Analyse de code et processus d'évaluation des composants sécurisés contre l'injection de faute

Abstract : Lasers, electronics glitches and electromagnetic pulses, bestow upon an attacker the mysterious power to perturb the logic of operation of computing devices. This surprising ability may be especially harmful to secure hardware such as smartcards. Against this threat, the security of such hardware is assessed by dedicated laboratories according to international norms and under the auspices of national agencies. This thesis explores the impact of fault injection, which is the consequence of perturbation attacks on the code executed by a hardware device, in the evaluation process. We develop a novel end-to-end approach to close the gap between the analysis of the code for vulnerability detection and the physical attacks that are performed in the evaluation process. The approach combines fault models extracted during physical attacks with a specifically designed evaluation tool to extract relevant vulnerabilities and rate their attack potential. Lastly, we study the impact on security of multiple fault attack, a technique that significantly boosts the attacker's power by allowing several faults over the course of a single execution.
Complete list of metadatas

Cited literature [115 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01403749
Contributor : Louis Dureuil <>
Submitted on : Sunday, November 27, 2016 - 3:06:02 PM
Last modification on : Monday, February 25, 2019 - 4:34:20 PM
Long-term archiving on : Tuesday, March 21, 2017 - 11:51:26 AM

File

Identifiers

  • HAL Id : tel-01403749, version 1

Collections

CEA | DRT

Citation

Louis Dureuil. Analyse de code et processus d'évaluation des composants sécurisés contre l'injection de faute. Informatique [cs]. Communauté Université Grenoble Alpes, 2016. Français. ⟨tel-01403749v1⟩

Share

Metrics

Record views

271

Files downloads

388