fault attack vulnerability assessment of binary code
play

Fault attack vulnerability assessment of binary code Cryptography - PowerPoint PPT Presentation

May 06, 2023 •422 likes •770 views

Fault attack vulnerability assessment of binary code Cryptography and Security in Computing Systems [CS219], Valencia, Spain January 21, 2019 Jean-Baptiste Brjon Emmanuelle Encrenaz Karine Heydemann Quentin Meunier Son-Tuan Vu Sorbonne

  1. Fault attack vulnerability assessment of binary code Cryptography and Security in Computing Systems [CS2’19], Valencia, Spain January 21, 2019 Jean-Baptiste Bréjon Emmanuelle Encrenaz Karine Heydemann Quentin Meunier Son-Tuan Vu Sorbonne Université, CNRS, Laboratoire d’Informatique de Paris 6, F-75005 Paris, France JB. Bréjon CS2’19 January 21, 2019 1 / 21

  2. Plan Context Fault Attacks Protections Vulnerability Assessment Security Metrics Use-Case: VerifyPin Conclusion JB. Bréjon CS2’19 January 21, 2019 2 / 21

  3. Context The number of embedded systems keeps growing and their uses diversify Sensitive data are increasingly manipulated by embedded systems → Need to secure them and thus guarantee the effectiveness of protection mechanisms The case of physical attacks: requires physical access to the chip Side-channel: the attacker deduces secret information by exploiting caracteristics of the software or hardware implementation Fault attacks: the attacker perturbs the program behavior by using physical means to obtain secret information JB. Bréjon CS2’19 January 21, 2019 3 / 21

  4. Fault Attacks Means Clock glitch, voltage glitch [B AR -E L et al. 2006] Laser beam [K ARAKLAJIC et al. 2013] Electromagnetic pulse [D EHBAOUI et al. 2012; M ORO et al. 2013] ... Goals Bypass security mechanisms [V ASSELLE et al. 2017] Privilege escalation [T IMMERS et al. 2017] Obtain sensitive information Effects Permanent (bond wire fuse), transient (bit flip) [B AR -E L et al. 2006; B ONEH et al. 2001; O RDAS et al. 2015] Fault effects representation at a specific code level → fault model → How can we protect from them? JB. Bréjon CS2’19 January 21, 2019 4 / 21

  5. Protections Can be implemented on both hardware (costly, cannot be adapted) and software (cheaper, easily adaptable) Software protections Add pieces of code Can be implemented at all code levels Trial-and-error process Designed against fault models Issues with the process of protecting software Ensure protections effectiveness Ensure the final code is well protected, especially considering the effects of compiler optimisations → Need to assess the security of the code at low level JB. Bréjon CS2’19 January 21, 2019 5 / 21

  6. Vulnerability Assessment Goal: assess the robustness of a binary program to fault attacks Why binary code? → Allows to take into account the effects of the optimization process on protections implemented at source-level → Have access to the final binary instructions and code layout Formal verification → requires to formally model code and faults Implemented in a tool → RobustB 3 supported fault models Instruction skip Register corruption Instruction replacement JB. Bréjon CS2’19 January 21, 2019 6 / 21

  7. Overview (vulnerabilities) Initialization Binary Original Faulted Vulnerability Code Code + RobustB Initialization Original Path Faulted Path Final values Final values list Target region Comparison Final values Final values ≠ Comparison From a code region in a binary Vulnerability detection: difference in final values of the original code and a faulted code version Outputs a description of the vulnerabilities found: vulnerability list JB. Bréjon CS2’19 January 21, 2019 7 / 21

  8. Overview (process steps) Initialization Original Faulted Binary Vulnerability Code Code + RobustB Initialization Original Faulted Path Path Target region Final values Final values list Comparison Final values Final values ≠ Comparison 1 - Extract a representation of the target region 2 - Determine the possible execution paths within the target region 3 - Single fault injection on the possible execution paths 4 - Search for vulnerabilities by formal verification of a non-equivalence property (SMT) Satisfiable → the fault induces a vulnerability Unsatisfiable → the fault has no effect ⇒ Vulnerability list including their locations JB. Bréjon CS2’19 January 21, 2019 8 / 21

  9. Information Extraction From the Binary CFG Binary A Other area block Block A B 1 Block B Target Region Block D 1 C Block C Other area block D Dynamic/symbolic analysis Extracts execution contexts of Static analysis the target region CFG construction + Blocks order Extracts loop bounds within the target region JB. Bréjon CS2’19 January 21, 2019 9 / 21

  10. Determining the Possible Execution Paths Structural bounded unfolding of the CFG CFG EFG A A B B C 1 C B D C D 1 D D D JB. Bréjon CS2’19 January 21, 2019 10 / 21

