Automatic methods for protection of cryptographic hardware against fault attacks

Abstract

Since several years, the number of electronic devices in use has been strongly rising, especially in the field of embedded systems. From automotive applications or smartphones, to smaller area and power restricted embedded systems, such as Internet of Things (IoT) devices or smart cards, the wide availability of these systems induces a need for data protection. The implementation of hardware cryptographic primitives on Application Specific Integrated Circuit (ASIC) or Field Programmable Gate Array (FPGA) aims to fulfil the security requirements, while providing faster and lower power encryption than software based solutions on microprocessors, especially in the case of constrained resources. However, cryptographic solutions can be attacked, even if the encryption scheme is proven secure. One possible way to do so is through physical attacks, such as Side-Channel Analysis (SCA), for example by analysing their power consumption, or fault injection attacks, which disturb the computation in a way that allows an attacker to recover the secret key. As such, it is of the utmost relevance to implement cryptographic algorithms in a way that minimises the risk of physical attacks, as well as implement some counter-measures to prevent them, for instance Error Correcting Codes (ECC). Moreover, the evaluation of aforementioned cryptographic hardware and counter-measures is not generally done automatically, but rather empirically. This results in a need for the automation of both counter-measures generation and physical hardware checking against attacks. This thesis will focus on the automation of both aspects. Firstly, Error Detecting Code (EDC), as well as ECC, counter-measures are presented. Their goal is to stop faults from disturbing the encryption process. A discussion on the differences between natural (i.e induced by natural factors such as ageing or cosmic rays) and malicious faults is given in a subsequent chapter, as well as an analysis of the limitations of the evaluation of ECC. This is followed by the presentation of new architectures based on a new class of robust EDC, aimed at preventing multiple faults. They are scalable by construction, and as such it is possible to automatically choose an appropriate EDC implementation with regards to the constraint of the protected hardware. The architectures ensure the detection of faults injected by a strong adversary (who has the ability to inject precise faults on a temporal and spatial level), as well as the correction of low-multiplicity faults. The structure of the implementation, an inner-outer code based construction, and more specifically an efficient decoding method are further detailed, as well as some additional tweaks. Finally, the implementation is validated against physical fault injection on a SAKURA-G FPGA platform, and the results further reinforce the need for such architectures. The second part of the thesis will consider attack scenarios, and more precisely fault attacks. The automatic evaluation of hardware implementations of cryptographic primitives will be the main focus. In this regard, this thesis considers a particular type of fault attacks, hardware based Algebraic Fault Attacks (AFA). AFAs are at the border between mathematical cryptanalysis and physical fault injection attacks. They combine information from fault disturbed encryptions with some cipher description, in order to build an attack and recover the secret key. This work considers the hardware implementations of different ciphers as the source of algebraic information. In such regards, a framework for automated creation of AFAs has been developed in collaboration with the chair of computer architecture of the University of Freiburg. The framework takes the description of the cipher, in Hardware Description Language (HDL) or gate level, as well as a defined fault model as inputs, and through a series of steps, builds an attack in order to recovers the secret key. The detailed steps are presented in this thesis. The automatic generation of attack scenario for a considered cipher allows for an evaluation of any cipher implementation, including any potential changes or optimisation made against different attack scenarios. The framework itself was tested on a variety of different Substitution and Permutation Network (SPN), and some counter-measures. Physical realisation of fault attacks are also considered, from an implementation of the SAKURA-G FPGA platform, as well as software simulations of an idealised fault model. The constructed attacks were successful and the results are discussed, as well as the implication of multiple fault injections for solving. Finally, some counter-measures are considered, in order to validate or invalidate their effectiveness against AFAs.