Mitigation-page

MID-063: Software Mitigations for Fault Injection

Mitigation Tier: Intermediate

Description

Many software-based mitigations to fault injection have been imposed. These range from coding patterns and strategies that can be used at development time, to automated compiler-based techniques, and hybrid approaches that take advantage of hardware features.

Certain programming patterns can harden pieces of code against common faults [1][2][3]. Redundancy is one such pattern, i.e., performing certain comparisons, memory reads, or function calls multiple times and comparing the results. Others include: choosing constant flag values with a large Hamming distance between them that are hard for a fault to generate or flip between, (e.g., multi-byte random bit strings instead of 0 and 1); adding code checks for ‘impossible’ paths through logic trees that could only be reached as a result of a fault; adding random time delays to operations; checking that loops executed to completion without stopping early; etc.

Other research has proposed more systematic approaches to hardening code at compile time. As compile-time approaches must be automated and generally applicable to all code, they often implement more narrow protections against specific types of faults. Examples include automating the insertion of duplicate computations and comparisons throughout an application [4] or hardening the control flow of loops [5]. Instruction duplication (ID) is one commonly proposed technique that can be automatically applied [6][7], however it has been shown over time that ID is only effective against faults that skip single instructions [8][9]. An attacker that can coordinate multiple faults to target each duplication can likely still achieve their objective. [13] demonstrates that such coordination is feasible with readily accessible tools.

Other general-purpose protections that protect a program’s control flow graph, e.g., control flow integrity (CFI), can provide some protection against faults that alter function pointers and jump addresses similar to how a software exploit would. Software-based CFI schemes [10][11] and hardware-assisted schemes (e.g., using ARM pointer authentication) [12] have been explored. See MID-007 and MID-020 for more information on CFI and pointer authentication/encryption.

A combination of multiple hardware and software-based mitigation techniques (see MID-062) to address the range of fault injection types, as recommended by [3], can prove more effective than any individual mitigation.

IEC 62443 4-2 Mappings

  • none

References

[1] M. Witterman, “Fault Mitigation Patterns,” Riscure. [Online]. Available: https://sidechannel.riscure.com/publications/fault-mitigation-patterns/

[2] J. Boone, S. Q. Khan. “Software-Based Fault Injection Countermeasures (Part 2/3).” NCC Group. Accessed: Aug. 28, 2024. [Online]. Available: https://research.nccgroup.com/2021/07/08/software-based-fault-injection-countermeasures-part-2-3/

[3] J. Boone, S. Q. Khan. “Alternative Approaches for Fault Injection Countermeasures (Part 3/3).” NCC Group. Accessed: Aug. 28, 2024. [Online]. Available: https://research.nccgroup.com/2021/07/09/alternative-approaches-for-fault-injection-countermeasures-part-3-3/

[4] G. A. Reis, J. Chang, N. Vachharajani, R. Rangan and D. I. August, “SWIFT: software implemented fault tolerance,” International Symposium on Code Generation and Optimization, San Jose, CA, USA, 2005, pp. 243-254, doi: 10.1109/CGO.2005.34.

[5] Julien Proy, Karine Heydemann, Alexandre Berzati, and Albert Cohen. 2017. Compiler-Assisted Loop Hardening Against Fault Attacks. ACM Trans. Archit. Code Optim. 14, 4, Article 36 (December 2017), 25 pages. https://doi.org/10.1145/3141234

[6] Alessandro Barenghi, Luca Breveglieri, Israel Koren, Gerardo Pelosi, and Francesco Regazzoni. 2010. Countermeasures against fault attacks on software implemented AES: effectiveness and cost. In Proceedings of the 5th Workshop on Embedded Systems Security (WESS ‘10). Association for Computing Machinery, New York, NY, USA, Article 7, 1–10. https://doi.org/10.1145/1873548.1873555

[7] Thierno Barry, Damien Couroussé, and Bruno Robisson. 2016. Compilation of a Countermeasure Against Instruction-Skip Fault Attacks. In Proceedings of the Third Workshop on Cryptography and Security in Computing Systems (CS2 ‘16). Association for Computing Machinery, New York, NY, USA, 1–6. https://doi.org/10.1145/2858930.2858931

[8] Cojocar, L., Papagiannopoulos, K., Timmers, N. (2018). Instruction Duplication: Leaky and Not Too Fault-Tolerant!. In: Eisenbarth, T., Teglia, Y. (eds) Smart Card Research and Advanced Applications. CARDIS 2017. Lecture Notes in Computer Science(), vol 10728. Springer, Cham. https://doi.org/10.1007/978-3-319-75208-2_10

[9] B. Yuce, N. F. Ghalaty, H. Santapuri, C. Deshpande, C. Patrick and P. Schaumont, “Software Fault Resistance is Futile: Effective Single-Glitch Attacks,” 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), Santa Barbara, CA, USA, 2016, pp. 47-58, doi: 10.1109/FDTC.2016.21.

[10] V. B. Thati, J. Vankeirsbilck, J. Boydens and D. Pissort, “Selective Duplication and Selective Comparison for Data Flow Error Detection,” 2019 4th International Conference on System Reliability and Safety (ICSRS), Rome, Italy, 2019, pp. 10-15, doi: 10.1109/ICSRS48664.2019.8987731.

[11] R. Schilling, M. Werner and S. Mangard, “Securing conditional branches in the presence of fault attacks,” 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 2018, pp. 1586-1591, doi: 10.23919/DATE.2018.8342268.

[12] Schilling, R., Nasahl, P., Mangard, S. (2022). FIPAC: Thwarting Fault- and Software-Induced Control-Flow Attacks with ARM Pointer Authentication. In: Balasch, J., O’Flynn, C. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2022. Lecture Notes in Computer Science, vol 13211. Springer, Cham. https://doi.org/10.1007/978-3-030-99766-3_5

[13] M. Alt. “Glitching in 3D: Low Cost EMFI Attacks,” presented at CanSecWest 2024, Vancouver, BC, Canada, March, 2024. Available: https://github.com/voidstarsec/csw-2024/blob/gh-pages/csw.pdf

[14] J. van Woudenberg. “Top 10 Secure Boot mistakes.” Presented at hardware.io Hardware Security Conference and Training, Santa Clara, CA, USA, 2019. [Online]. Available: https://hardwear.io/usa-2019/presentations/Top-10-Secure-Boot-Mistakes-v1.1-hardwear-io-usa-2019-jasper-van-woudenberg.pdf