Next Article in Journal
SC-DDPL as a Countermeasure against Static Power Side-Channel Attacks
Previous Article in Journal
Associative Blockchain for Decentralized PKI Transparency
Previous Article in Special Issue
CONFISCA: An SIMD-Based Concurrent FI and SCA Countermeasure with Switchable Performance and Security Modes
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Cryptography
Volume 5
Issue 2
10.3390/cryptography5020015
Review Report
cryptography-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

SimpliFI: Hardware Simulation of Embedded Software Fault Attacks

Cryptography 2021, 5(2), 15; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography5020015
by Jacob Grycel * and Patrick Schaumont
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Cryptography 2021, 5(2), 15; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography5020015
Submission received: 8 May 2021 / Revised: 29 May 2021 / Accepted: 3 June 2021 / Published: 7 June 2021
(This article belongs to the Special Issue Feature Papers in Hardware Security)

Round 1

Reviewer 1 Report

This paper presented new framework, namely SimpliFI, a simulation methodology to test fault attacks on embdded software. The paper describes details of the proposed implementation. I have some minor comments on this paper.

- In Table 1, the summary of fault evaluation method capabilities are given. [12] achived Injection Methods while proposed method does not achieve it. Is there any reason or is it possible to full support on SimpliFI?

- SimpliFI has strength in hardware analysis. And the evaluation is conducted on BRISC-V. The work is only working on BRISC-V? or this can be working on other platforms as well?

- In Table 2 and 3, only three instructions are evaluated (e.g. ADD, LW, JALR). Is it possible to support other instruction sets?

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

This paper presents a software tool to examine the behavior of fault attacks and gain insights into the instruction-level and application-level fault vulnerabilities.

In general, the paper is interesting and the technical outcomes are sound. On the other hand, the presentation of the paper is weak and underwhelming at some parts of the paper. In particular,

The authors mention that " SimpliFI is the first design-time methodology in the public domain". However, the authors do not release any tool/code and i am not sure what do they mean in the public domain. Apart from that, will the authors release the tool (their implementation) as open source ?

I would suggest the authors to include also a section with the drawbacks of the proposed methodology and also discuss how generic it is.

The authors mention in section 4.2 that "Of course, this is dependent on the application; it may be important for a particular system to prevent fatal errors from occurring in round 1." Can you give any example of an application where errors occurring in round 1 are more important?

The authors mention in section 4.2 "The implementation tested is
an unprotected, t-table-based version from the MbedTLS library". Where is this version? Which version?

I think the related work should be more generic and include works such as:

Berthier, Maël, et al. "Idea: embedded fault injection simulator on smartcard." International Symposium on Engineering Secure Software and Systems. Springer, Cham, 2014.

Piscitelli, Roberta, Shivam Bhasin, and Francesco Regazzoni. "Fault attacks, injection techniques and tools for simulation." Hardware security and trust. Springer, Cham, 2017. 27-47.

Reference [31] hyperlink is missing.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

The authors have addressed the received comments. The authors mention that they will publicly release the tool which will be an additional merit for their work.

Back to TopTop