International Association
for Cryptologic Research

Side-channel and fault injection analysis are well-known domains that have been used for years to evaluate the resistance of hardware based products. These techniques remain a threat for the secret assets embedded in products like smart cards or System On Chip. But most of these products contain nowadays several strong protections rendering side-channel and fault attacks difficult or not efficient.

For two decades now embedded cryptography for payment, pay tv, identity areas have been mainly focused on secure elements. However recently, alternative solutions on mobile phones appeared to offer services including payment and security solutions as the HCE and DRM products. Cryptographic operations running in such applications are then executed most often on unprotected hardware devices. Therefore the binary code is accessible to attackers who can use static and dynamic reverse engineering techniques to extract and analyse operations including data modification as faults. Hence, hiding or obfuscating secrets and/or obfuscated or whitebox-ed cryptography becomes mainly the alternatives to secure element storage for assets. Although not proven secure, attacking such implementations in practice on a binary is another story.

We explain in this paper how directly from the binary or with the extracted source code we can perform statistical and fault analysis in a manner that seems familiar with hardware side channel and fault attacks knowledge. The main difference is, using our tool and virtualization technique, an attacker can emulate and trace and modify any chosen computational data (memory or register manipulation, any machine language operation) executed in the mobile application. It means the attacker is not restricted any-more by any physical limitations as the Hamming leakage model (and additional noise) and the difficulty to fault a dedicated operation.

Hence statistical and fault attacks becomes more efficient than in standard physical devices. As a consequence, complex techniques like high order, collision and horizontal statistical attacks becomes very efficient and can be easily performed on the computational data execution traces. A similar consequence applies for fault injection attacks. Hence the word statistical and fault analysis on computational data becomes more appropriate and one can wonder who has been the first between computational data or physical attack techniques? Chicken or the Egg?