Papers by Guillaume Barbu
Lecture Notes in Computer Science, 2023
IACR Transactions on Cryptographic Hardware and Embedded Systems
Despite the growing demand for software implementations of ECDSA secure against attackers with fu... more Despite the growing demand for software implementations of ECDSA secure against attackers with full control of the execution environment, scientific literature on ECDSA white-box design is scarce. The CHES 2021 WhibOx contest was thus held to assess the state-of-the-art and encourage relevant practical research, inviting developers to submit ECDSA white-box implementations and attackers to break the corresponding submissions.In this work, attackers (team TheRealIdefix) and designers (team zerokey) join to describe several attack techniques and designs used during this contest. We explain the methods used by the team TheRealIdefix, which broke the most challenges, and we show the efficiency of each of these methods against all the submitted implementations. Moreover, we describe the designs of the two winning challenges submitted by the team zerokey; these designs represent the ECDSA signature algorithm by a sequence of systems of low-degree equations, which are obfuscated with affin...
Ah ! Non ! C'est un peu court, jeune homme ! On pouvait dire... oh ! Dieu ! ... bien des choses e... more Ah ! Non ! C'est un peu court, jeune homme ! On pouvait dire... oh ! Dieu ! ... bien des choses en somme... En variant le ton,-par exemple, tenez : Académique : Merci à Philippe Hoogvorst et à Guillaume Duc pour leur encadrement et les conseils prodigués. Un grand merci également aux membres du laboratoire ComElec de Télécom ParisTech et en particulier à Jean-Luc Danger et Sylvain Guilley pour avoir initier cette thèse et avoir su me donner l'envie de me plonger dans ce projet. À ce titre, Philippe Gaborit doit également être remercié.
2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)
Smart cards play a key role in various applications we use on a daily basis: payment, mobile comm... more Smart cards play a key role in various applications we use on a daily basis: payment, mobile communication, public transports, etc. In this context, the Java Card technology has evolved since its introduction in the mid-nineties to become nowadays the world leading smart card platform. In the context of Java Card, researches on security have revealed that the possibility of loading malicious applications represents a real threat. In the meantime, the scientific community has also paid interest to the security of embedded cryptography, revealing that theoretically strong cryptosystems can be easily broken if their implementation does not take into account certain physical properties of the underlying hardware device. In particular, a part of the published attacks relies on the attacker's capacity to physically perturb the component during a cryptographic operation. These latter fault attacks have been rarely considered in the literature in the Java Card context. In this thesis, w...
Les cartes a puce jouent un role crucial dans de nombreuses applications que nous utilisons quoti... more Les cartes a puce jouent un role crucial dans de nombreuses applications que nous utilisons quotidiennement : paiement par carte bancaire, telephonie mobile, titres de transport electroniques, etc. C'est dans ce contexte que la technologie Java Card s'est imposee depuis son introduction en 1996, reduisant les couts de developpement et de deploiement d'applications pour cartes a puce et permettant la cohabitation de plusieurs applications au sein d'une meme carte. La communaute scientifique a rapidement demontre que la possibilite donnee a un attaquant d'installer des applications sur les cartes represente une menace. Mais dans le meme temps, la securite des systemes embarques a egalement ete un sujet d'etude tres productif, revelant que des algorithmes cryptographiques consideres comme surs pouvaient etre facilement casses si leurs implementations ne prenaient pas en compte certaines proprietes physiques des composants electroniques qui les accueillent. En pa...
2019 22nd Euromicro Conference on Digital System Design (DSD), 2019
The growing need for speed of recent embedded systems leads to the adoption of the high speed com... more The growing need for speed of recent embedded systems leads to the adoption of the high speed communication PCIe protocol (Peripheral Component Interconnect Express) as an internal data bus. This technology is used in some recent smartphones, and will be probably adopted by the others in the next few years. The communication between the SoC and its memory through the PCIe bus represent an important source of information for criminal investigations. In this paper, we present a new reliable attack vector on PCIe. We chose to perform a hardware Man-in-the-Middle attack, allowing real-time data analysis, data-replay and a copy technique inspired by the shadow-copy principle. Through this attack, we will be able to locate, duplicate and replay sensitive data. The main challenge of this article is to develop an architecture compliant with PCIe protocol constraints such as response time, frequency and throughput, in order to be invisible to the communication parts. We designed a proof of c...
This article introduces a new Combined Attack on a CRT- RSA implementation resistant against Side... more This article introduces a new Combined Attack on a CRT- RSA implementation resistant against Side-Channel Analysis and Fault Injection attacks. Such implementations prevent the attacker from ob- taining the signature when a fault has been induced during the compu- tation. Indeed, such a value would allow the attacker to recover the RSA private key by computing the gcd of the public modulus and the faulty signature. The principle of our attack is to inject a fault during the sig- nature computation and to perform a Side-Channel Analysis targeting a sensitive value processed during the Fault Injection countermeasure execution. The resulting information is then used to factorize the public modulus, leading to the disclosure of the whole RSA private key. After presenting a detailed account of our attack, we explain how its complex- ity can be signicantly reduced by using lattice reduction techniques. We also provide simulations that conrm the eciency of our attack as well as two dierent...
