Abstract :

Digital systems may contain sensitive information that can be effectively protected through cryptographic algorithms, usually implemented in software on an embedded microprocessor. Such implementations, however, might be vulnerable to attacks that aim at extracting this sensitive information, in particular when these attacks do not require years of computations to break an algorithm, and here, physical attacks can take place. Fault injection is an effective physical attack, belonging to the family of active attacks. In this setting, the attacker has physical access to the digital device or its surrounding environment, and will try to change the normal behavior of the device by injecting one or more faults, then observing the erroneous behavior. The resulting fault or faults may lead to an interesting behavior that could be further exploited as a vulnerability.

Several research studies have been conducted to characterize the faults at the instruction set architecture (ISA) level to propose usable fault models, which are the abstract  representations of the underlying physical phenomena: in order to build efficient countermeasures against fault attacks, realistic fault models are required. The choice of ISA level is due to the fact that this can be considered as the focal point for bringing high (software) and low (hardware) levels of abstraction together. The majority of the proposed fault models, in fact, describe the effects on the instruction itself : for this reason, instruction skip and instruction corruption are the most used models. All these works described the instruction corruption with respect to the targeted instruction itself, without taking into consideration any additional constraints. And most importantly, several observed effects still remained unexplained.

We believe that this work can explain the rationale behind several of the inferred fault models in previous works, and also help in explaining most of the unexplained faulty behaviors. To our knowledge, there is no research that takes into consideration whether the targeted ISA supports variable-length instructions or not, nor uses this knowledge to explain the obtained results. In particular, they never consider whether the instruction bits fetched from the memory are corresponding to complete instructions or not, as the fetch size is always fixed while the ISA maysupport variable-length instructions. How such information can be exploited in a security application, or taken into account when designing countermeasures has never been discussed either.
In this presentation, we present two new inferred fault models: skip 32 bits, and skip & repeat 32 bits that are applied on the encoding of the instructions. These two models allow us to explain a wide range of the obtained faulty behaviors at the ISA level,regardless of the targeted instructions. This allows providing proper characterization for the effects of the observed faulty behaviors. Also, we show how the faulty behaviors will differ depending on the alignment of the code in memory. In other words, the difference relies on the fact of whether the fetched 32 bits correspond to the same instruction or not. Finally, we provide various examples to violate a predefined security property in a specific program by exploiting the obtained results.