This post is from the Arxan blog and has not been updated since the original publish date.
Protecting Applications Against DFA Attacks: An Evolutionary Story
There are many elements to protecting your applications against today’s threats. Getting visibility into the attacks your app faces is critical, protecting the code in the app is important, and ensuring that the private data and crypto keys in your app stay private is paramount. Threats change over time, so protections need to evolve as well. This is a story of how Arxan evolves with the threat landscape.
The History of Differential Fault Analysis “DFA”
With the first research paper on the topic published in 2002, Differential Fault Analysis, or DFA, is an attack technique that is designed to recover cryptographic keys from apps by injecting “faults” into the app’s crypto code at runtime and observing changes in the app’s behavior. A fault is essentially flipping a bit inside an internal calculation and observing what changes. Faults can be injected in a variety of ways, such as varying power levels in hardware devices or changing bits of memory in software.
Attackers inject faults at many different parts of the app, until they find a place where a fault changes the output of a crypto operation in a specific way. Based on how the crypto operation’s output changes, DFA and some math can allow crypto keys to be recovered. Once those keys are recovered, any data encrypted with them is vulnerable and at risk.
DFA is becoming more common. Various security researchers speak about DFA attacks at conferences, they implement hardware and software DFA attacks, and publish how to do so. DFA is no longer purely an attack limited to academia or high-end security labs. Real world attacks are occurring, and with the proliferation and weaponization of the attack code, the frequency of reported attacks is increasing.
How Arxan Has Evolved Its Protection Against DFA Attacks
Arxan is well aware of how DFA attacks work, the specifics of why the attacks work, and importantly, how to defend against them. We have built the latest version of our products specifically to defend against DFA attacks in a variety of ways. As with most digital products, and especially security products, make sure the latest version of software available is in use to protect against new threats.
As with most digital products, and especially security products, make sure the latest version of software available is in use to protect against new threats.
Our new white-box cryptography designs take advantage of the fact that DFA makes a variety of mathematical assumptions about what impacts faults have on a cryptographic operation. We have designed new approaches to invalidate these mathematical assumptions. By invaliding the critical assumptions DFA relies on, attacks cannot recover the correct key, even while faults are injected.
In addition to the mathematical protections of Arxan’s White-Box Cryptography, protecting the entire app with Code Protection and Threat Analytics makes it very difficult for attackers to find the foothold they need to be able to inject the faults that DFA relies on. Threat Analytics will send alerts in real-time to inform customers if, how, and where their apps are being attacked, so they can adapt protection techniques and optimize defenses during the reconnaissance phase of an attack. If any type of app tampering is detected, the user can immediately be sandboxed, the application can shut down, or sensitive keys and data can be cleared to prevent further progress by an attacker.
Without being able to meaningfully inject faults, attackers can’t observe the changes in crypto operation output that they need to make progress. Getting visibility into how your apps are being attacked in the wild can allow you to proactively respond before a potential DFA attack succeeds.
To Protect Your Apps: Alert, Protect, Encrypt
When designing your app’s crypto and data architecture, consider how you are ensuring that it will be resilient to Differential Fault Analysis attacks. Make sure you’re not just using a white-box cryptography library, but one that is specifically designed to defend itself against DFA attacks.
Arxan’s White-Box Cryptography library combined with our Code Protection can help to ensure your private keys and data are ready to be deployed to potentially hostile environments and still remain secure. Threat Analytics sends alerts so customers have complete visibility into attacks targeting an application — from the moment the app is deployed.
Learn more about Arxan’s App Protection, Encryption or Analytics here.