This page shows a list of my scientific publications in the field of embedded systems security. They have been written during my years of PhD.
Journals with peer-reviewing
- Journal of Cryptographic Engineering 2014
Formal verification of a software countermeasure against instruction skip attacks
Nicolas Moro, Karine Heydemann, Emmanuelle Encrenaz, Bruno RobissonPreliminary version Bibtex reference Article on IACR ePrint Published version Fault attacks against embedded circuits enabled to define many new attack paths against secure circuits. Every attack path relies on a specific fault model which defines the type of faults that the attacker can perform. On embedded processors, a fault model in which an attacker is able to skip an assembly instruction is practical and has been obtained by using several fault injection means. To handle this issue, some countermeasure schemes which rely on temporal redundancy have been proposed. Nevertheless, double fault injection in a long enough time interval is practical and can bypass those countermeasure schemes. Some fine-grained other countermeasure schemes have been proposed for specific instructions. However, to the best of our knowledge, no approach that enables to secure a generic assembly program in order to make it fault-tolerant to instruction skip attacks has been formally proven yet. In this paper, we provide a fault-tolerant replacement sequence for every instruction of the whole Thumb2 instruction set and provide a formal proof of this fault tolerance. This simple transformation enables to add a reasonably good security level to an embedded program and makes practical fault injection attacks much harder to achieve.
International conferences with proceedings
- IEEE HOST 2014 (IEEE International Symposium on Hardware-Oriented Security and Trust)
Experimental evaluation of two software countermeasures against fault attacks
Nicolas Moro, Karine Heydemann, Amine Dehbaoui, Bruno Robisson, Emmanuelle Encrenaz
Preliminary version Presentation Bibtex reference Published version Injection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection with glitches or electromagnetic pulses could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller. We provide some necessary conditions for an efficient implementation of those countermeasure schemes in practice. We also evaluate their efficiency and highlight their limitations. To the best of our knowledge, no experimental evaluation of the security of such instruction-level countermeasure schemes has been published yet.
- FDTC 2013 (10th Workshop on Fault Diagnosis and Tolerance in Cryptography)
Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller
Nicolas Moro, Amine Dehbaoui, Karine Heydemann, Bruno Robisson, Emmanuelle Encrenaz
Preliminary version Presentation Bibtex reference Published version Injection of transient faults as a way to attack cryptographic implementations has been largely studied in the last decade. Several attacks that use electromagnetic fault injection against hardware or software architectures have already been presented. On microcontrollers, electromagnetic fault injection has mostly been seen as a way to skip assembly instructions or subroutine calls. However, to the best of our knowledge, no precise study about the impact of an electromagnetic glitch fault injection on a microcontroller has been proposed yet. The aim of this paper is twofold: providing a more in-depth study of the effects of electromagnetic glitch fault injection on a state-of-the-art microcontroller and building an associated register-transfer level fault model.
- PROOFS 2013 (2nd Workshop on Security Proofs for Embedded Systems)
Formal verification of a software countermeasure against instruction skip attacks
Karine Heydemann, Nicolas Moro, Emmanuelle Encrenaz, Bruno Robisson
An extended version of this article has been published in the Journal of Cryptographic Engineering.Full version Presentation Fault attacks against embedded circuits enabled to define many new attack paths against secure circuits. Every attack path relies on a specific fault model which defines the type of faults that the attacker can perform. On embedded processors, a fault model in which an attacker is able to skip an assembly instruction is practical and has been obtained by using several fault injection means. To handle this issue, some countermeasure schemes which rely on temporal redundancy have been proposed. Nevertheless, double fault injection in a long enough time interval is practical and can bypass those countermeasure schemes. Some fine-grained other countermeasure schemes have been proposed for specific instructions. However, to the best of our knowledge, no approach that enables to secure a generic assembly program in order to make it fault-tolerant to instruction skip attacks has been formally proven yet. In this paper, we provide a fault-tolerant replacement sequence for every instruction of the whole Thumb2 instruction set and provide a formal proof of this fault tolerance. This simple transformation enables to add a reasonably good security level to an embedded program and makes practical fault injection attacks much harder to achieve.
- COSADE 2013 (3rd Workshop on Constructive Side-channel Analysis and Secure Design)
Electromagnetic glitch on the AES Round Counter
Amine Dehbaoui, Amir-Pasha Mirbaha, Nicolas Moro, Jean-Max Dutertre, Assia TriaPreliminary version Presentation Bibtex reference Published version This article presents a Round Addition Analysis on a software implementation of the Advanced Encryption Standard AES algorithm. The round keys are computed on-the-fly during each encryption. A non-invasive transient fault injection is achieved on the AES round counter. The attack is performed by injecting a very short electromagnetic glitch on a 32-bit microcontroller based on the ARM Cortex-M3 processor. Using this experimental setup, we are able to disrupt the round counter increment at the end of the penultimate round and execute one additional round. This faulty execution enables us to recover the encryption key with only two pairs of corresponding correct and faulty ciphertexts.
Workshops without proceedings
- TRUDEVICE 2014 (EU-COST IC1204 – Trustworthy Manufacturing and Utilization of Secure Devices)
Fault attacks on two software countermeasures
This article is a shortened version of the article presented at the IEEE HOST 2014 Symposium.
Short article Présentation
- Chip-to-Cloud Security Forum 2013
Electromagnetic fault injection on microcontrollersPresentation
- Crypto’Puces 2013
Attaques par injection de fautes sur microcontrôleur et contre-mesures au niveau du code embarquéAbstract Presentation