Paper 2017/829

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code

Jakub Breier, Xiaolu Hou, and Yang Liu

Abstract

Over the past decades, fault injection attacks have been extensively studied due to their capability to efficiently break cryptographic implementations. Fault injection attack models are normally determined by analyzing the cipher structure and finding exploitable spots in non-linear and permutation layers. However, this level of abstraction is often too high to distinguish vulnerable parts of software implementations, due to specific operations and optimizations. On the other hand, manually analyzing the assembly code requires non-negligible amount of time and expertise. In this paper, we propose an automated approach for analyzing cipher implementations in assembly. We represent the whole assembly program as a data flow graph so that the vulnerable spots can be found efficiently. Fault propagation is analyzed in a subgraph constructed from each vulnerable spot, allowing equations for Differential Fault Analysis (DFA) to be automatically generated. We have created a tool that implements our approach: DATAC - DFA Automation Tool for Assembly Code. We have successfully used this tool for attacking PRESENT-80, being able to find implementation-specific vulnerabilities that can be exploited in order to recover the last round key with 16 faults. Our results show that DATAC is useful in finding attack spots that are not visible from the cipher structure, but can be easily exploited when dealing with real-world implementations.

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in TCHES 2018
Keywords
automated fault attacksoftware implementationsassembly codedifferential fault analysis
Contact author(s)
jbreier @ ntu edu sg
History
2018-04-04: last of 5 revisions
2017-08-31: received
See all versions
Short URL
https://ia.cr/2017/829
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/829,
      author = {Jakub Breier and Xiaolu Hou and Yang Liu},
      title = {Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code},
      howpublished = {Cryptology ePrint Archive, Paper 2017/829},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/829}},
      url = {https://eprint.iacr.org/2017/829}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.