The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
조회수
89
결함 공격에 대한 대응책을 개발하려면 공격자의 능력을 모델링하는 것이 중요합니다. 명령어 건너뛰기 모델은 소프트웨어에 대한 결함 공격에 대해 잘 연구된 실용적인 모델입니다. 반면, 명령어 건너뛰기 모델을 일반화한 명령어 대체 모델에 대한 연구는 거의 없다. 왜냐하면 명령어를 원하는 명령어로 대체하는 것이 어렵다고 생각되기 때문이다. 이전의 일부 연구에서는 성공적인 교육 대체가 보고되었습니다. 그러나 이러한 연구에서는 대체 결과를 통제할 수 없기 때문에 그러한 명령 대체는 실질적인 공격이 아니라고 결론지었습니다. 본 논문에서는 플래시 메모리에 레이저 조사를 이용한 제어 가능한 명령어 대체 기술의 개념을 제안한다. 제안된 기법의 타당성은 스마트카드형 ARM SC100 마이크로컨트롤러를 사용하여 실험적으로 입증되었다. 그리고 제안된 기법을 활용한 실제적인 암호시스템 공격을 연구한다. 대상 암호화 시스템은 소프트웨어 기반 오류 방지 대책과 함께 AES를 사용합니다. 우리는 결함 발생을 감지하기 위한 분기 명령과 같은 중요한 명령을 대체함으로써 기존의 명령 건너뛰기 방지 대책을 우회할 수 있음을 보여줍니다.
Junichi SAKAMOTO
Yokohama National University
Daisuke FUJIMOTO
Yokohama National University
Tsutomu MATSUMOTO
Yokohama National University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Junichi SAKAMOTO, Daisuke FUJIMOTO, Tsutomu MATSUMOTO, "Laser-Induced Controllable Instruction Replacement Fault Attack" in IEICE TRANSACTIONS on Fundamentals,
vol. E103-A, no. 1, pp. 11-20, January 2020, doi: 10.1587/transfun.2019CIP0028.
Abstract: To develop countermeasures against fault attacks, it is important to model an attacker's ability. The instruction skip model is a well-studied practical model for fault attacks on software. Contrastingly, few studies have investigated the instruction replacement model, which is a generalization of the instruction skip model, because replacing an instruction with a desired one is considered difficult. Some previous studies have reported successful instruction replacements; however, those studies concluded that such instruction replacements are not practical attacks because the outcomes of the replacements are uncontrollable. This paper proposes the concept of a controllable instruction replacement technique that uses the laser irradiation of flash memory. The feasibility of the proposed technique is demonstrated experimentally using a smartcard-type ARM SC100 microcontroller. Then, practical cryptosystem attacks that exploit the proposed technique are investigated. The targeted cryptosystems employ the AES with software-based anti-fault countermeasures. We demonstrate that an existing anti-instruction-skip countermeasure can be circumvented by replacing a critical instruction, e.g., a branch instruction to detect fault occurrence.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2019CIP0028/_p
부
@ARTICLE{e103-a_1_11,
author={Junichi SAKAMOTO, Daisuke FUJIMOTO, Tsutomu MATSUMOTO, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Laser-Induced Controllable Instruction Replacement Fault Attack},
year={2020},
volume={E103-A},
number={1},
pages={11-20},
abstract={To develop countermeasures against fault attacks, it is important to model an attacker's ability. The instruction skip model is a well-studied practical model for fault attacks on software. Contrastingly, few studies have investigated the instruction replacement model, which is a generalization of the instruction skip model, because replacing an instruction with a desired one is considered difficult. Some previous studies have reported successful instruction replacements; however, those studies concluded that such instruction replacements are not practical attacks because the outcomes of the replacements are uncontrollable. This paper proposes the concept of a controllable instruction replacement technique that uses the laser irradiation of flash memory. The feasibility of the proposed technique is demonstrated experimentally using a smartcard-type ARM SC100 microcontroller. Then, practical cryptosystem attacks that exploit the proposed technique are investigated. The targeted cryptosystems employ the AES with software-based anti-fault countermeasures. We demonstrate that an existing anti-instruction-skip countermeasure can be circumvented by replacing a critical instruction, e.g., a branch instruction to detect fault occurrence.},
keywords={},
doi={10.1587/transfun.2019CIP0028},
ISSN={1745-1337},
month={January},}
부
TY - JOUR
TI - Laser-Induced Controllable Instruction Replacement Fault Attack
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 11
EP - 20
AU - Junichi SAKAMOTO
AU - Daisuke FUJIMOTO
AU - Tsutomu MATSUMOTO
PY - 2020
DO - 10.1587/transfun.2019CIP0028
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E103-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2020
AB - To develop countermeasures against fault attacks, it is important to model an attacker's ability. The instruction skip model is a well-studied practical model for fault attacks on software. Contrastingly, few studies have investigated the instruction replacement model, which is a generalization of the instruction skip model, because replacing an instruction with a desired one is considered difficult. Some previous studies have reported successful instruction replacements; however, those studies concluded that such instruction replacements are not practical attacks because the outcomes of the replacements are uncontrollable. This paper proposes the concept of a controllable instruction replacement technique that uses the laser irradiation of flash memory. The feasibility of the proposed technique is demonstrated experimentally using a smartcard-type ARM SC100 microcontroller. Then, practical cryptosystem attacks that exploit the proposed technique are investigated. The targeted cryptosystems employ the AES with software-based anti-fault countermeasures. We demonstrate that an existing anti-instruction-skip countermeasure can be circumvented by replacing a critical instruction, e.g., a branch instruction to detect fault occurrence.
ER -