Automatized Fault Attack Emulation for Penetration Testing

Institute for Technical Informatics 

www.ITI.TUGraz.at 

Automatized Fault Attack Emulation for 

Penetration Testing 

Johannes Grinschgl 1 , Thomas Aichinger 3 , Armin Krieg 1 , 

Christian Steger 1 , Reinhold Weiss 1 , 

Holger Bock 2 , Josef Haid 2 

1 

Institute for Technical Informatics, Graz University of Technology, Austria 

2 

Infineon Technologies Austria AG, Design Center Graz, Austria 

3 

Austria Card GmbH, Austria 

12th International Common Criteria Conference 

Kuala Lumpur, Malaysia, September 29, 2011 

A. Krieg 2011-9-29 

1

Agenda 



• Motivation 

• Introduction 

• Related work 

• Automatized Fault Attack Emulation 

• Impact on Certification Flow 

• Conclusion 

A. Krieg 2011-9-29 

2

Motivation (1/3) 



• Increasing complexity of SoC 

− More-than-Moore [Arden2010] 

− Increasing test duration 

• Increasing security and 

dependability requirements 

− High costs 

− Loss of trust 

− Loss of life 

SOC Consumer Portable Design Complexity Trends 

(Source: ITRS - 2010 Update, "System Drivers“) 

• Increasing number of known fault attacks 

− Increasing knowledge of attackers 

− Better attack tools 

− Cheaper analysis equipment 

A. Krieg 2011-9-29 

3




• Common criteria certification 

− Time consuming 

− Expensive 

− Penetration tests very late in 

development phase 

• Fault detection during certification 

− Longer time to market 

− Reevaluation 

• Test coverage of penetration tests 

• Efficiency evaluation of new 

security features 

A. Krieg 2011-9-29 

4




• How to solve this problem 

• Target: 

− Reduction of deficits during design phase 

− Early evaluation of security features 

− Support of very large test pattern sets 

− Open sample evaluation support 

− SW test without HW security features 

− (HW test without SW security features) 

• Solution: 

Automatized Fault 

Attack Emulation 

A. Krieg 2011-9-29 

5

Agenda 









A. Krieg 2011-9-29 

6

Introduction (1/2) 



• Emulation 

− Mapping of smart card 

functionality to FPGA 

− Emulation resembles very 

accurately the behavior of 

the final device 

− Extendibility in respect to 

fault emulation 

− Real-time emulation 

performance 

− On-line debugging 

− On-line register and memory 

examination 

− Standard SW development 

tool 

Easy-to-use Rapid FPGA Prototyping Platform, 

Tanto2-FPGA system, http://www.hitex.com 

A. Krieg 2011-9-29 

7

Introduction (2/2) 



• POWER-MODES 1 vision: Flexible and Fast Fault Emulator 

− Whole system evaluation for fault attack vulnerability 

− Software 

− Hardware 

− Operating system 

− Saboteur-based attack method 

− Automatized VHDL code base adaptation 

− Automatized result evaluation 

− Austria Card ACOS operating system 

1 

“POWer EmulatoR and MOdel based DEpendability and Security evaluation platform”, funded by the Austrian Federal 

Ministry for Transport, Innovation, and Technology under the FIT-IT contract FFG 825749. Project Partners: Infineon 

Technologies Austria AG and Austria Card 

A. Krieg 2011-9-29 

8

Agenda 









A. Krieg 2011-9-29 

9

Related Work (1/2) 



• Fault injection mechanisms 

− Simulation [Jenn1994, Velanzco2001, Rothbart2004] 

• Slow 

• Flexible 

− Physical test [Karlsson1995] 

• Late in design phase 

• Expensive 

− Emulation [Bayar2008, Kenterlis2006, Kafka2008, Sterpone2007, Sonza2006, Baraza2005, 

Leveugle2000] 

• Fast 

• Low-cost compared to physical tests 

• Compromise between cost and flexibility 

• Early in design phase 

A. Krieg 2011-9-29 

10

Related Work (2/2) 



• Fault emulation methods 

− Partial reconfiguration [Bayar2008, Kenterlis2006, Kafka2008, Sterpone2007, 

Sonza2006] 

• Runtime adaptation of LUTs 

• Requires specialized FPGA devices 

− Mutants 

• VHDL modification to modules [Baraza2005, Leveugle2000] 

• Requires pre-modified modules for every fault scenario 

− Saboteur 

• VHDL modification into signal lines [Baraza2005, Leveugle2000] 

• Very flexible if supported by automatized placement 

• Common Criteria Certification Process [JIL2009], [CCEVS2005] 

A. Krieg 2011-9-29 

11

Agenda 









A. Krieg 2011-9-29 

12

Autom. Fault Attack Emulation (1/5) 