The invention relates to the securing of intermediate code formatted branch instructions, which i... more The invention relates to the securing of intermediate code formatted branch instructions, which include an operation code followed by parameter fields. According to the invention, the parameters of these latter are moved in a non-executable memory zone, outside the table of bytecodes, and are replaced by, in the first parameter field, masked information of address towards this memory zone and, in the other parameter fields, attack detection instructions. An attacker can no longer confuse the normal execution of the array of bytecodes to one of the parameters.
Lecture Notes in Computer Science, 2016
The design of robust countermeasures against Side-Channel Analysis or Fault Attacks is always a c... more The design of robust countermeasures against Side-Channel Analysis or Fault Attacks is always a challenging task. At WISTP'14, a single countermeasure designed to thwart in the same effort both kinds of attacks was presented. This countermeasure is based on coding theory and consists in a specific encoding of the manipulated data acting in the same time as a random masking and an error detector. In this paper, we prove that this countermeasure does not meet the ambitious objectives claimed by its authors. Indeed, we exhibit a bias in the distribution of the masked values that can be exploited to retrieve the sensitive data from the observed side-channel leakage. Going further, we show that this bias is inherent to the nature of the encoding and that randomizing the code itself can be useful to reduce the bias but cannot completely fix the scheme.
Proceedings of the International Conference on Security and Cryptography, 2012
Many publications have studied the various issues concerning Java Cards security regarding softwa... more Many publications have studied the various issues concerning Java Cards security regarding software and/or hardware attacks. However, it is surprising to notice that the particular case of exception-related mechanisms has not been tackled yet in the literature. In this article, we fill this gap by proposing several attacks against Java Card platforms based on both exception handling and exception throwing. In addition, this study allows us to point out that a weakness known by the web-oriented Java community for more than a decade still passes the different steps of the state-of-the-art Java Card application deployment process (namely conversion and verification). This appears all the more important as the Java Card 3 Connected Edition specifications have started to bridge the gap between the two worlds that are Java Cards and Java web services.
2021 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)
Microprocessors and Microsystems
Lecture Notes in Computer Science, 2011
Up to now devices in charge of performing secure transactions mainly remained limited regarding t... more Up to now devices in charge of performing secure transactions mainly remained limited regarding their functionalities. However the trend has recently gone towards an increasing integration of features and technologies, which could potentially represent a source of additional threats. This article introduces an innovative attack exploiting advanced functionalities and offering unrivalled opportunities. This attack targets specifically the multithreaded systems featuring network capabilities. By the way of a network flooding we show how a process can be interrupted at the precise time a sensitive operation is being executed. This interruption aims at subsequently modifying the execution context and consequently breaking the sensitive operation. The practical feasibility of this attack is illustrated on a Java Card 3.0 Connected Edition platform. This description reveals that going through with the full attack scenario is not obvious. However this apparent complexity must not conceal the potential breach, which may significantly alter any application running on the system. Finally the goal of this work is to emphasize that the increasing products complexity may generate new security issues rather than to highlight a specific weakness on released products.
Http Www Theses Fr, Sep 3, 2012
Je saisis l'occasion qui m'est donnée ici de remercier chaleureusement toutes les personnes qui m... more Je saisis l'occasion qui m'est donnée ici de remercier chaleureusement toutes les personnes qui m'ont accompagné au cours de cette thèse et de la rédaction de ce manuscrit: Merci! Ah ! Non ! C'est un peu court, jeune homme ! On pouvait dire... oh ! Dieu ! ... bien des choses en somme... En variant le ton,-par exemple, tenez : Académique : Merci à Philippe Hoogvorst et à Guillaume Duc pour leur encadrement et les conseils prodigués. Un grand merci également aux membres du laboratoire ComElec de Télécom ParisTech et en particulier à Jean-Luc Danger et Sylvain Guilley pour avoir initier cette thèse et avoir su me donner l'envie de me plonger dans ce projet. À ce titre, Philippe Gaborit doit également être remercié.
Lecture Notes in Computer Science, 2014
Attacks based on type confusion against Java Card platforms have been widely studied in the liter... more Attacks based on type confusion against Java Card platforms have been widely studied in the literature over the past few years. Until now, no generic countermeasure has ever been proposed to cover simultaneously and efficiently direct and indirect type confusions. In this article we bridge this gap by introducing two different schemes which cover both type confusions. First, we show that an adequate random transformation of all the manipulated data on the platform according to their type can bring a very good resistance against type confusion exploits. Secondly, we describe how a so-called Java Card Virtual Machine Abstract Companion can allow one to detect all type confusions between integers and Objects all across the platform. While the second solution stands as a strong but resource-demanding mechanism, we show that the first one is a particularly efficient memory/security trade-off solution to secure the whole platform.
IFIP Advances in Information and Communication Technology, 2012
In this article we present the first Combined Attack on a Java Card targeting the APDU buffer its... more In this article we present the first Combined Attack on a Java Card targeting the APDU buffer itself, thus threatening both the security of the platform and of the hosted applications as well as the privacy of the cardholder. We show that such an attack, which combines malicious application and fault injection, is achievable in practice on the latest release of the Java Card specifications by presenting several case studies taking advantage for instance of the well-known GlobalPlatform and (U)SIM Application ToolKit.
Uploads
Papers by Guillaume Barbu