Abstract
Applications in secure components (such as smartcards, mobile phones or secure dongles) must be hardened against fault injection to guarantee security even in the presence of a malicious fault. Crafting applications robust against fault injection is an open problem for all actors of the secure application development life cycle, which prompted the development of many simulation tools. A major difficulty for these tools is the absence of representative codes, criteria and metrics to evaluate or compare obtained results. We present FISSC, the first public code collection dedicated to the analysis of code robustness against fault injection attacks. FISSC provides a framework of various robust code implementations and an approach for comparing tools based on predefined attack scenarios.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
TEE Protection Profile. Tech. Rep. GPD_SPE_021. GlobalPlatform, november 2014.
- 2.
- 3.
To request or contribute, send an e-mail to sertif-secure-collection@imag.fr.
References
Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)
Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)
Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)
Berthier, M., Bringer, J., Chabanne, H., Le, T.-H., Rivière, L., Servant, V.: Idea: embedded fault injection simulator on smartcard. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS. LNCS, vol. 8364, pp. 222–229. Springer, Heidelberg (2014)
Berthomé, P., Heydemann, K., Kauffmann-Tourkestansky, X., Lalande, J.: High level model of control flow attacks for smart card functional security. In: ARES 2012, pp. 224–229. IEEE (2012)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Dureuil, L., Potet, M.-L., de Choudens, P., Dumas, C., Clédière, J.: From code review to fault injection attacks: filling the gap using fault model inference. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 107–124. Springer, Heidelberg (2015). doi:10.1007/978-3-319-31271-2_7
Holler, A., Krieg, A., Rauter, T., Iber, J., Kreiner, C.: Qemu-based fault injection for a system-level analysis of software countermeasures against fault attacks. In: Digital System Design (DSD), Euromicro 15. pp. 530–533. IEEE (2015)
Lalande, J., Heydemann, K., Berthomé, P.: Software countermeasures for control flow integrity of smart card C codes. In: Proceedings of the 19th European Symposium on Research in Computer Security, ESORICS 2014, pp. 200–218 (2014)
Machemie, J.B., Mazin, C., Lanet, J.L., Cartigny, J.: SmartCM a smart card fault injection simulator. In: IEEE International Workshop on Information Forensics and Security. IEEE (2011)
Meola, M.L., Walker, D.: Faulty logic: reasoning about fault tolerant programs. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 468–487. Springer, Heidelberg (2010)
Moro, N., Heydemann, K., Encrenaz, E., Robisson, B.: Formal verification of a software countermeasure against instruction skip attacks. J. Cryptographic Eng. 4(3), 145–156 (2014)
Pattabiraman, K., Nakka, N., Kalbarczyk, Z., Iyer, R.: Discovering application-level insider attacks using symbolic execution. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 63–75. Springer, Heidelberg (2009)
Potet, M.L., Mounier, L., Puys, M., Dureuil, L.: Lazart: a symbolic approach for evaluation the robustness of secured codes against control flow injections. In: Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014, pp. 213–222. IEEE (2014)
Séré, A., Lanet, J.L., Iguchi-Cartigny, J.: Evaluation of countermeasures against fault attacks on smart cards. Int. J. Secur. Appl. 5(2), 49–60 (2011)
Van Woudenberg, J.G., Witteman, M.F., Menarini, F.: Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 91–99. IEEE (2011)
Acknowledgments
This work has been partially supported by the SERTIF project (ANR-14-ASTR-0003-01): http://sertif-projet.forge.imag.fr and by the LabEx PERSYVAL-Lab (ANR-11-LABX-0025).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Dureuil, L., Petiot, G., Potet, ML., Le, TH., Crohen, A., de Choudens, P. (2016). FISSC: A Fault Injection and Simulation Secure Collection. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9922. Springer, Cham. https://doi.org/10.1007/978-3-319-45477-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-45477-1_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45476-4
Online ISBN: 978-3-319-45477-1
eBook Packages: Computer ScienceComputer Science (R0)