Characterising a CPU fault attack model via run-time data analysis. / Kelly, Martin; Mayes, Keith; Walker, John F.

2017. 1-6 Paper presented at IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, United States.

Research output: Contribution to conferencePaper

Published

Standard

Characterising a CPU fault attack model via run-time data analysis. / Kelly, Martin; Mayes, Keith; Walker, John F.

2017. 1-6 Paper presented at IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, United States.

Research output: Contribution to conferencePaper

Harvard

Kelly, M, Mayes, K & Walker, JF 2017, 'Characterising a CPU fault attack model via run-time data analysis' Paper presented at IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, United States, 1/05/17 - 4/05/17, pp. 1-6. https://doi.org/10.1109/HST.2017.7951802

APA

Kelly, M., Mayes, K., & Walker, J. F. (2017). Characterising a CPU fault attack model via run-time data analysis. 1-6. Paper presented at IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, United States. https://doi.org/10.1109/HST.2017.7951802

Vancouver

Kelly M, Mayes K, Walker JF. Characterising a CPU fault attack model via run-time data analysis. 2017. Paper presented at IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, United States. https://doi.org/10.1109/HST.2017.7951802

Author

Kelly, Martin ; Mayes, Keith ; Walker, John F. / Characterising a CPU fault attack model via run-time data analysis. Paper presented at IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, United States.6 p.

BibTeX

@conference{b06677ac50e6479cbfd2e796edd91f8b,
title = "Characterising a CPU fault attack model via run-time data analysis",
abstract = "Effective software defences against errors created by fault attacks need to anticipate the probable error response of the target micro-controller. The range of errors and their probability of occurrence is referred to as the Fault Model. Software defences are necessarily a compromise between the impact of an error, its likelihood of occurrence, and the cost of the defence in terms of code size and execution time. In this work we first create a fault insertion system and then use it to demonstrate a technique for precisely triggering and capturing individual error responses within a running micro-controller. This enables a more realistic calibration of a micro-controller's fault model. We apply the system to a representative micro-controller and the results show that error insertion is far more predictable than anticipated, and is consistent over a wide range of experimental tolerances. This observation undermines some widely deployed software defences recommended for fault attack protection.",
keywords = "fault model, fault attack, smart card, test rig, micro controller, fault injection, laser pulse, software defence, defensive code, low power, flag corruption, chip surface, hardware defence",
author = "Martin Kelly and Keith Mayes and Walker, {John F.}",
year = "2017",
doi = "10.1109/HST.2017.7951802",
language = "English",
pages = "1--6",
note = "IEEE International Symposium on Hardware Oriented Security and Trust (HOST), HOST ; Conference date: 01-05-2017 Through 04-05-2017",
url = "http://www.hostsymposium.org/",

}

RIS

TY - CONF

T1 - Characterising a CPU fault attack model via run-time data analysis

AU - Kelly, Martin

AU - Mayes, Keith

AU - Walker, John F.

PY - 2017

Y1 - 2017

N2 - Effective software defences against errors created by fault attacks need to anticipate the probable error response of the target micro-controller. The range of errors and their probability of occurrence is referred to as the Fault Model. Software defences are necessarily a compromise between the impact of an error, its likelihood of occurrence, and the cost of the defence in terms of code size and execution time. In this work we first create a fault insertion system and then use it to demonstrate a technique for precisely triggering and capturing individual error responses within a running micro-controller. This enables a more realistic calibration of a micro-controller's fault model. We apply the system to a representative micro-controller and the results show that error insertion is far more predictable than anticipated, and is consistent over a wide range of experimental tolerances. This observation undermines some widely deployed software defences recommended for fault attack protection.

AB - Effective software defences against errors created by fault attacks need to anticipate the probable error response of the target micro-controller. The range of errors and their probability of occurrence is referred to as the Fault Model. Software defences are necessarily a compromise between the impact of an error, its likelihood of occurrence, and the cost of the defence in terms of code size and execution time. In this work we first create a fault insertion system and then use it to demonstrate a technique for precisely triggering and capturing individual error responses within a running micro-controller. This enables a more realistic calibration of a micro-controller's fault model. We apply the system to a representative micro-controller and the results show that error insertion is far more predictable than anticipated, and is consistent over a wide range of experimental tolerances. This observation undermines some widely deployed software defences recommended for fault attack protection.

KW - fault model, fault attack, smart card, test rig, micro controller, fault injection, laser pulse, software defence, defensive code, low power, flag corruption, chip surface, hardware defence

U2 - 10.1109/HST.2017.7951802

DO - 10.1109/HST.2017.7951802

M3 - Paper

SP - 1

EP - 6

ER -