MORO Nicolas

PhD graduated
Team : ALSOC
Departure date : 12/31/2014

Supervision : Emmanuelle ENCRENAZ

Co-supervision : ROBISSON Bruno, HEYDEMANN Karine

Security of assembly programs against fault attacks on embedded processors

This thesis focuses on the security of embedded programs against fault injection attacks. Due to the spreadings of embedded systems in our common life, development of countermeasures is important.
First, a fault model based on practical experiments with a pulsed electromagnetic fault injection technique has been built. The experimental results show that the injected faults were due to the corruption of the bus transfers between the Flash memory and the processor’s pipeline. Such faults enable to perform instruction replacements, instruction skips or to corrupt some data transfers from the Flash memory.
Although replacing an instruction with another very specific one is very difficult to control, skipping an instruction seems much easier to perform in practice and has been observed very frequently. Furthermore many simple attacks can carried out with an instruction skip. A countermeasure that prevents such instruction skip attacks has been designed and formally verified with model-checking tool. The countermeasure replaces each instruction by a sequence of instructions.
However, this countermeasure does not protect the data loads from the Flash memory. To do this, it can be combined with another assembly-level countermeasure that performs a fault detection. A first experimental test of these two countermeasures has been achieved, both on isolated instructions and complex codes from a FreeRTOS implementation. The proposed countermeasure appears to be a good complement for this detection countermeasure and allows to correct some of its flaws.

Defence : 11/13/2014 - 14h - Site Jussieu - Salle Jean-Louis Laurière - 25-26/101

Jury members :

BERTHOMÉ Pascal (INSA Centre Val de Loire) [Rapporteur]
LANET Jean-Louis (INRIA Rennes) [Rapporteur]
BAJARD Jean-Claude (UPMC)
GIRAUD Christophe (Oberthur Technologies)
GUILLEY Sylvain (Telecom ParisTech)
LALANDE Jean-François (INSA Centre Val de Loire)
PAILLIER Pascal (CryptoExperts)
ENCRENAZ Emmanuelle (UPMC)

2012-2014 Publications