Fault Attacks, Injection Techniques and Tools for Simulation
Roberta Piscitelli, Shivam Bhasin and Francesco Regazzoni
Embedded systems pervaded our live since few years. The applications where they are used are often safety critical, such as public transports or smart grids control, or handle private and sensitive data, such has medical records or biometrics information for access control. This trend is expected to even increase in the near future, when a large amount of embedded devices will be connected to the so called Internet of Things (IoT). If, on one side, the level of interoperability and connectivity which will be reached by the objects in the IoT will allow to offer a large variety of services, to increase the efficiency and to reduce the costs, on the other side, the envisioned applications require the device to include security functionality to guarantee the confidentiality of the processed data and the security of the overall infrastructure.
Designers anticipated these needs by augmenting several devices with state of the art cryptographic primitives: embedded processors included instructions to quickly encrypt and decrypt data and a number of low-cost accelerators were designed to boost the performance of secure protocols implemented in wireless sensor nodes. However, robust and mathematically secure cryptographic primitives are not sufficient to guarantee the security of embedded devices. In the past, cryptographics algorithm have been conceived to be robust only against mathematical attacks: their structure is realized to resist, among other, to linear and differential cryptanalysis, they were requested to resist brute force attacks, also considering the progress of the
R. Piscitelli (B)
© Springer International Publishing Switzerland 2017 27
N. Sklavos et al. (eds.), Hardware Security and Trust,
technology, and the hardness of the computational problem involved should have been capable of guaranteeing long-term security.
The situation changed in the last to decades, with the advent, the rise and the develop of a novel form of attacks, called physical attacks. These attacks, instead of addressing the mathematical structure of the algorithm, try to extract information about the secret key exploiting the weaknesses of the implementation of the algorithm itself. To recover the secret data, the adversary can exploit either an additional information leaked by the device during the computation (for instance the power consumed by the device) or can actively induce an anomalous behavior capable of leaking secret information.
Physical attacks are particularly dangerous for embedded systems, as they are, potentially, “in the hand” of the adversary, which thus has the whole control over them. Physical attacks are usually divided into two classes: passive attacks and active attacks. Among the first ones, the most notable one is power analysis , in which the adversary measures the power consumed by certain number of encryptions computed using a known plaintext, makes an hypothesis on a small portion of the secret key, and used the previously collected power traces to verify the correctness of the hypothesis. Nevertheless, the time  needed to complete an encryption, the electromagnetic emission  of a device or even the photons emitted by transistors  were successfully used to recover secret data.
During active attacks, the adversary does not limit himself to the observation of information leakage but actively tampers with the target device. The most common form of active attack is fault injection. In this attack, the adversary forces the device to perform erroneous operations and he exploits the relation between the correct results and the incorrect ones to infer the secret key (or to significantly reduce the possible key space). Fault injection consists of two parts: the first is the injection of the fault into the device, in which the target device is induced into an anomalous behavior, the second is the attack itself, in which the erroneous output is used to extract secret information.
Fault injection attacks are extremely dangerous because they require a limited amount of time to be carried out and because they were proven to be effective even when performed with an extremely inexpensive equipment. Barenghi et al. , for instance, showed how, by underpowering an ARM9 embedded processor, it was possible to induce a number of errors sufficient to successfully attacks software implementations of the AES and the RSA algorithms. A similar approach was used also to attack an ASIC implementation of the AES algorithm.
Robustness against fault attacks is usually evaluated in laboratories, where a manufactured device is tested by mounting a number of known attacks. However, this is not the best solution for designers which needs to timely apply the proper countermeasure against these attacks. Even if the final prove of resistance can be obtained only with the direct evaluation of the manufactured device, it would be more effective to have an initial exploration of the resistance against fault attacks at design time. This, however, requires to have tools capable of simulating the behavior of a device under attack, at the needed resolution, and to have a methodology to compare different countermeasures.
This paper addresses the problem of fault attacks. First, we survey the most common methods used to inject the faults, highlighting the potentialities of the method and its cost. Then we summarize the type of fault attacks previously presented in literature, finally we introduce the design tools which can be used for simulating fault attacks and we discuss to which extend they are suitable for evaluating the sensitivity of a device against fault attacks.