Master Thesis: Compiler-Assisted Integrity against Fault Injection Attacks

Master Thesis: Compiler-Assisted Integrity against Fault Injection Attacks

2015-01-22

In 2014 I wrote my Master's Thesis on this topic at the IAIK (University of Technology Graz).

Abstract: Fault injection attacks are physical attacks against electronic devices where physical effects are used to manipulate data or signals. These attacks can bypass security mechanisms or unveil secret data which is processed by the device. Hardware- or software-based countermeasures can mitigate these attacks. While it is hard to modify pre-existing hardware, software-based countermeasures are more flexible. Software-based countermeasures can be applied to critical parts of the code which leads to less overhead. Applying software-based countermeasures manually is error-prone and complex. Hence, it is advantageous to use a compiler to apply these countermeasures automatically. Source code annotations can be used to distinguish important and unimportant code to keep the performance penalty to a minimum.

This work discusses compiler-assisted countermeasures against fault injection attacks. Since software-based countermeasures cannot prevent fault injection attacks, the aim is to detect them. Fault injection attacks can be detected by storing data redundantly and processing the data redundantly. From a theoretical standpoint, the following five different methods are discussed: checksums, simple duplication, complementary redundancy, masking, and verification of computations. Simple duplication and complementary redundancy were also practically realized using the LLVM compiler toolchain. Introducing redundancy to a compiler is a constant fight as the compiler aims at removing redundant code.

To verify the applied countermeasures, the effectiveness of the applied countermeasures was analyzed using a simulator of the ARM Cortex-M0+ which was extended to simulate fault injection attacks. Performing 829896 different bit-flip attacks to the unprotected test programs results in 64698 successful attacks (7.8 %). Simple duplication reduces the number of successful attacks to 328 of 1887768 attacks (0.0174%). Complementary redundancy reduces the number of possible attacks to 32 of 2285016 attacks (0.0014%). These promising results lay the foundation for further research in the field of compiler-assisted countermeasures against fault injection attacks.

Download Master's Thesis: masterthesis.pdf (768 KiB)

Bibtex: masterthesis.bib (1 KiB)

Upon request, I am providing the patches to the clang, the patches to the llvm, and my llvm passes here. Please note, that this project was developed as a proof-of-concept. It was never intended to be integrated into a final product.