Fault attacks belong to a potent class of implementation-based attacks that can compromise a crypto-device within a few milliseconds. Out of the large numbers of faults that can occur in the device, only a very few are exploitable in terms of leaking the secret key. Ignorance of this fact has resulted in countermeasures that have either significant overhead or inadequate protection. This article presents a framework, referred to as FaultDroid, for automated vulnerability analysis of fault attacks. It explores the entire fault attack space, identifies the single/multiple fault scenarios that can be exploited by a differential fault attack, rank-orders them in terms of criticality, and provides design guidance to mitigate the vulnerabilities at low cost. The framework enables a designer to automatically evaluate the fault attack vulnerabilities of a block cipher implementation and then incorporate efficient countermeasures. FaultDroid uses a formal model of fault attacks on a high-level specification of a block cipher and hence is equally applicable to both software and hardware implementation of the cipher. As case studies, we employ FaultDroid to comprehensively evaluate the fault scenarios in several common ciphers—AES, CLEFIA, CAMELLIA, SMS4, SIMON, PRESENT, and GIFT—and assess their vulnerability.

中文翻译：

---

故障机器人

故障攻击属于一类强有力的基于实现的攻击，可以在几毫秒内破坏加密设备。在设备中可能发生的大量故障中，只有极少数可用于泄露密钥。对这一事实的无知导致了具有显着开销或保护不足的对策。本文介绍了一个称为 FaultDroid 的框架，用于对故障攻击进行自动漏洞分析。它探索了整个故障攻击空间，识别了可以被差分故障攻击利用的单个/多个故障场景，根据关键程度对它们进行排序，并提供设计指导以低成本缓解漏洞。该框架使设计人员能够自动评估块密码实施的故障攻击漏洞，然后结合有效的对策。FaultDroid 对分组密码的高级规范使用故障攻击的正式模型，因此同样适用于密码的软件和硬件实现。作为案例研究，我们使用 FaultDroid 来全面评估几种常见密码（AES、CLEFIA、CAMELLIA、SMS4、SIMON、PRESENT 和 GIFT）中的故障场景，并评估它们的脆弱性。