Skip navigation

DSpace

機構典藏 DSpace 系統致力於保存各式數位資料(如:文字、圖片、PDF)並使其易於取用。

點此認識 DSpace
DSpace logo
English
中文
  • 瀏覽論文
    • 校院系所
    • 出版年
    • 作者
    • 標題
    • 關鍵字
  • 搜尋 TDR
  • 授權 Q&A
    • 我的頁面
    • 接受 E-mail 通知
    • 編輯個人資料
  1. NTU Theses and Dissertations Repository
  2. 電機資訊學院
  3. 電信工程學研究所
請用此 Handle URI 來引用此文件: http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/94207
完整後設資料紀錄
DC 欄位值語言
dc.contributor.advisor黃俊郎zh_TW
dc.contributor.advisorJiun-Lang Huangen
dc.contributor.author陳俊宇zh_TW
dc.contributor.authorChun-Yu Chenen
dc.date.accessioned2024-08-15T16:13:30Z-
dc.date.available2024-08-16-
dc.date.copyright2024-08-15-
dc.date.issued2024-
dc.date.submitted2024-08-06-
dc.identifier.citation[1] S. P. Skorobogatov and R. J. Anderson, “Optical fault induction attacks,” Proceedings of Cryptographic Hardware and Embedded Systems (CHES), 2002, pp. 2–12.
[2] K. Matsuda et al., “An IC-level countermeasure against laser fault injection attack by information leakage sensing based on laser-induced opto-electric bulk current density,” Japanese Journal of Applied Physics, vol. 59, no. SGGL02, 2020.
[3] N. Moro, K. Heydemann, E. Encrenaz, and B. Robisson, “Formal verification of a software countermeasure against instruction skip attacks,” Journal of Cryptographic Engineering., vol. 4, no. 3, 2014, pp. 145–156.
[4] S. Sayeed, H. Marco-Gisbert, I. Ripoll, and M. Birch, “Control-flow integrity: Attacks and protections,” Applied Sciences, vol. 9, issue 20, no. 4229, 2019.
[5] T. Barry, D. Couroussé, and B. Robisson, “Compilation of a countermeasure against instruction-skip fault attacks,” Proceedings of the Third Workshop on Cryptography and Security in Computing Systems, 2016.
[6] N. Oh, P. P. Shirvani, and E. J. McCluskey, “Error detection by duplicated instructions in super-scalar processors,” IEEE Transactions on Reliability, vol. 51, no. 1, 2002, pp. 63–75.
[7] N. Oh, P. P. Shirvani, and E. J. McCluskey, “Control-flow checking by software signatures,” IEEE transactions on Reliability, vol. 51, no. 1, 2002, pp. 111–122.
[8] J. Balasch, B. Gierlichs, and I. Verbauwhede, “An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs,” Workshop on Fault Diagnosis and Tolerance in Cryptography, 2011.
[9] A. Dehbaoui, J.-M. Dutertre, B. Robisson, and A. Tria, “Electromagnetic transient faults injection on a hardware and a software implementations of AES,” Workshop on Fault Diagnosis and Tolerance in Cryptography, 2012.
[10] A. Barenghi, G. M. Bertoni, L. Breveglieri, M. Pelliccioli, and G. Pelosi, “Injection technologies for fault attacks on microprocessors,” Information Security and Cryptography, 2012, pp. 275–293.
[11] E. Trichina and R. Korkikyan, “Multi fault laser attacks on protected CRT-RSA,” Workshop on Fault Diagnosis and Tolerance in Cryptography, 2010.
[12] J. Breier and X. Hou, “How practical are fault injection attacks, really?,” IEEE Access, vol. 10, 2002, pp. 113122–113130.
[13] J.-M. Dutertre, A.-P. Mirbaha, D. Naccache, A.-L. Ribotta, A. Tria, and T. Vaschalde, “Fault Round Modification Analysis of the advanced encryption standard,” IEEE International Symposium on Hardware-Oriented Security and Trust, 2012.
[14] H. Choukri and M. Tunstall, “Round reduction using faults,” Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2005.
