Affiliation:
1. Virginia Tech, Blacksburg, VA
Abstract
Fault attacks on cryptographic software use faulty ciphertext to reverse engineer the secret encryption key. Although modern fault analysis algorithms are quite efficient, their practical implementation is complicated because of the uncertainty that comes with the fault injection process. First, the intended fault effect may not match the actual fault obtained after fault injection. Second, the logic target of the fault attack, the cryptographic software, is above the abstraction level of physical faults. The resulting uncertainty with respect to the fault effects in the software may degrade the efficiency of the fault attack, resulting in many more trial fault injections than the amount predicted by the theoretical fault attack. In this contribution, we highlight the important role played by the processor microarchitecture in the development of a fault attack. We introduce the microprocessor fault sensitivity model to systematically capture the fault response of a microprocessor pipeline. We also propose Microarchitecture-Aware Fault Injection Attack (MAFIA). MAFIA uses the fault sensitivity model to guide the fault injection and to predict the fault response. We describe two applications for MAFIA. First, we demonstrate a biased fault attack on an unprotected Advanced Encryption Standard (AES) software program executing on a seven-stage pipelined Reduced Instruction Set Computer (RISC) processor. The use of the microprocessor fault sensitivity model to guide the attack leads to an order of magnitude fewer fault injections compared to a traditional, blind fault injection method. Second, MAFIA can be used to break known software countermeasures against fault injection. We demonstrate this by systematically breaking a collection of state-of-the-art software fault countermeasures. These two examples lead to the key conclusion of this work, namely that software fault attacks become much more harmful and effective when an appropriate microprocessor fault sensitivity model is used. This, in turn, highlights the need for better fault countermeasures for software.
Funder
National Science Foundation
Semiconductor Research Corporation
Publisher
Association for Computing Machinery (ACM)
Subject
Hardware and Architecture,Software
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Processor Extensions for Hardware Instruction Replay against Fault Injection Attacks;2022 25th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS);2022-04-06
2. An In-Depth Vulnerability Analysis of RISC-V Micro-Architecture Against Fault Injection Attack;2021 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT);2021-10-06
3. SimpliFI: Hardware Simulation of Embedded Software Fault Attacks;Cryptography;2021-06-07
4. Improving Performance and Mitigating Fault Attacks Using Value Prediction;Cryptography;2018-09-23
5. VPsec;Proceedings of the 15th ACM International Conference on Computing Frontiers;2018-05-08