  11. Determining the Possible Execution Paths Structural bounded unfolding of the CFG CFG EFG A A B B C 1 C B D C D 1 D D D Resulting paths accessibility test (SMT) → Each instruction is modeled regarding its effect on a machine state model Conditions : accessibility cmp cmp add Branch add Branch S0 S1 S2 S3 S4 S5 S6 Initial state Final state JB. Bréjon CS2’19 January 21, 2019 10 / 21

  12. Determining Faulty Execution Paths EFG A EFG CFG A A B C Binary 1 + 1 B Other area block B D C D Block A 1 Block B C D D Block D Block C D Induced EFG Other area block A A fault may alter the execution flow B → Possible execution paths are recomputed after a fault injection B D CFG unfolding after the fault Takes into account the code layout Relaxed loop bounds B D Resulting paths are checked for accessibility D JB. Bréjon CS2’19 January 21, 2019 11 / 21

  13. Robustness Analysis P _ Orig → Original execution path P _ Faulted → Faulty execution path Context Registers Memory locations P_Orig P_Faulted ≠ Registers Same context (C) Registers When the final values of some Memory locations Memory locations memorizing elements differ , a vulnerability is detected Formula: Access ( P _ Orig , C ) ∧ Access ( P _ Faulted , C ) ∧ Vuln → SAT : The fault in P _ Faulted leads to a Security Property vulnerability Repeating this process for all faults on all injection points produces a vulnerability list JB. Bréjon CS2’19 January 21, 2019 12 / 21

  14. Results Synthesis Vulnerability list is not easy to analyse (manual evaluate each vulnerability) How dangerous is each vulnerability? How to compare the vulnerabilities of two different implementations? Need for a synthetic view Introduction of three security metrics Instruction sensitivity level Average number of vulnerabilities in paths Vulnerabilities density JB. Bréjon CS2’19 January 21, 2019 13 / 21

  15. Paths Probabilities A vulnerability appearing on a path should be weighted differently than one appearing on another path depending on the likelihood of their path . CFG EFG A A 0.5 0.5 B B C 1 1 0 0.5 0.5 C B D C D 1 p3 D D D p1 p2 By default: paths have equal Path Blocks P(path) probability p1 A - B - B - D 0.5 p2 A - C - C - D 0.25 Ideally: user can define the branches probability p3 A - C - D 0.25 JB. Bréjon CS2’19 January 21, 2019 14 / 21

  16. Instruction Sensitivity (IS) IS(i): score reflecting instruction i sensitivity Each vulnerable instruction occurence is weighted relatively to the likelihood of the path it appears on IS ( i ) = � p ∈ Paths P ( p is taken ) × NV i ( p ) *3 I0 A 0.5 0.5 NV i ( p ) : Instruction i #Vulnerabilities on I1 path p B C 1 0 0.5 0.5 Inst Score I1 I2 B D C D I0 1 = P ( p 1 ) + P ( p 2 ) + P ( p 3 ) p3 1 = 2 ∗ P ( p 1 ) I1 P(p3)=0.25 I2 D D I2 0.5 = P ( p 2 ) + P ( p 3 ) p1 p2 P(p1)=0.5 P(p2)=0.25 Rank the instructions according to their sensitivity → helps the designer to focus on the most sensitive instructions JB. Bréjon CS2’19 January 21, 2019 15 / 21

  17. Attack Surface (AS) AS: average number of vulnerabilities on an execution path AS = � p ∈ Paths P ( p is taken ) × NV ( p ) NV(p) : #Vulnerabilites appearing on path p 4 vulnerabilities , on each example, weigthed by paths probabilities 4 0.5 0.5 1 4 p1 p2 p1 P(p1)=0.5 P(p2)=0.5 P(p1)=0.5 AS = 4 ∗ 0 . 5 = 2 AS = 4 ∗ 1 = 4 2 vulnerabilities found on average 4 vulnerabilities found on average The higher the attack surface , the more the attacker will be able to inject a fault leading to a vulnerability JB. Bréjon CS2’19 January 21, 2019 16 / 21