[15] J. Park, “Differential fault analysis for round-reduced AES by fault injection,” ETRI Journal, vol. 33, no. 3, 2011, pp. 434–442.
[16] J. Breier, D. Jap, and C.-N. Chen, “Laser profiling for the back-side fault attacks: With a practical laser skip instruction attack on AES,” Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, 2015.
[17] J. Takahashi, T. Fukunaga, and K. Yamakoshi, “DFA mechanism on the AES key schedule,” Workshop on fault diagnosis and tolerance in cryptography (FDTC), 2007.
[18] C. H. Kim, “Improved differential fault analysis on AES key schedule,” IEEE transactions on information forensics and security, vol. 7, no. 1, 2012, pp. 41–50.
[19] N. Timmers, A. Spruyt, and M. Witteman, “Controlling PC on ARM using fault injection,” Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2016.
[20] J.-M. Dutertre, A. Menu, O. Potin, J.-B. Rigaud, and J.-L. Danger, “Experimental analysis of the electromagnetic instruction skip fault model and consequences for software countermeasures,” Microelectronics Reliability, vol. 121, no. 114133, 2021.
[21] L. Riviere, Z. Najm, P. Rauzy, J.-L. Danger, J. Bringer, and L. Sauvage, “High precision fault injections on the instruction cache of ARMv7-M architectures,” IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2015.
[22] Jendral, Sönke. "A Single Trace Fault Injection Attack on Hedged CRYSTALS-Dilithium." Cryptology ePrint Archive, 2024; https://eprint.iacr.org/2024/238.
[23] M. Tunstall, D. Mukhopadhyay, and S. Ali, “Differential fault analysis of the advanced encryption standard using a single fault,” Information Security Theory and Practice, 2011, pp. 224–233.
[24] A. Barenghi, G. M. Bertoni, L. Breveglieri, M. Pellicioli, and G. Pelosi, “Low voltage fault attacks to AES,” IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2010.
[25] A. Moradi, M. T. M. Shalmani, and M. Salmasizadeh, “A generalized method of differential fault attack against AES cryptosystem,” Proceedings of Cryptographic Hardware and Embedded Systems (CHES), 2006, pp. 91–100.
[26] P. Ravi, B. Yang, S. Bhasin, F. Zhang, and A. Chattopadhyay, “Fiddling the twiddle constants - fault injection analysis of the number theoretic transform,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2023, no. 2, 2023, pp. 447–481.
[27] P. Ravi, “Number ‘not used’ once-practical fault attack on pqm4 implementations of NIST candidates,” Constructive Side-Channel Analysis and Secure Design: 10th International Workshop, COSADE 2019, vol. 10, 2019.
[28] P. Pessl and L. Prokop, “Fault attacks on CCA-secure lattice KEMs,” IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021, pp. 37–60.
[29] P. Ravi, S. Bhasin, S. S. Roy, and A. Chattopadhyay, “Drop by drop you break the rock - Exploiting generic vulnerabilities in lattice-based PKE/KEMs using EM-based physical attacks,” Cryptology ePrint Archive; https://eprint.iacr.org/2020/549
[30] C. Fetzer, U. Schiffel, and M. Süßkraut, “AN-encoding compiler: Building safety-critical systems with commodity hardware,” International Conference on Computer Safety, Reliability, and Security (SAFECOMP), 2009, pp. 283–296.
[31] C. Wang, H.-S. Kim, Y. Wu, and V. Ying, “Compiler-managed software-based redundant multi-threading for transient fault detection,” International Symposium on Code Generation and Optimization, 2007, pp. 244–256.
[32] S. K. Reinhardt and S. S. Mukherjee, “Transient fault detection via simultaneous multithreading,” Proceedings of 27th International Symposium on Computer Architecture, 2002.
[33] J.-M. Vanthanh and J.-L. Dutertre, “Software countermeasures against the multiple instructions skip fault model,” Microelectronics Reliability, vol. 155, 2024.
[34] J. Proy, K. Heydemann, A. Berzati, and A. Cohen, “Compiler-assisted loop hardening against fault attacks,” ACM Transactions on Architecture and Code Optimization (TACO), vol. 14, no. 4, 2017, pp. 1–25.