• Host PC 

− Fault injection flow control 

• Attack Database 

− Storage of different attack scenarios 

• Fault injection controller 

− Saboteur 

Management 

• Saboteurs 

− Single-bit type 

− Bus type 

− Port type 

• Saboteur interface 

− Saboteur FI controller connection 

A. Krieg 2011-9-29 

13




• What are saboteurs 

− Modules which can disturb signals 

− Placed between signal source and sink 

• Advantages 

− Definable detailed attack 

− Full control over the signal 

− Flexibility 

− Applicable to Security and 

Dependability Evaluations 

• Attack patterns 

− Specification of fault location 

− Mapping of physical to logical location 

A. Krieg 2011-9-29 

14




• Fault emulation 

initialization 

− 

− 

− 

Attack time 

Attack type 

Memory address 

• Attack scenario 

• Result evaluation 

− 

− 

Output 

Memory 

• Report generation 

• Repeat until all 

addresses and points in 

time are tested 

A. Krieg 2011-9-29 

15




• Attack on security relevant regions 

− Memory regions 

− Time 

− Calculation example 

• Some 100 Addresses 

• 20-50ms for one command 

• ~1ms is interesting 

• ~1M Attack Scenarios 

• 1sec per attack 

• 11,6 Days 

− Long time tests 

• Attack granularity 

refinement 

• Information gain for 

real-chip testing 

A. Krieg 2011-9-29 

16




• Power emulation 

[Bachmann2010] 

− 

− 

− 

− 

Automatized control 

signal extraction 

Control signal 

weighting 

Accumulation 

Characterization using 

gate level simulations 

and physical tests 

• Information extraction 

from the power profile 

• Emulate power 

information available to 

attacker 

− 

Average error below 

10% 

Power [normalized] 

1 

Equipment 

0.8 

0.6 

0.4 

0.2 

P 

estimated 

∑ 

= c * x[ 

t] 

0 

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 

Time [normalized] 

[Genser2009] 

i 

i 

Reference 

Estimated 

A. Krieg 2011-9-29 

17

Agenda 









A. Krieg 2011-9-29 

18

Impact on Certification Flow (1/3) 



Impact on smart card embedded SW development 

• SW evaluation without activated HW security features 

− Evaluation of SW security implementation 

− Automated verification of SW countermeasure implementation 

and test replication using HW with enabled security features 

− Testing of security relevant code is difficult (practical 

experience) 

• Coding guideline verification 

− E.g. SW handling of memory manipulations 

− E.g. Detection of program counter manipulations 

• Replicable penetration test 

A. Krieg 2011-9-29 

19




Impact on certification (penetration tests) 

• Advantages for the lab 

− Gain information for physical attacks 

• Attack time 

• Attack region (RAM, Core, …) 

• No blocking of expensive laboratory equipment 

• Enabling of parallel test scenarios 

• Certain HW security features can be deactivated 

A. Krieg 2011-9-29 

20




• Use the emulator as open sample/ sample with known secrets 

• Freely configurable hardware 

− Internal values can be read out and manipulated 

• Registers 

• Memory 

• Program counter 

− Hardware security features can be deactivated 

• Memory encryption 

• Fault detection mechanisms 

− Manipulation of critical signals 

• Fault detection mechanisms 

• Crypto calculation 

• Freely definable software load 

− Debugging is possible 

− Get memory location of critical code 

A. Krieg 2011-9-29 

21

Agenda 









A. Krieg 2011-9-29 

22

Conclusion (1/3) 



• SW development view 

− Test security features 

− Verification of coding guideline 

− Allow to debug SW 

• Open sample approach 

− Specific deactivation of HW security features 

− Allow to test SW on the HW 

− Allow to manipulate HW features 

• Run-time power estimation 

− Extract interesting time slots 

• E.g. Cryptographic calculations 

A. Krieg 2011-9-29 

23




• Provide information for real chip certification 

− Attack time 

− Attack region 

• RAM, Core, Crypto, … 

• Speed-up of security evaluation 

− Simple tests can already be performed during SW development 

− Provide information for the real tests 

− Test counter measures 

− Detailed attack result evaluation by memory analysis 

• Enabling of complex fault attack scenarios 

A. Krieg 2011-9-29 

24




• Future Work 

− More detailed result evaluation 

− Multiple FPGA configurations for parallel emulation 

− Automatic increase of test granularity at critical regions 

A. Krieg 2011-9-29 

25

Q&A 



Thanks for your attention! 

Questions 

A. Krieg 2011-9-29 

26

References 



[Arden2010] 

[Jenn1994] 

[Velanzco2001] 

[Rothbart2004] 

[Karlsson1995] 

[Bayar2008] 

[Kenterlis2006] 

[Kafka2008] 

[Sterpone2007] 

[Sonza2006] 

[Baraza2005] 

[Leveugle2000] 

[Grinschgl2011] 

[Pohl2010] 

[Pellegrini2010] 

[Bachmann2010] 

[Genser2009] 

[JIL2009] 

[CCEVS2005] 

W. Arden, M. Brillouët, P. Cogez, M. Graef, B. Huizing, R. Mahnkopf: More-than-Moore, ITRS 

2010. 