  18. Normalized Attack Surface (NAS) NAS: Average density of vulnerabilities p ∈ Paths P ( p is taken ) × NI ( p ) = AS AS NAS = � ANI NI(p) : Path p #Instructions ANI : Average number of instructions per path Same vulnerabilities but different amount of instructions : affects vulnerability density x2 100 10 x2 0.5 0.5 0.5 0.5 100 100 10 10 p1 p2 p1 p2 P(p1)=0.5 P(p2)=0.5 P(p1)=0.5 P(p2)=0.5 AS = 2 ∗ 0 . 5 + 2 ∗ 0 . 5 = 2 AS = 2 ∗ 0 . 5 + 2 ∗ 0 . 5 = 2 NAS = 2 / ( 100 + 100 ) = 0.01 NAS = 2 / ( 10 + 10 ) = 0.1 Odds for a randomly timed fault injection to Odds for a randomly timed fault injection to lead to a vulnerability: 1% lead to a vulnerability: 10% JB. Bréjon CS2’19 January 21, 2019 17 / 21

  19. Use-Case: VerifyPin Description Belongs to the FISCC (Fault Injection and Simulation Secure Code Collection) benchmarks, dedicated to fault injection analysis Compares a user PIN with a predefined PIN Authentication “OK” if PINs are identical, “KO” otherwise Several versions of the function, each one combining different source-level protections Analysis Security property: user PIN and predefined PIN different with Authentication “OK” 4 versions: 1 unprotected, 3 protected 2 optimisation levels: O0, O2 Fault model: instruction skip JB. Bréjon CS2’19 January 21, 2019 18 / 21

Recommend

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or binary code are used by computers and digital devices to talk to each other. It is used to give commands to the computer or a way to enter data

165 views • 12 slides
I Control Your Code Attack Vectors through the Eyes of Software-based Fault Isolation Mathias

I Control Your Code Attack Vectors through the Eyes of Software-based Fault Isolation Mathias

I Control Your Code Attack Vectors through the Eyes of Software-based Fault Isolation Mathias Payer <mathias.payer@nebelwelt.net> Motivation Current exploits are powerful because Applications run on coarse-grained user-privilege

800 views • 39 slides
Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures Islamabad Pakistan Assessment and Vulnerability Assessment and Vulnerability Reduction Measures Reduction Measures adpc Asian Disaster

702 views • 46 slides
Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides
Introduction Attack Graphs Model Creation Analysis of Attack Graphs

Introduction Attack Graphs Model Creation Analysis of Attack Graphs

EVA Evolutionary Vulnerability Analyzer A Framework for Network Analysis and Risk Assessment Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield Introduction Attack Graphs Model Creation

684 views • 50 slides
(Binary code is a series of digits, that are either ones or zeros. Each digit is called a

(Binary code is a series of digits, that are either ones or zeros. Each digit is called a

Welcome back! In the last session, we started to look at computers and coding, and explored the computer language binary. Can anyone remember what binary code looks like? (Binary code is a series of digits, that are either ones or zeros.

402 views • 25 slides
Contents What is vulnerability? Why conduct vulnerability assessments? Defining

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides
Dirty COW Race Condition Attack Outline Dirty COW vulnerability Memory Mapping using

Dirty COW Race Condition Attack Outline Dirty COW vulnerability Memory Mapping using

Dirty COW Race Condition Attack Outline Dirty COW vulnerability Memory Mapping using mmap() Map_shared, Map_Private Mapping Read-Only Files How to exploit? Dirty COW vulnerability Interesting case of the race

667 views • 24 slides
Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack

Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack

Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT Haohuang Wen 1 , Qi Alfred Chen 2 , Zhiqiang Lin 1 1 Ohio State University 2 University of California, Irvine USENIX

278 views • 26 slides
The BINCOA Framework for Binary Code Analysis S ebastien Bardin, Philippe Herrmann, J er

The BINCOA Framework for Binary Code Analysis S ebastien Bardin, Philippe Herrmann, J er

The BINCOA Framework for Binary Code Analysis S ebastien Bardin, Philippe Herrmann, J er ome Leroux, Olivier Ly, Renaud Tabary, Aymeric Vincent CEA LIST (Saclay, Paris) LABRI (Bordeaux) 1/ 13 Binary code analysis 2/ 13 Binary code

149 views • 14 slides
Using Axe to Reason About Binary Code Eric Smith Kestrel Institute and Kestrel Technology

Using Axe to Reason About Binary Code Eric Smith Kestrel Institute and Kestrel Technology

Using Axe to Reason About Binary Code Eric Smith Kestrel Institute and Kestrel Technology ACL2 Workshop, May, 2017 Goal Lift binary code into logic JVM bytecode x86 binary code Then verify against a spec using Axe

276 views • 24 slides
INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Vulnerability Analysis on Smart Cards using Fault Tree Guillaume Bouffard Bhagyalekshmy N Thampi Jean-Louis Lanet Smart Secure Devices (SSD) Team

705 views • 39 slides
Automatic Synthesis of Fault Attack Resistant Cipher Implementations Chester Rebeiro IIT Madras

