{"title":"Body Biasing Injection: Impact of substrate types on the induced disturbancesƒ","authors":"G. Chancel, J. Gallière, P. Maurine","doi":"10.1109/FDTC57191.2022.00015","DOIUrl":"https://doi.org/10.1109/FDTC57191.2022.00015","url":null,"abstract":"Body Biasing Injection (BBI) is one of the most recent fault injection techniques. It consists of applying voltage pulses onto the substrate of integrated circuits (ICs) using a sharp needle. Because this technique is more recent, there is little information about the nature of the injected disturbances in the ICs. It is especially true if one considers that the substrate of microcontrollers can either be of dual or triple-well types, and thus can have different susceptibility to BBI. In previous work, a study of the effects of thinning the substrate of ICs on BBI and an electrical model were proposed. However, this study was only conducted for dual-well ICs. As a result, this paper provides enhanced electrical models to simulate the distribution of BBI disturbances through the different substrates, and it also gives a global view of the different BBI induced effects in relation to the nature of the substrate and the polarity of the injected voltage pulses.","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116906719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The More You Know: Improving Laser Fault Injection with Prior Knowledge","authors":"Marina Krček, T. Ordas, Daniele Fronte, S. Picek","doi":"10.1109/FDTC57191.2022.00012","DOIUrl":"https://doi.org/10.1109/FDTC57191.2022.00012","url":null,"abstract":"We consider finding as many faults as possible on the target device in the laser fault injection security evaluation. Since the search space is large, we require efficient search methods. Recently, an evolutionary approach using a memetic algorithm was proposed and shown to find more interesting parameter combinations than random search, which is commonly used. Unfortunately, once a variation on the bench or target is introduced, the process must be repeated to find suitable parameter combinations anew.To negate the effect of variation, we propose a novel method combining a memetic algorithm with a machine learning approach called a decision tree. Our approach improves the memetic algorithm by using prior knowledge of the target introduced in the initial phase of the memetic algorithm. In our experiments, the decision tree rules enhance the performance of the memetic algorithm by finding more interesting faults in different samples of the same target. Our approach shows more than two orders of magnitude better performance than random search and up to 60% better performance than previous state-of-the-art results with a memetic algorithm. Another advantage of our approach is human-readable rules, allowing the first insights into the explainability of target characterization for laser fault injection.","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124978605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Chef, C. T. Chua, Jing Yun Tay, J. Cheah, Chee Lip Gan
{"title":"Embedded-EEPROM descrambling via laser-based techniques – A case study on AVR MCU","authors":"S. Chef, C. T. Chua, Jing Yun Tay, J. Cheah, Chee Lip Gan","doi":"10.1109/fdtc57191.2022.00010","DOIUrl":"https://doi.org/10.1109/fdtc57191.2022.00010","url":null,"abstract":"Embedded Non-Volatile-Memory (NVM) such as Flash or EEPROM is a key component in modern microcontroller units. For instance, it can be used to store critical information such as user passwords or device firmware. Although several studies reported ways to extract binary data from embedded EEPROM bitcells, data organization has received less attention. In this paper, we present a method to identify bitcells organization in the EEPROM array. It relies on a combination of various laser-based techniques. The method was applied to an 8 bits AVR microcontroller.","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128491163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Quantifying the Speed-Up Offered by Genetic Algorithms during Fault Injection Cartographies","authors":"Idris Rais-Ali, Antoine Bouvet, S. Guilley","doi":"10.1109/FDTC57191.2022.00016","DOIUrl":"https://doi.org/10.1109/FDTC57191.2022.00016","url":null,"abstract":"In the context of Fault Injection Analyses, the determination of the correct set of physical perturbation parameters is critical. When searching for vulnerabilities against fault injections, it is then a necessity to carry out a cartography in order to establish which tuples of parameters allow to disturb the target successfully, in a reliable way. In practice, this task is often time consuming because of the large number of dimensions to consider, hence an exhaustive cartography is most of the time impossible.This paper analyses three different cartography strategies: Linear-Scan, Monte-Carlo, and Genetic Algorithm-based methods. We compare them in real Electro-Magnetic Fault Injection Analyses on an hardware device, distinguishing two different contexts, namely with few, and, at the opposite, with more Points of Interest. We show that Genetic Algorithms are always better for identifying Areas of Interest, and so correct injection parameters, which