E. Jenn, J. Arlat, M. Rimen, J. Ohlsson, and J. Karlsson, “Fault injection into vhdl models: the mefisto tool,” in 

Proc. Twenty-Fourth Int Fault-Tolerant Computing FTCS-24. Digest of Papers. Symp, 1994, pp. 66–75. 

R. Velazco, R. Leveugle, and O. Calvo, “Upset-like fault injection in vhdl descriptions: A method and 

preliminary results,” in Proc. IEEE Int Defect and Fault Tolerance in VLSI Systems Symp, 2001, pp. 259–267. 

K. Rothbart, U. Neffe, C. Steger, R. Weiss, E. Rieger, and A. Muehlberger, “High level fault injection for attack 

simulation in smart cards,” in Proc. 13th Asian Test Symp, 2004, pp. 118–121. 

J. Karlsson and P. Folkesson, “Application of three physical fault injection techniques to the experimental 

assessment of the mars architecture.” IEEE Computer Society Press, 1995, pp. 267–287. 

S. Bayar and A. Yurdakul, “Self-reconfiguration on spartan-iii fpgas with compressed partial bitstreams via a 

parallel configuration access port (cpcap) core,” in Proc. Ph.D. Research in Microelectronics and Electronics 

PRIME 2008, 2008, pp. 137–140. 

P. Kenterlis, N. Kranitis, A. Paschalis, D. Gizopoulos, and M. Psarakis, “A low-cost seu fault emulation 

platform for sram-based fpgas,” in Proc. 12th IEEE Int. On-Line Testing Symp. IOLTS 2006, 2006. 

L. Kafka, “Analysis of applicability of partial runtime reconfiguration in fault emulator in xilinx fpgas,” in 

DDECS ’08: Proceedings of the 2008 11th IEEE Workshop on Design and Diagnostics of Electronic Circuits 

and Systems. Washington, DC, USA: IEEE Computer Society, 2008, pp. 1–4. 

L. Sterpone and M. Violante, “A new partial reconfiguration-based fault-injection system to evaluate seu 

effects in sram-based fpgas,” Nuclear Science, IEEE Transactions on, vol. 54, no. 4, pp. 965 –970, 2007. 

M. Sonza Reorda, L. Sterpone, M. Violante, M. Portela-Garcia, C. Lopez-Ongil, and L. Entrena, “Fault 

injection-based reliability evaluation of sopcs,” in Proc. Eleventh IEEE European Test Symp. ETS ’06, 2006, 

pp. 75–82. 

J. C. Baraza, J. Gracia, D. Gil, and P. J. Gil, “Improvement of fault injection techniques based on vhdl code 

modification,” in Proc. Tenth IEEE Int. High-Level Design Validation and Test Workshop, 2005, pp. 19–26. 

R. Leveugle, “Fault injection in vhdl descriptions and emulation,” in Proc. IEEE Int Defect and Fault Tolerance 

in VLSI Systems Symp, 2000, pp. 414–419. 

J. Grinschgl, A. Krieg, C. Steger, R. Weiss, H. Bock, and J. Haid, “Modular fault injector for multiple fault 

dependability and security evaluations,” in DSD 2011, In Press. 

C. Pohl, R. Fuest, and M. Porrmann, “vmagic – automatic code generation for vhdl,” newsletter edacentrum, 

vol. 2, pp. 7–10, Jul. 2010. 

A. Pellegrini, V. Bertacco, and T. Austin, “Fault-based attack of rsa authentication,” in Proc. Design, 

Automation & Test in Europe Conf. & Exhibition (DATE), 2010, pp. 855–860. 

C. Bachmann, A. Genser, C. Steger, R. Weiss, and J. Haid, “Automated Power Characterization for Run-Time 

Power Emulation of SoC Designs,” in DSD 2010, 2010, pp. 587–594. 

A. Genser, C. Bachmann, J. Haid, C. Steger, and R. Weiss, “An emulation-based real-time power profiling 

unit for embedded software,” in SAMOS 2009, 2009, pp. 67–73. 

Joint Interpretation Library, “Application of Attack Potential to Smartcards,”, 2009,online available on 

https://www.bsi.bund.de 

National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme, “Common 

Criteria Evaluation and Validation Scheme Validation Report”, 2005, online available 

onhttp://www.commoncriteriaportal.org/files/epfiles/st_vid10023-vr.pdf 

A. Krieg 2011-9-29 

27

Automatized Fault Attack Emulation for Penetration Testing

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?