Advisors : Laurent Mounier, Marie-Laure Potet
Laurent.Mounier imag.fr, Marie-Laure.Potet imag.fr
Key words: security, smart card, vulnerability analysis, code analysis, fault attacks
Fault attacks are considered as a major threat for smart card security. They consist in modifying the card memory (i.e., the code or data parts of an application) in order to change their behaviour to reveal sensible or confidential information to the attackers. Such attacks can be achieved by enlightening a targeted transistor with a laser, performing power spikes or heating up the card. Evaluating the robustness of an application against fault attacks is currently performed by security experts and implies knowledge in many fields such as coding, computer hardware, cryptography, physics and chemistry.
The aim of this MR subject is to propose some automated techniques for helping the security experts regarding sensitivity of application codes against fault injection. The objective is to develop code analysis techniques in order to identify the most vulnerable (and less protected) execution paths of a smart-card application, and the way these paths can be attacked (where to perform a code modification). A preliminary study has been conducted for a restricted class of laser attacks consisting in inverting test conditions (to change the execution flow). Based on sensitive instructions, we developed a structural analysis of the CFG (control flow graph) that has been implemented into the Lazard tool.
The purpose of this subject is to develop an approach dedicated to fault attacks consisting in forcing/avoiding some code executions by modifying the target of a goto or jump statement. Based on the code structure and some sensitive instructions, the aim will be to exhibit which jumps must be attacked. The proposed approach could be inspired by the one developped for fault attack consisting in inverting test condition.
Working plan and expected results:
- a study of fault attacks by goto/jump target modification
- a proposal, based on static analysis, allowing to characterise sensible paths
- evaluation of the impact of classical counter-measures (data and control flow integrity)
- a prototype implementing the proposed apporach
- an evaluation of the proposed approach on realistic robuste code
This work will take place in Verimag/DCS team, which owns a large expertise in terms of security and code analysis. DCS team is, in particular, involved in the new BinSec ANR project (Binary-level Security). Research dedicated to vulnerabilities against fault attacks is led in collaboration with the CEA and in the SCOPAS MSTIC project.
This MR subject is well suited for students interested by security and code analysis. It will allows to discover the field of smart cards and devices for which a high level of protection is required. This subject will also give the opportunity to interact with our academic and industrial partners in this topic. This works could be followed by a PhD proposal.