is crucial for characterizing vulnerabilities in security evaluation contexts.","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132906040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Triple Exploit Chain with Laser Fault Injection on a Secure Element","authors":"Olivier Hériveaux","doi":"10.1109/FDTC57191.2022.00011","DOIUrl":"https://doi.org/10.1109/FDTC57191.2022.00011","url":null,"abstract":"This work presents three vulnerabilities identified in the ATECC608B secure element. This circuit is the latest silicon revision of the ATECC devices family, which is widely deployed in IoT devices. When chained, the three vulnerabilities exploitation lead to a protected secret data extraction from the secure element. For this work, three different commands of the chip are faulted with laser illumination. The first attack recovers internal secret EEPROM masking keys. With the knowledge of those keys, further attacks are leveraged: we show how authentication and session key generation can be hijacked with laser assistance to finally gain authorized access to a secret data slot. We also used very long laser pulses for our attacks in order to fault multiple memory accesses with high efficiency. Our study was done in a black box approach, and shows multiple exploit attacks using laser fault injection can be practical. In particular, this allowed us to recover secret data on a real test device.","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130824018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"FA-LLLing for RSA: Lattice-based Fault Attacks against RSA Encryption and Signature","authors":"G. Barbu","doi":"10.1109/FDTC57191.2022.00013","DOIUrl":"https://doi.org/10.1109/FDTC57191.2022.00013","url":null,"abstract":"At CT-RSA 2022, it was shown that combining the power of lattice reduction algorithms with that of fault injection allows not only to carve new attack paths, as previously known, but also to pave existing ones, so to speak. Indeed, using faulty results to build an instance of the Hidden Number Problem, and eventually solving it, can allow an attacker to consider less restrictive fault models than before. In this article, we introduce two new fault attacks on both RSA encryption and signature using this approach. Our lattice-based attack can require as few as 2 faulty ciphertexts and signatures respectively to reveal the hidden secrets with a 32-bit random fault model. At the other end of the fault model spectrum, our attack is still successful considering a very permissive fault model where the attacker can randomly alter up to 98% of the targeted value.","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129588180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Simon Tollec, Mihail Asavoae, Damien Couroussé, K. Heydemann, M. Jan
{"title":"Exploration of Fault Effects on Formal RISC-V Microarchitecture Models","authors":"Simon Tollec, Mihail Asavoae, Damien Couroussé, K. Heydemann, M. Jan","doi":"10.1109/FDTC57191.2022.00017","DOIUrl":"https://doi.org/10.1109/FDTC57191.2022.00017","url":null,"abstract":"This paper introduces a formal workflow for modeling software/hardware systems in order to explore the effects of fault injections and evaluate the robustness to fault injection attacks. We illustrate this workflow on four versions of a PIN authentication code, embedding different software countermeasures. The code is symbolically evaluated on two implementations of the RISC-V CV32E40P core: the original implementation from the OpenHW group and an implementation that integrates protection of the pipeline control signals. On the original, unprotected core, our formal workflow exposes various vulnerabilities, including previously unknown ones, whereas, on the protected core, it confirms the effectiveness of the proposed countermeasures.","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"20 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113942188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Generalising Fault Attacks to Genus Two Isogeny Cryptosystems","authors":"Ariana Goh, Chu-Wee Lim, Y. Ti","doi":"10.1109/FDTC57191.2022.00014","DOIUrl":"https://doi.org/10.1109/FDTC57191.2022.00014","url":null,"abstract":"In this paper we generalise the SIDH fault attack and the SIDH loop-abort fault attacks on supersingular isogeny cryptosystems (genus-1) to genus-2. Genus-2 isogeny-based cryptosystems are generalisations of its genus-1 counterpart, as such, attacks on the the latter are believed to generalise to the former.The point perturbation attack on supersingular elliptic curve isogeny cryptography has been shown to be practical. We show in this paper that this fault attack continues to be practical in genus-2, albeit with a few additional traces required. We also show that the loop-abort attack carries over to the genus-2 setting seamlessly.","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122411156","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Keynote Message","authors":"","doi":"10.1109/fdtc57191.2022.00006","DOIUrl":"https://doi.org/10.1109/fdtc57191.2022.00006","url":null,"abstract":"","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132990116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}