12 October 2016 - 10h00
Analyse de code et processus d’évaluation des composants sécurisés contre l’injection de faute (Phd Defense)
by Louis Dureuil from Vérimag-CEA
Abstract: Lasers, electronics glitches and electromagnetic pulses, bestow upon an
attacker the mysterious power to perturb the logic of operation of computing devices.
This surprising ability may be especially harmful to secure hardware such as smartcards. Against this threat, the security of such hardware is assessed by dedicated laboratories according to international norms and under the auspices of national agencies. This thesis explores the impact of fault injection, which is the consequence of perturbation attacks on the code executed by a hardware device, in the evaluation process. We develop a novel end-to-end approach to close the gap between the analysis of the code for vulnerability detection and the physical attacks that are performed in the evaluation process. The approach combines fault models extracted during physical attacks with a specifically designed evaluation tool to extract relevant vulnerabilities and rate their attack potential. Lastly, we study the impact on security of multiple fault attack, a technique that significantly boosts the attacker’s power by allowing several faults over the course of a single execution.
Keywords: Security; Vulnerabilities; Fault model; Dynamic analysis; Smartcard; Fault