Skip to content

Commit

Permalink
small
Browse files Browse the repository at this point in the history
  • Loading branch information
sducousso committed Jan 5, 2023
1 parent 5a3d56b commit c681cf2
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 18 deletions.
22 changes: 16 additions & 6 deletions docs/attack_runs.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ To run the RSA with a single reset fault:
cd /home/binsec-ase/artefact/benchmarks/CRT-RSA_aumuller/
binsec -config 7.5_1reset.cfg
```
For a partial and faster run, you can add a 1 second timeout on the solving time per query, and a total timeout at 1 hour.
For a partial and faster run, you can add a 1 second timeout on the solving time per query, and a total timeout at 1 hour, however as there should not be any attack found the result will not say much.
```
timeout 3600 binsec -config 7.5_1reset_TOsolver.cfg
```
Expand Down Expand Up @@ -46,23 +46,25 @@ binsec -config 7.5_1reset_stopFirst.cfg
## Secret keeping machine

The scripts to replay 1 bit-flip on the two version of the secret keeping machine:
- the `dullien_array` implementation
- the `dullien_array` implementation.
```
cd /home/binsec-ase/artefact/benchmarks/dullien_array/
binsec -config 7.5_1bitflip.cfg
```
\\ How long ? (IP) too long -> make faster version
Unfortunately is quite long to run, and as the goal is to prove tha absence of attacks from injection in the memory, an exhaustive run is necessary. We encourage to set a global timeout (10min for instance) with the following command.
```
timeout 600 binsec -config 7.5_1bitflip.cfg
```

- the `dullien_linked` implementation, which takes a long time to run.
```
cd /home/binsec-ase/artefact/benchmarks/dullien_linked/
binsec -config 7.5_1bitflip.cfg
```
Here is a shorter version stopping at the first attack found (\\ TODO s).
Here is a shorter version stopping at the first attack found (under 5 s).
```
binsec -config 7.5_1bitflip_stopFirst.cfg
```
\\ TODO crash


## Secswift protection
Expand Down Expand Up @@ -114,11 +116,19 @@ binsec -config 8_section1_fast.cfg

In the paper, two other attacks are explored.

The first one, `WooKey_ISO` can be reproduced with the following command. It takes around \\ TODO to run.
The first one, `WooKey_ISO` can be reproduced with the following command. It takes around quite some time to run.
```
cd /home/binsec-ase/artefact/benchmarks/WooKey_ISO/
binsec -config 8_attack.cfg
```
A version stopping at the first attack path found will still take more than 1h without finding the attack.
```
binsec -config 8_attack_stopFirst.cfg
```
To have a shorter run (10min):
```
timeout 600 binsec -config 8_attack_stopFirst.cfg
```

The second attack, `WooKey_TI` can be reproduced with the following command. It takes under 30s to run.
```
Expand Down
10 changes: 4 additions & 6 deletions docs/benchmarks.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Benchmarks
===

All benchmarks are in `benchmraks`
All benchmarks are in `benchmarks`
```
cd /home/binsec-ase/artefact/benchmarks
```
Expand All @@ -24,8 +24,6 @@ We applied the secswfit protection to `VerifyPIN_0` and call it `VerifyPIN_0_ss`

You may see some warnings appear during the analysis, they do not compromise the attack path found.

**Warning** this benchmark is quite long to run (~35 min for 1 ArbitraryData branchless fault ).

## RSAs

We have 3 versions of RSA with various protections, taken from FISSC [[1]](#bibliography).
Expand All @@ -34,18 +32,18 @@ The first, `CRT-RSA_basic`, version is vulnerable to a reset.
The second version, `CRT-RSA_shamir`, implements the protections from Shamir's work, and is also vulnerable to one reset fault.
The last version, `CRT-RSA_aumuller`, implements Aumuller protection ans is said to be resistant to one reset fault.

**Warning** those benchmarks can be very long to run. The basic version less so.
**Warning** those benchmarks are long to run.

## Dullien's secret keeping machine

We have the linked-list and the array implementations of the secret keeping machine program [[3]](#bibliography), called `dullien_array` and `dullien_linked`. Those require the activation of `fault-vars-in-adresses` option. The `dullien_array` version is resistant to one arbitrary data fault in memory (note that our analysis will find attack paths, all faulting 'register' values). The second version, `dullien_linked` is vulnerable to one arbitrary data fault.

**Warning** Those benchmarks are long to run (~1h for branchless 1 fault).
**Warning** Those benchmarks are long to run.


# WooKey case study (section 8)

The orginal WooKey code, as stubbed in Lacombe's work [[4]](#bibliography) is called `WooKey_original`. It is vulnerable to 1 arbitrary data fault, which has equivalent effects in attack paths found than test inversions, which are much faster to run.
The orginal WooKey code, as stubbed from Lacombe's work [[4]](#bibliography) is called `WooKey_original`. It is vulnerable to 1 arbitrary data fault, which has equivalent effects in attack paths found than test inversions, which are much faster to run.

The second version is the patch proposed by Lacombe et al, called `WooKey_Lacombe`. Where there remain one attack path for an arbitrary data fault.

Expand Down
3 changes: 1 addition & 2 deletions getting_started.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,8 @@ See the [step-by-step](./step_by_step.md) guide for further documentation.

Download the [BINSEC/ASE docker](https://github.com/binsec/esop2023_artefact/releases/download/1.0/esop2023_artefact.tar.gz).

Decompress and load the docker with the `load` command and launch it with:
Launch the docker with:
```
docker load -i esop2023_artefact.tar.gz
docker run -it --rm esop2023_artefact
```
Note that if you are using vscode, you can bind it to the docker.
Expand Down
4 changes: 0 additions & 4 deletions step_by_step.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,3 @@ All the commands are the same for VM and docker.
- SMT solvers: bitwuzla (native binding and external), z3 and boolector.
- dissassemblers: radare2 and cutter.

# TODO


\\ TODO major issues with dullien linked

0 comments on commit c681cf2

Please sign in to comment.