| Title | : | FaultMeter: Quantitative Fault Attack Assessment of Block Cipher Software |
| Speaker | : | Keerthi K. (IITM) |
| Details | : | Wed, 29 Nov, 2023 10:00 AM @ MR1/SSB233 |
| Abstract: | : | Fault injection attacks are one of the most powerful forms of cryptanalytic attacks on ciphers. A single, precisely injected fault during the execution of a cipher like AES, can completely reveal the key within a few milliseconds. Software implementations of ciphers, therefore, need to be thoroughly evaluated for such attacks. The success of a fault attack depends intricately on (a) the cryptographic properties of the cipher, (b) the program structure, and (c) the underlying hardware architecture. In recent years, automated tools have been developed to perform these evaluations. Many of these tools fail to assess the extent to which an injected fault is exploitable. The output of these tools is binary: either an instruction is exploitable, or it is not, and do not consider the impact of the underlying hardware in the fault attack. We propose a framework called FaultMeter that builds on the state-of-the-art by not just identifying fault vulnerable locations in a block cipher software but also providing a quantification for each vulnerable location. The quantification provides a probability that an injected fault can be successfully exploited. It takes into consideration the cryptographic properties of the cipher, the structure of the implementation, and the underlying Instruction Set Architecture's (ISA) susceptibility to faults. We demonstrate an application of FaultMeter to automatically insert optimal amounts of countermeasures in a program to meet the user's security requirements while minimizing overheads. We demonstrate the versatility of the FaultMeter framework by evaluating five cipher implementations on multiple hardware platforms, namely, ARM (32 and 64-bit), RISC-V (32 and 64-bit), TI MSP-430 (16-bit), and Intel x86 (64-bit). |