Automatic Synthesis of Fault Attack Resistant Cipher Implementations Chester Rebeiro IIT Madras

Automatic Synthesis of Fault Attack Resistant Cipher Implementations Chester Rebeiro IIT Madras Side Channel Analysis Electro magnetic Radiation Fault injection Power consumption Timing channels Preventing Side Channel Attacks is

468 views • 34 slides
Problem: Huffman Coding Def: binary character code = assignment of binary strings to characters

Problem: Huffman Coding Def: binary character code = assignment of binary strings to characters

Problem: Huffman Coding Def: binary character code = assignment of binary strings to characters e.g. ASCII code A = 01000001 fixed-length code B = 01000010 C = 01000011 How to decode: ? 01000001010000100100001101000001 Problem:

163 views • 13 slides
Problem: Huffman Coding Def: binary character code = assignment of binary strings to characters

Problem: Huffman Coding Def: binary character code = assignment of binary strings to characters

Problem: Huffman Coding Def: binary character code = assignment of binary strings to characters e.g. ASCII code A = 01000001 fixed-length code B = 01000010 C = 01000011 How to decode: ? 01000001010000100100001101000001 Problem:

348 views • 14 slides
vulnerability in urban area Olivier SANTONI FERDI AREQUIPA - May 2017 Risk assessment

vulnerability in urban area Olivier SANTONI FERDI AREQUIPA - May 2017 Risk assessment

Using GIS to assess hazard and vulnerability in urban area Olivier SANTONI FERDI AREQUIPA - May 2017 Risk assessment Hazard mapping Vulnerability mapping at city block scale - Population vulnerability - Physical vulnerability

287 views • 28 slides
Assessment of Vulnerability to Sea Level Rise and Recommended Mitigation Strategies for

Assessment of Vulnerability to Sea Level Rise and Recommended Mitigation Strategies for

Assessment of Vulnerability to Sea Level Rise and Recommended Mitigation Strategies for Pasquotank County Bobby Harris, Radha Patel, Neil Sullivan, Molly Fisher, and Cassy Karlsson Professor David Salvesen Vulnerability Mitigation

440 views • 40 slides
Hillsborough County MPO: Vulnerability Assessment and Adaptation Pilot Project Presented to:

Hillsborough County MPO: Vulnerability Assessment and Adaptation Pilot Project Presented to:

12/22/2014 Hillsborough County MPO: Vulnerability Assessment and Adaptation Pilot Project Presented to: Florida MPO Advisory Council January 22, 2015 1 Project background FHWA Pilot: Climate change vulnerability assessment and adaptation

563 views • 14 slides
Modeling Architectural Vulnerability Primary type of transient fault in modern CPUs is a

Modeling Architectural Vulnerability Primary type of transient fault in modern CPUs is a

Modeling Architectural Vulnerability Primary type of transient fault in modern CPUs is a single-bit flip due to cosmic rays Radioactive materials in chip packages are no longer a problemcan be shielded against, screened out Cosmic

238 views • 10 slides
Perturbation attack on modern CPUs, from the fault model to the exploitation Thomas TROUCHKINE 1 ,

Perturbation attack on modern CPUs, from the fault model to the exploitation Thomas TROUCHKINE 1 ,

Perturbation attack on modern CPUs, from the fault model to the exploitation Thomas TROUCHKINE 1 , Guillaume BOUFFARD 1,2 , Jessy CLDIRE 3 1 National Cybersecurity Agency of France (ANSSI) 2 Information Security Group, cole Normale

292 views • 28 slides
! The variable-length code is a prefix min f ( c ) d ( c ) code : no binary string is

! The variable-length code is a prefix min f ( c ) d ( c ) code : no binary string is

Coding ! Representing characters from some input alphabet using another alphabet . Example: input characters from the Latin Huffman Codes alphabet, output strings of binary digits. ! Fixed-length binary character code: for an input

326 views • 3 slides
Skiplist Timing Attack Vulnerability Eyal Nussbaum PhD Student, Communication Systems Engineering

Skiplist Timing Attack Vulnerability Eyal Nussbaum PhD Student, Communication Systems Engineering

Skiplist Timing Attack Vulnerability Eyal Nussbaum PhD Student, Communication Systems Engineering School of Electrical and Computer Engineering Ben-Gurion University of the Negev Advisor: Professor Michael Segal Talk Overview Introduction

203 views • 19 slides
On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

Physical Attacks New Attacks on Classical Countermeasures Extended Countermeasures On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 , Thomas ROCHE 1 , Adrian THILLARD 1 1 ANSSI (French Network and

358 views • 25 slides

More recommend