Exploring the Internals of Fault-Induced Data-Level Vulnerabilities in Cryptographic Libraries

Fault-induced vulnerabilities have been studied in various aspects. While traditional fault injection techniques easily detect system-level vulnerabilities like buffer overflows, fault executions can introduce subtle potential vulnerabilities that may not trigger any system-level observable behavior...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing Vol. 22; no. 6; pp. 6826 - 6843
Main Authors: Xu, Guorui, Wu, Qianmei, Zhang, Fan, Zhao, Xinjie, Chen, Yuan, Guo, Shize
Format: Journal Article
Language:English
Published: Washington IEEE 01.11.2025
IEEE Computer Society
Subjects:
Analytical models
Computational modeling
Computer architecture
cryptographic libraries
Cryptography
fault analysis
Fault injection
fault models
Fuzzing
Hardware
Libraries
Security
Software
Syntactics
Training
ISSN:1545-5971, 1941-0018
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Fault-induced vulnerabilities have been studied in various aspects. While traditional fault injection techniques easily detect system-level vulnerabilities like buffer overflows, fault executions can introduce subtle potential vulnerabilities that may not trigger any system-level observable behaviors. These are particularly dangerous in cryptography. Using advanced cryptanalysis methods, these vulnerabilities, such as producing faulty ciphertexts, have been successfully exploited and are regarded as great threats to the security of real-world cryptography. In this way, there is a pressing need to study this very area. Our paper generally explores the internals of the fault-induced data-level vulnerabilities, which are subtle vulnerabilities resulting from faults that may not cause system crashes or overt errors but can expose sensitive information or weaken cryptographic primitives under specific cryptanalytic techniques, in cryptographic libraries. We propose a novel framework which can systematically analyze the vulnerabilities in cryptographic libraries under different fault models. By employing this method, we identified numerous critical fault locations that could undermine the security of cryptographic systems across a broad spectrum of libraries, fault models, and platforms. Furthermore, we provide a comprehensive analysis of select case studies, and engage in detailed discussions about the strategies to alleviate such vulnerabilities.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2025.3591520