SimpliFI: Hardware Simulation of Embedded Software Fault Attacks
Round 1
Reviewer 1 Report
This paper presented new framework, namely SimpliFI, a simulation methodology to test fault attacks on embdded software. The paper describes details of the proposed implementation. I have some minor comments on this paper.
- In Table 1, the summary of fault evaluation method capabilities are given. [12] achived Injection Methods while proposed method does not achieve it. Is there any reason or is it possible to full support on SimpliFI?
- SimpliFI has strength in hardware analysis. And the evaluation is conducted on BRISC-V. The work is only working on BRISC-V? or this can be working on other platforms as well?
- In Table 2 and 3, only three instructions are evaluated (e.g. ADD, LW, JALR). Is it possible to support other instruction sets?
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 2 Report
This paper presents a software tool to examine the behavior of fault attacks and gain insights into the instruction-level and application-level fault vulnerabilities.
In general, the paper is interesting and the technical outcomes are sound. On the other hand, the presentation of the paper is weak and underwhelming at some parts of the paper. In particular,
The authors mention that " SimpliFI is the first design-time methodology in the public domain". However, the authors do not release any tool/code and i am not sure what do they mean in the public domain. Apart from that, will the authors release the tool (their implementation) as open source ?
I would suggest the authors to include also a section with the drawbacks of the proposed methodology and also discuss how generic it is.
The authors mention in section 4.2 that "Of course, this is dependent on the application; it may be important for a particular system to prevent fatal errors from occurring in round 1." Can you give any example of an application where errors occurring in round 1 are more important?
The authors mention in section 4.2 "The implementation tested is
an unprotected, t-table-based version from the MbedTLS library". Where is this version? Which version?
I think the related work should be more generic and include works such as:
Berthier, Maël, et al. "Idea: embedded fault injection simulator on smartcard." International Symposium on Engineering Secure Software and Systems. Springer, Cham, 2014.
Piscitelli, Roberta, Shivam Bhasin, and Francesco Regazzoni. "Fault attacks, injection techniques and tools for simulation." Hardware security and trust. Springer, Cham, 2017. 27-47.
Reference [31] hyperlink is missing.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Round 2
Reviewer 2 Report
The authors have addressed the received comments. The authors mention that they will publicly release the tool which will be an additional merit for their work.