[35] M. B. Petersen, “Ripes: A Visual Computer Architecture Simulator,” ACM/IEEE Workshop on Computer Architecture Education (WCAE), 2021.
[36] Kokke et al. “Tiny-AES-C: Small Portable AES128/192/256 in C.” 2019; github.com/kokke/tiny-AES-c.
[37] Gregor Seiler et al. “PQ-Crystals/Kyber.” 2024; github.com/pq-crystals/kyber.
[38] C. Lattner and V. Adve, “LLVM: A compilation framework for lifelong program analysis & transformation,” International Symposium on Code Generation and Optimization, 2004.
[39] W. Hu, A. Ardeshiricham, and R. Kastner, “Hardware information flow tracking,” ACM Computing Survey., vol. 54, no. 4, 2022, pp. 1–39.
[40] L. M. Reimann, L. Hanel, D. Sisejkovic, F. Merchant, and R. Leupers, “QFlow: Quantitative information flow for security-aware hardware design in verilog,” IEEE 39th International Conference on Computer Design (ICCD), 2021.		-
dc.identifier.urihttp://tdr.lib.ntu.edu.tw/jspui/handle/123456789/94207-
dc.description.abstract故障注入攻擊對嵌入式系統中密碼程式的安全性構成了重大威脅。現有研究提出了基於時間冗餘的保護措施,然而,此方法帶來了顯著的程式大小與執行速度上的開銷。本論文提出了一種新穎的方法,通過選擇性故障檢測機制來增強密碼程式的安全性,並且利用編譯器技術自動應用保護措施。
我們提出的方法包括「複製並比較」(Duplication With Comparison, DWC)機制,該機制透過複製關鍵指令並比較其結果來檢測並應對單一指令跳過故障。DWC機制在檢測到故障後執行使用者定義的對應措施,以防止進一步的故障注入攻擊。此外,我們提出了基於敏感度的選擇性保護方案,識別並保護與核心敏感變數相關的脆弱指令。這種方法在保持高度安全性的同時,大幅減少了開銷。
實驗結果表明,我們所提出的方法能夠精準地保護易受故障注入攻擊的指令,與現有保護措施相比,減少了程式大小和執行速度開銷,並且適用於AES和CRYSTALS-Kyber等密碼演算法程式,證明了此法是輕量且通用的密碼程式保護措施。		zh_TW
dc.description.abstractFault Injection Attacks (FIAs) pose a significant threat to the security of cryptographic programs in embedded systems. Existing work has proposed time redundancy-based countermeasures, which introduce significant code size and performance overhead. This research introduces a novel approach to enhancing the security of cryptographic programs through selective fault detection mechanisms, utilizing compiler techniques to automatically apply protection measure.
Our proposed method includes the Duplication With Comparison (DWC) mechanism, designed specifically to detect and respond to single instruction skip faults by duplicating critical instructions and comparing their outcomes. Upon detecting a fault, the DWC mechanism executes user-defined response actions to prevent further fault injection attacks. Additionally, we introduce a Sensitivity-based selective protection scheme, which identifies and protects the most vulnerable instructions related to the Core Sensitive Variable. This approach minimizes performance overhead while maintaining robust security across different cryptographic algorithms, including AES and CRYSTALS-Kyber.
