{"title":"Fault Injection, A Fast Moving Target in Evaluations","authors":"R. Bekkers, Hans König","doi":"10.1109/FDTC.2011.20","DOIUrl":null,"url":null,"abstract":"Differential Fault Analysis has been known since 1996 (Dan Boneh, Richard A. DeMilIo and Richard ]. Lipton, \"The Bellcore Attack\") [1]. Before that, the implementations of cryptographic functions were developed without the awareness of fault analysis attacks. The first fault injection set-ups produced single voltage glitches or single light flashes at a single location on the silicon. A range of countermeasures has been developed and applied in cryptographic devices since. But while the countermeasures against perturbation attacks were being developed, attack techniques also evolved. The accuracy of the timing was improved, mUltiple light flashes were used to circumvent double checks, perturbation attacks were being combined with side channels such as power consumption and detection methods developed to prevent chips from blocking after they detected the perturbation attempt. Against all these second generation attack methods new countermeasures were developed. This raised the level of security of secure microcontroller chips to a high level , especially compared to products of ten years ago. The certification schemes are mandating more and more advanced tests to keep secure systems secure in the future. One of the latest requirements is light manipulation test using power consumption waveform based triggering with mUltiple light flashes at mUltiple locations on the silicon. If attack scenarios that are as complicated as this one are in scope where will it end? The equipment necessary for the attack is expensive and special software is required. The perturbation attacks that are performed outside security labs and universities are of a different level. The security laboratories need to improve their attack techniques to match the findings of academic research, attacks in the field and attacks developed by other laboratories. The level of required security is increasing, also increasing the price of the products because of the extra countermeasures that need to be implemented. These extra countermeasures result in significantly more complicated hardware designs, software implementations, higher power consumption and performance loss. Evaluation costs also increase with every extra penetration test that is added by the schemes because test set-ups have to be enhanced and more","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FDTC.2011.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
Differential Fault Analysis has been known since 1996 (Dan Boneh, Richard A. DeMilIo and Richard ]. Lipton, "The Bellcore Attack") [1]. Before that, the implementations of cryptographic functions were developed without the awareness of fault analysis attacks. The first fault injection set-ups produced single voltage glitches or single light flashes at a single location on the silicon. A range of countermeasures has been developed and applied in cryptographic devices since. But while the countermeasures against perturbation attacks were being developed, attack techniques also evolved. The accuracy of the timing was improved, mUltiple light flashes were used to circumvent double checks, perturbation attacks were being combined with side channels such as power consumption and detection methods developed to prevent chips from blocking after they detected the perturbation attempt. Against all these second generation attack methods new countermeasures were developed. This raised the level of security of secure microcontroller chips to a high level , especially compared to products of ten years ago. The certification schemes are mandating more and more advanced tests to keep secure systems secure in the future. One of the latest requirements is light manipulation test using power consumption waveform based triggering with mUltiple light flashes at mUltiple locations on the silicon. If attack scenarios that are as complicated as this one are in scope where will it end? The equipment necessary for the attack is expensive and special software is required. The perturbation attacks that are performed outside security labs and universities are of a different level. The security laboratories need to improve their attack techniques to match the findings of academic research, attacks in the field and attacks developed by other laboratories. The level of required security is increasing, also increasing the price of the products because of the extra countermeasures that need to be implemented. These extra countermeasures result in significantly more complicated hardware designs, software implementations, higher power consumption and performance loss. Evaluation costs also increase with every extra penetration test that is added by the schemes because test set-ups have to be enhanced and more
自1996年以来,微分故障分析已经为人所知(Dan Boneh, Richard A. DeMilIo和Richard)。利普顿,“贝尔科攻击”)[1]。在此之前,加密功能的实现是在没有故障分析攻击意识的情况下开发的。第一次故障注入装置在硅片上的单个位置产生单个电压故障或单个闪光。从那时起,一系列的对抗措施被开发并应用于加密设备。但是,在开发针对摄动攻击的对策的同时,攻击技术也在发展。时间的准确性得到了提高,多次闪光用于规避双重检查,微扰攻击与侧通道(如功耗)相结合,并开发了检测方法,以防止芯片在检测到微扰尝试后阻塞。针对这些第二代攻击方法,开发了新的对策。这将安全微控制器芯片的安全水平提升到一个很高的水平,特别是与十年前的产品相比。认证方案要求越来越多的高级测试,以确保安全系统在未来的安全。最新的要求之一是光操作测试,使用基于功耗波形的触发,在硅上的多个位置有多个闪光灯。如果像这样复杂的攻击场景出现在范围内,它将在哪里结束?攻击所需的设备非常昂贵,并且需要特殊的软件。在安全实验室和大学之外进行的扰动攻击是一个不同的级别。安全实验室需要改进其攻击技术,以匹配学术研究结果、现场攻击和其他实验室开发的攻击。所需的安全水平正在提高,同时也增加了产品的价格,因为需要实施额外的对策。这些额外的对策导致硬件设计、软件实现、更高的功耗和性能损失显著增加。评估成本也会随着每一次额外的渗透测试的增加而增加,因为测试设置必须得到加强