Verifying redundant-check based countermeasures: a case study - Archive ouverte HAL Access content directly
Conference Papers Year : 2022

Verifying redundant-check based countermeasures: a case study

(1) , (2) , (1)


To thwart fault injection based attacks on critical embedded systems, designers of sensitive software use redundancy based countermeasure schemes. In some of these schemes, critical checks (i.e. conditionals) in the code are duplicated to ensure that an attacker cannot bypass such a check by flipping its result in order to get to a protected point (corresponding e.g. to a successful authentication or code integrity verification). This short paper presents a source-code-level verification technique of the correct implementation of such countermeasures. It is based on code instrumentation and deductive verification. The proposed technique was implemented in a tool prototype and evaluated on a real-life case study: the bootloader module of a secure USB storage device called WooKey, supposed to be resistant to fault injection attacks. We were able to prove the correctness of almost all redundant-check countermeasures in the module except two, and found an error in one of the unproven ones.
Fichier principal
Vignette du fichier
main.pdf (481.37 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

cea-03714409 , version 1 (05-07-2022)



Thibault Martin, Nikolai Kosmatov, Virgile Prevosto. Verifying redundant-check based countermeasures: a case study. SAC' 2022 - The 37th ACM Symposium on Applied Computing, Apr 2022, Brno (virtual event), Czech Republic. pp.1849-1852, ⟨10.1145/3477314.3507341⟩. ⟨cea-03714409⟩
9 View
23 Download



Gmail Facebook Twitter LinkedIn More