Experimental results demonstrate that the proposed method effectively protects critical instructions and reduces code size and performance overhead compared to existing countermeasures. This thesis highlights the potential of the proposed method to provide lightweight, generalizable protection for a wide range of cryptographic programs.		en
dc.description.provenanceSubmitted by admin ntu (admin@lib.ntu.edu.tw) on 2024-08-15T16:13:30Z
No. of bitstreams: 0		en
dc.description.provenanceMade available in DSpace on 2024-08-15T16:13:30Z (GMT). No. of bitstreams: 0en
dc.description.tableofcontents致謝 i
摘要 ii
Abstract iii
Chapter 1 Introduction 1
1.1 Importance of Microcontroller Units (MCUs) Security 1
1.2 Security Threat to MCUs: Fault Injection Attacks 1
1.3 Countermeasures Against Fault Injection Attacks 2
1.5 Motivation 3
1.6 Contribution 4
Chapter 2 Preliminaries 6
2.1 Fault Injection Attacks 6
2.1.1 Introduction of Fault Injection Attack 6
2.1.2 Fault Injection 6
2.2 Time Redundancy-Based Countermeasure 9
2.2.1 Fault Tolerent Mechnism 9
2.2.2 Overhead of Different Protection Schemes 10
2.3 Information Flow Analysis 11
2.4 Compiler-Assisted Software Protection 11
2.5 LLVM 12
Chapter 3 Proposed Software Countermeasure 13
3.1 Overview of Improved Countermeasure 13
3.2 DWC Fault Detection Mechanism 14
3.2.1 Overview of DWC Mechanism 14
3.2.2 DWC Mechanism – Register Operation 14
3.2.3 DWC Mechanism – Memory Operation 17
3.2.4 DWC Mechanism – Unconditional Jump 18
3.2.5 DWC Mechanism – Conditional Branch 20
3.2.6 Limitation of DWC Mechanism 24
3.3 Selective Protection Scheme 25
3.3.1 Overview Selective Protection Scheme 25
3.3.2 The Choice of Core Sensitive Variable 26
3.3.3 Define the Sentisivity of a Variable 26
3.3.4 Control Protection Scope with Protection Depth 27
Chapter 4 Implementation 28
4.1 Implementation Overview 28
4.2 Implemented Compilation Flow 30
Chapter 5 Experimental Results 32
5.1 Overview of Experimental Evaluation 32
5.2 Experiment on AES-128 Encryption 33
5.2.1 Experimental Setup 33
5.2.2 Protection Scope Evaluation 33
5.2.3 Overhead Evaluation 35
5.3 Experiment on CRYSTALS-Kyber-512 Key Generation 36
5.3.1 Experimental Setup 36
5.3.2 Protection Scope Evaluation 37
5.3.3 Overhead Evaluation 39
Chapter 6 Conclusion and Future Work 40
6.1 Conclusion 40
6.2 Future Work 41
References 43		-
dc.language.isoen-
dc.title以選擇性故障檢測增強密碼程式安全性zh_TW
dc.titleEnhancing the Security of Cryptographic Programs with Selective Fault Detectionen
dc.typeThesis-
dc.date.schoolyear112-2-
dc.description.degree碩士-
dc.contributor.oralexamcommittee黃炫倫;張益興;呂學坤;李進福zh_TW
dc.contributor.oralexamcommitteeXuan-Lun Huang;Yi-Shing Chang;Shyue-Kung Lu;Jin-Fu Lien
dc.subject.keyword硬體安全,故障注入攻擊,防禦措施,冗餘,軟體故障檢測,編譯器,zh_TW
dc.subject.keywordHardware Security,Fault Injection Attack,Countermeasures,Redundancy,Software Fault Detection,Compiler,en
dc.relation.page46-
dc.identifier.doi10.6342/NTU202403485-
dc.rights.note同意授權(全球公開)-
dc.date.accepted2024-08-09-
dc.contributor.author-college電機資訊學院-
dc.contributor.author-dept電信工程學研究所-
dc.date.embargo-lift2029-08-05-
顯示於系所單位:電信工程學研究所

文件中的檔案:
檔案 大小格式 
ntu-112-2.pdf
  此日期後於網路公開 2029-08-05		1.77 MBAdobe PDF
顯示文件簡單紀錄


系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。

社群連結
聯絡資訊
10617臺北市大安區羅斯福路四段1號
No.1 Sec.4, Roosevelt Rd., Taipei, Taiwan, R.O.C. 106
Tel: (02)33662353
Email: ntuetds@ntu.edu.tw
意見箱
相關連結
館藏目錄
國內圖書館整合查詢 MetaCat
臺大學術典藏 NTU Scholars
臺大圖書館數位典藏館
本站聲明
© NTU Library All Rights Reserved