ABSTRACT
Rapid advancements in Internet Technologies have rendered the technology ubiquitous. Internet of Things (IoT) provides a framework for smart cities, smart homes, smart cars, smart health care, smart devices such as microwaves, doorbells, bulbs, energy meters, etc. Therefore, it is leading toward making day-to-day life much more comfortable and elegant. The underlying technology behind IoT is a massive interconnection of tiny, embedded devices referred to as sensors. These devices collect and share raw data, for example, car speed/brake information, the temperature setting of a microwave, door lock/unlock status, pulse rate of a patient, etc. The storage and transfer of data bring in grave concern for security and privacy. Moreover, IoT devices often communicate with the physical environment. A compromised device may be forced to remotely monitor through webcams/ security cameras, changing a car speed, or changing a patient’s medication, for instance. Therefore, thwarting such attacks and threats has become imperative, considering the criticality of applications. There is a wide array of attacks possible on IoT devices that includes denial of service (DoS) attacks, malware, reply attacks, signal jamming, hardware attacks, spoofing, ransomware, and impersonation attacks, etc. Security threats on IoT systems can be broadly categorized into four attack points: application security, network security, IoT platform security, and hardware security. Applications that interface with IoT devices, if not secured enough, can be targeted and controlled remotely by an attacker. IoT devices often interact through insecure channels (networks), and therefore, are vulnerable to eavesdropping attacks. Since IoT devices work in resource-constrained environments, many IoT vendors use weak encryption protocols or do not even use encryption leading to successful network attacks. Often, IoT devices interact via a platform such as a cloud, which endangers the system. IoT devices are often deployed in public areas making them physically approachable by an attacker who can mount the strongest forms of attacks called implementation attacks. Implementation attacks include reverse engineering attacks, probing attacks, side-channel attacks, fault attacks, etc. Therefore, implementation attacks or hardware attacks present a powerful threat to IoT systems and therefore require special consideration. The chapter investigates the security of IoT systems from the perspective of hardware attacks, more specifically, fault analysis (FA) attacks. For secure IoT systems, IoT vendors must include encryption and authentication protocols to reduce the associated security risks. The encryption schemes tailored for resource-constrained environments such as IoT systems are called lightweight ciphers. In 2019, a lightweight cryptography (LWC) Standardization project was initiated by the National Institute of Standards and Technology (NIST). Lightweight ciphers serve as an essential component in providing secure IoT solutions. However, even a lightweight cipher mathematically proven to be secure is vulnerable to implementation attacks if the underlying hardware is not protected. Implementation attacks pose serious threats to the security of lightweight ciphers. In contrast to classical cryptanalysis attacks that try to identify mathematical and/or statistical vulnerabilities of a cipher, these attacks exploit implementation and data-dependent behavioral characteristics such as power consumption, timing requirements, electromagnetic radiations, etc., of the cipher. These attacks target electrical devices executing cryptographic operations. A specific type of implementation attack referred to as the fault attack, or FA, is a powerful attack and practical in environments where cryptographic devices are approachable to the attacker. Mounting FA attacks comprise inducing faults by physical perturbation (clock glitches, voltage spikes, laser beam injection, row-hammer, etc.), thereby forcing the device to generate computation errors. These errors are then exploited to break the security of the system, such as PIN code recovery, ePurse balance increase, false signature acceptation, key recovery, etc. It is imperative to thoroughly assess the security of a lightweight cipher toward FA attacks. There are several FA techniques that have been proposed in the past decade, such as Algebraic FA (AFA), Differential FA (DFA) and variants, Statistical FA (SFA) and its variants, and Persistent FA (PFA), etc. Each FA technique is based on a different fault model and attacker capabilities. A fault model comprises of fault granularity (bit/byte/nibble), required control, type of fault (bit-flip/stuck-at zero/set-reset, etc.), method of fault injection (laser beam/voltage fluctuation/clock glitches, etc.), duration of effect of fault (transient/permanent/persistent), and assumptions about cipher implementation details such as hardware/software implementation. Each FA method requires different attack efforts; DFA/AFA needs tight synchronization between fault location, round, and time but may need fewer queries, for instance. On the other hand, PFA/SFA may not require a highly controlled physical environment but may require a large number of queries. In other words, each FA method is based on a different attack vector and, consequently, requires different types of countermeasures to mitigate the corresponding fault attack. The chapter provides a detailed discussion on the security vulnerabilities of lightweight ciphers deployed in IoT systems against FA attacks. A lightweight cipher must be evaluated against FA techniques before using it in a commercial IoT device for individual customers and organizations. The chapter provides a classification of FA techniques with detailed explanations of each method and its applicability to different classes of lightweight ciphers. The chapter also examines potential countermeasures and their effectiveness in counteracting different types of fault attacks launched by an adversary.
