cell. This reduces the power consumption and makes scalability easier. TAS-MRAM are developed for secure or critical applications but this technology relies on spintronic, a field of physics not much studied for electronics security.This work aims to evaluate potential security weaknesses of this technology. More specifically the memory capacity to guarantee data confidentiality was studied. This work was divided in two parts; one part is dedicated to the analysis of MRAM resistance against physical perturbations, with a special focus on magnetic fields (both static and pulsed) effects on read and write operations as well as their effects on data retention. Various methods to reduce these effects were tested and compared. The effect of high temperature was also studied.The second part focuses on the analysis of electromagnetic emissions of the MRAM components during its operations. Methods to retrieve the Hamming weight of data written in the memory are exposed and compared.

MRAM

Attaques physiques

Fuites électromagnétiques

Champ magnétique

Impulsions électromagnétiques

TAS-MRAM

MRAM

Physical attacks

Electromagnetic leakage

Magnetic field

Electromagnetic pulses

TAS-MRAM

Analyse de vulnérabilité des systèmes embarqués face aux attaques physiques / Vulnerability analysis of embedded systems against physical attacks

Bukasa, Sébanjila Kevin

08 July 2019

Au cours de cette thèse, nous nous sommes concentrés sur la sécurité des appareils mobiles. Pour cela, nous avons exploré les attaques physiques par perturbation (injection de fautes) ainsi que par observation, toutes deux basées sur les émissions électromagnétiques. Nous avons sélectionné deux types de cibles représentant deux catégories d'appareils mobiles. D'une part les microcontrôleurs qui équipent les appareils de type IoT. Et d'autre part les System-on-Chip (SoC) que l'on retrouve sur les smartphones. Nous nous sommes concentrés sur les puces conçue par ARM. Au travers d'attaques physiques nous avons voulu montrer qu'il était possible d'affecter la microarchitecture sur laquelle repose tout le fonctionnement de ces systèmes. Toutes les protections pouvant être mises en place par la suite au niveau logiciel, sont basées sur la microarchitecture et deviennent donc inopérantes lorsque l'on s'attaque à celle-ci. Pour les appareils de type IoT, nous avons mis en évidence la possibilité d'obtenir des informations ou un contrôle total de l'appareil à l'aide d'une injection de faute. Les injections de fautes sont dans ce cas les déclencheurs d'attaques logicielles et permettent d'outrepasser des protections logicielles. Pour les appareils de type smartphone, nous avons dans un premier temps été capable d'extraire des informations contenue à l'intérieur d'un SoC, à l'aide d'une écoute électromagnétique et de la caractérisation du comportement de celui-ci. Dans un deuxième temps, nous avons pu montrer qu'en cas de faute des comportements aléatoire peuvent se produire, tout en caractérisant ces comportements. Démontrant ainsi que sur des systèmes plus complexes, il est tout de même possible d'avoir recours à des attaques physiques. Enfin nous avons proposé des pistes d'améliorations en lien avec nos différentes constatations au cours de ces travaux. / During this thesis, we focused on the security of mobile devices. To do this, we explored physical attacks by perturbation (fault injections) as well as by observation, both based on electromagnetic emissions. We selected two types of targets representing two categories of mobile devices. On the one hand, the microcontrollers that equip IoT devices. And on the other hand the System-on-Chip (SoC) that can be found on smartphones. We focused on the chips designed by ARM. Through physical attacks we wanted to show that it was possible to affect the microarchitecture on which the entire functioning of these systems is based. All the protections that can be implemented later at the software level are based on the microarchitecture and therefore become ineffective when it is attacked. For IoT devices, we have highlighted the possibility of obtaining information or total control of the device by means of a fault injection. In this case, fault injections are used as software attack triggers. They also allow software protection to be bypassed. For smartphone devices, we were initially able to extract information contained within a SoC, using electromagnetic listening and characterization of its behavior. In a second step, we were able to show that in the event of a fault, random behaviours can occur, we characterized and proposed explanations for these behaviours. Demonstrating and on systems more advanced than IoT, it is still possible to use physical attacks. Finally, we proposed possible improvements in relation to our various findings during this work.

Systèmes embarqués

Sécurité

Attaques physiques

Attaques par canaux auxiliaires

Émissions électromagnétiques

Injections de fautes

Embedded systems

Security

Physical Attacks

Fault Injections

Side-Channel Attacks

Electromagnetic emissions

UN FORMALISME UNIFIANT LES ATTAQUES PHYSIQUES SUR CIRCUITS CRYTOGRAPHIQUES ET SON EXPLOITATION AFIN DE COMPARER ET RECHERCHER DE NOUVELLES ATTAQUES / A FORMALISM FOR PHYSICAL ATTACKS ON CRYPTOGRAPHIC DEVICES AND ITS EXPLOITATION TO COMPARE AND RESEARCH NEWS ATTACKS

Le Bouder, Hélène

24 October 2014

Cette thèse se situe dans la cryptanalyse physique des algorithmes de chiffrement par blocs. Un algorithme cryptographique est conçu pour être mathématiquement robuste. Cependant, une fois implémenté dans un circuit, il est possible d'attaquer les failles de ce dernier. Par opposition à la cryptanalyse classique, on parle alors d'attaques physiques. Celles-ci ne permettent pas d'attaquer l'algorithme en soi, mais son implémentation matérielle. Il existe deux grandes familles d'attaques physiques différentes : les attaques par observation du circuit durant le chiffrement, et les attaques par injections de fautes, qui analysent l'effet d'une perturbation intentionnelle sur le fonctionnement du circuit. Les attaques physiques ont deux types d'objectifs : rechercher la clé ou faire de la rétro-conception (retrouver une partie d'un algorithme de chiffrement privé, ex : s-boxes modifiées). Bien que leurs principes semblent distincts, cette thèse présente un formalisme qui permet d'unifier toutes ces attaques. L'idée est de décrire les attaques physiques de façon similaire, afin de pouvoir les comparer. De plus, ce formalisme a permis de mettre en évidence de nouvelles attaques. Des travaux novateurs ayant pour objet de retrouver la clé de chiffrement d'un AES, uniquement avec la consommation de courant ont été menés. Une nouvelle attaque de type FIRE (Fault Injection for Reverse Engineering) pour retrouver les s-boxes d'un pseudo DES est également présentée dans la thèse. Ce travail a abouti sur une réflexion plus générale, sur les attaques par injections de fautes dans les schémas de Feistel classiques et généralisés. / The main subject of this work is the physical cryptanalysis of blocks ciphers. Even if cryptographic algorithms are properly designed mathematically, they may be vulnerable to physical attacks. Physical attacks are mainly divided in two families: the side channel attacks which are based on the observation of the circuit behaviour during the computation, and the fault injection attacks which consist in disturbing the computation in order to alter the correct progress of the algorithm. These attacks are used to target the cipher key or to reverse engineer the algorithm. A formalism is proposed in order to describe the two families in a unified way. Unifying the different attacks under a same formalism allows to deal with them with common mathematical tools. Additionally, it allows a comparison between different attacks. Using this framework, a generic method to assess the vulnerabilities of generalized Feistel networks to differential fault analysis is presented. This work is furthermore extended to improve a FIRE attack on DES-like cryptosystems with customized s-boxes.

Attaques physiques

Formalisme

Attaque par observation,

Injection de faute

Cryptographie symétrique

Schémas de Feistel généralisés

Rétro-conception

FIRE

Physical attacks

Formalism

Side channel

Faults injection

Power analysis

Symmetric cryptography

Generalized feistel network

FIRE

Reverse-engineering