以選擇性故障檢測增強密碼程式安全性

Abstract

故障注入攻擊對嵌入式系統中密碼程式的安全性構成了重大威脅。現有研究提出了基於時間冗餘的保護措施，然而，此方法帶來了顯著的程式大小與執行速度上的開銷。本論文提出了一種新穎的方法，通過選擇性故障檢測機制來增強密碼程式的安全性，並且利用編譯器技術自動應用保護措施。 我們提出的方法包括「複製並比較」(Duplication With Comparison, DWC)機制，該機制透過複製關鍵指令並比較其結果來檢測並應對單一指令跳過故障。DWC機制在檢測到故障後執行使用者定義的對應措施，以防止進一步的故障注入攻擊。此外，我們提出了基於敏感度的選擇性保護方案，識別並保護與核心敏感變數相關的脆弱指令。這種方法在保持高度安全性的同時，大幅減少了開銷。 實驗結果表明，我們所提出的方法能夠精準地保護易受故障注入攻擊的指令，與現有保護措施相比，減少了程式大小和執行速度開銷，並且適用於AES和CRYSTALS-Kyber等密碼演算法程式，證明了此法是輕量且通用的密碼程式保護措施。

Fault Injection Attacks (FIAs) pose a significant threat to the security of cryptographic programs in embedded systems. Existing work has proposed time redundancy-based countermeasures, which introduce significant code size and performance overhead. This research introduces a novel approach to enhancing the security of cryptographic programs through selective fault detection mechanisms, utilizing compiler techniques to automatically apply protection measure. Our proposed method includes the Duplication With Comparison (DWC) mechanism, designed specifically to detect and respond to single instruction skip faults by duplicating critical instructions and comparing their outcomes. Upon detecting a fault, the DWC mechanism executes user-defined response actions to prevent further fault injection attacks. Additionally, we introduce a Sensitivity-based selective protection scheme, which identifies and protects the most vulnerable instructions related to the Core Sensitive Variable. This approach minimizes performance overhead while maintaining robust security across different cryptographic algorithms, including AES and CRYSTALS-Kyber. Experimental results demonstrate that the proposed method effectively protects critical instructions and reduces code size and performance overhead compared to existing countermeasures. This thesis highlights the potential of the proposed method to provide lightweight, generalizable protection for a wide range of cryptographic programs.