Verifying Redundant-Check Based Countermeasures: A Case Study

Thibault Martin; Nikolai Kosmatov; Virgile Prevosto

doi:10.1145/3477314.3507341

Verifying Redundant-Check Based Countermeasures: A Case Study

Thibault Martin
, Nikolai Kosmatov
, Virgile Prevosto

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

To thwart fault injection based attacks on critical embedded systems, designers of sensitive software use redundancy based countermeasure schemes. In some of these schemes, critical checks (i.e. conditionals) in the code are duplicated to ensure that an attacker cannot bypass such a check by flipping its result in order to get to a protected point (corresponding e.g. to a successful authentication or code integrity verification). This short paper presents a source-code-level verification technique of the correct implementation of such countermeasures. It is based on code instrumentation and deductive verification. The proposed technique was implemented in a tool prototype and evaluated on a real-life case study: the bootloader module of a secure USB storage device called WooKey, supposed to be resistant to fault injection attacks. We were able to prove the correctness of almost all redundant-check countermeasures in the module except two, and found an error in one of the unproven ones.

langue originale	Anglais
titre	Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022
Editeur	Association for Computing Machinery
Pages	1849-1852
Nombre de pages	4
ISBN (Electronique)	9781450387132
Les DOIs	https://doi.org/10.1145/3477314.3507341
état	Publié - 25 avr. 2022
Modification externe	Oui
Evénement	37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022 - Virtual, Online Durée: 25 avr. 2022 → 29 avr. 2022

Série de publications

Nom	Proceedings of the ACM Symposium on Applied Computing

Une conférence

Une conférence	37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022
La ville	Virtual, Online
période	25/04/22 → 29/04/22

Accès au document

10.1145/3477314.3507341

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

@inproceedings{f626f30cf5c94caba414f046021a9c5b,

title = "Verifying Redundant-Check Based Countermeasures: A Case Study",

abstract = "To thwart fault injection based attacks on critical embedded systems, designers of sensitive software use redundancy based countermeasure schemes. In some of these schemes, critical checks (i.e. conditionals) in the code are duplicated to ensure that an attacker cannot bypass such a check by flipping its result in order to get to a protected point (corresponding e.g. to a successful authentication or code integrity verification). This short paper presents a source-code-level verification technique of the correct implementation of such countermeasures. It is based on code instrumentation and deductive verification. The proposed technique was implemented in a tool prototype and evaluated on a real-life case study: the bootloader module of a secure USB storage device called WooKey, supposed to be resistant to fault injection attacks. We were able to prove the correctness of almost all redundant-check countermeasures in the module except two, and found an error in one of the unproven ones.",

keywords = "deductive verification, fault injection attacks, frama-C verification platform, software countermeasures",

author = "Thibault Martin and Nikolai Kosmatov and Virgile Prevosto",

note = "Publisher Copyright: {\textcopyright} 2022 Owner/Author.; 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022 ; Conference date: 25-04-2022 Through 29-04-2022",

year = "2022",

month = apr,

day = "25",

doi = "10.1145/3477314.3507341",

language = "English",

series = "Proceedings of the ACM Symposium on Applied Computing",

publisher = "Association for Computing Machinery",

pages = "1849--1852",

booktitle = "Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022",

}

Martin, T, Kosmatov, N & Prevosto, V 2022, Verifying Redundant-Check Based Countermeasures: A Case Study. Dans Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022. Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery, p. 1849-1852, 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022, Virtual, Online, 25/04/22. https://doi.org/10.1145/3477314.3507341

Verifying Redundant-Check Based Countermeasures: A Case Study. / Martin, Thibault; Kosmatov, Nikolai; Prevosto, Virgile.
Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022. Association for Computing Machinery, 2022. p. 1849-1852 (Proceedings of the ACM Symposium on Applied Computing).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - Verifying Redundant-Check Based Countermeasures

T2 - 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022

AU - Martin, Thibault

AU - Kosmatov, Nikolai

AU - Prevosto, Virgile

PY - 2022/4/25

Y1 - 2022/4/25

N2 - To thwart fault injection based attacks on critical embedded systems, designers of sensitive software use redundancy based countermeasure schemes. In some of these schemes, critical checks (i.e. conditionals) in the code are duplicated to ensure that an attacker cannot bypass such a check by flipping its result in order to get to a protected point (corresponding e.g. to a successful authentication or code integrity verification). This short paper presents a source-code-level verification technique of the correct implementation of such countermeasures. It is based on code instrumentation and deductive verification. The proposed technique was implemented in a tool prototype and evaluated on a real-life case study: the bootloader module of a secure USB storage device called WooKey, supposed to be resistant to fault injection attacks. We were able to prove the correctness of almost all redundant-check countermeasures in the module except two, and found an error in one of the unproven ones.

AB - To thwart fault injection based attacks on critical embedded systems, designers of sensitive software use redundancy based countermeasure schemes. In some of these schemes, critical checks (i.e. conditionals) in the code are duplicated to ensure that an attacker cannot bypass such a check by flipping its result in order to get to a protected point (corresponding e.g. to a successful authentication or code integrity verification). This short paper presents a source-code-level verification technique of the correct implementation of such countermeasures. It is based on code instrumentation and deductive verification. The proposed technique was implemented in a tool prototype and evaluated on a real-life case study: the bootloader module of a secure USB storage device called WooKey, supposed to be resistant to fault injection attacks. We were able to prove the correctness of almost all redundant-check countermeasures in the module except two, and found an error in one of the unproven ones.

KW - deductive verification

KW - fault injection attacks

KW - frama-C verification platform

KW - software countermeasures

UR - https://www.scopus.com/pages/publications/85130417162

U2 - 10.1145/3477314.3507341

DO - 10.1145/3477314.3507341

M3 - Conference contribution

AN - SCOPUS:85130417162

T3 - Proceedings of the ACM Symposium on Applied Computing

SP - 1849

EP - 1852

BT - Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022

PB - Association for Computing Machinery

Y2 - 25 April 2022 through 29 April 2022

ER -

Verifying Redundant-Check Based Countermeasures: A Case Study

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation