Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security of Real-World Systems > Week 8: Fault Injection > Flashcards

Week 8: Fault Injection Flashcards

1
Q

What do Fault Models consist of?

A

Location, Effects and Timing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the possible Locations in a Fault Model?

A

Random position/width.
Specific bit/byte/instruction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the possible Effects in a Fault Model?

A

Bit flip.
Bit stuck at zero or one.
Statistical (75% chance -> 0, etc.).
Skip instructions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the possible Timings in Fault Model?

A

Number of affected cycles/instructions.
Timing jitter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe a Generic Attack for keyed crypto algorithms?

A
  1. Get fault-free ciphertext c_ref.
  2. Inject fault (stuck-at-zero) for bit 0 in c_0.
    2a. If c_0 = c_ref, key bit 0 = 0.
    2b. Else = 1.
  3. Repeat for all key bits.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the Bellcore attack?

A

q = gcd(s - faulty_s, n), p=n/q

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe the Lenstra attack?

A

q = gcd((faulty_sig^e) - x, n), p=n/q
Only one fault signature needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some detection-based countermeasures for fault injections?

A

Monitor environment - detect injection.
Detect faulty result - parallel or sequential.
Detect unusual usage patterns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some algorithmic countermeasures for fault injections?

A

RSA/ECC - verify signature after signing.
AES - backwards rounds (check intermediate values).
Randomization in time - added delays = harder to inject.
Infective computation - fault randomizes result.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the prerequisites for Rowhammer?

A

Uncached memory access - write to RAM.
Fast memory access.
Specific row targeting - reverse engineer mapping functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe a DFA attack on AES?

A

Injected fault - diff(z, z’) (before SubBytes in final round)
Observe outputs y, y’
Find k that satisfy:
S^-1(k XOR y) XOR S^-1(k XOR y’) = diff(z, z’)
Repeat new inputs until found.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the fault model for a generic attack on keyed algorithms?

A

Location: specific key bit
Timing: specific bit
Effect: bit stuck at zero

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the fault model for Bellcore/Lenstra?

A

Location: random
Timing: only one sub exp.
Effect: any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the fault model for an attack on AES?

A

Location: specific bit
Timing: before SubBytes in final round
Effect: flip bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Explain Rowhammer?

A

1.) Find target location and release back to OS.
2.) Make page table appear at target location.
3.) Fill physical memory with page tables.
4.) Flip in target PTE likely gives access to page table -> now has kernel privilages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Explain Rowhammer?

A

1.) Find target location and release back to OS.
2.) Make page table appear at target location.
3.) Fill physical memory with page tables.
4.) Flip in target PTE likely gives access to page table -> now has kernel privilages.

Security of Real-World Systems (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions