#### **Fault Attacks on Electronic Circuits**

# Jean-Luc DANGER, Sylvain GUILLEY <jean-luc.danger@telecom-paristech.fr>

Institut TELECOM / TELECOM ParisTech

イロト イヨト イヨト イヨト

Fault Induction Attacks: FA and DFA on RSA & DES DFA on AES Countermeasures

Presentation Outli Physical Faults



- Presentation Outline
- Physical Faults
- Pault Induction Attacks: FA and DFA on RSA & DES
  - The Differential Fault Attack
  - Faults Models and Tolerance
- 3 DFA on AES
  - Theoretical Fault Attacks
  - Practical Attacks
  - Fault Sensitivity Analysis (FSA)
- 4 Countermeasures
  - Generic

Presentation Outline Physical Faults

### How Attackers Actually Inject Faults

- **Glitch** Attacks on the Power or the Clock (synchronous circuits)
- High Energy Particles. However, they can be replaced by:
- Focused Laser (spot Ø  $\sim$  1  $\mu {\rm m}), front-side or back-side$
- Using **bugged** HW/SW Components (Intel R Pentium flawed floating point division, back to 1994)
- Eddy currents  $\approx$  **EMI** (ElectroMagnetic Injection)
- etc.

See also: Fault Diagnosis and Tolerance in Cryptography (FDTC)



イロト イヨト イヨト イヨト

## Realignement



#### [WISTP '11, Guilley et al.] [GKLD11]

© SECURE 10 2014 All rights reserved | Confidential document, property of Secure-IC S.A.S.

Fault Induction Attacks: FA and DFA on RSA & DES DFA on AES Countermeasures

Presentation Outlin Physical Faults

#### Laser station



Cours FIA

Fault attacks — !

Presentation Outline Physical Faults

### [1/3] Example @ TELECOM-ParisTech ..... PCB



Presentation Outline Physical Faults

## [2/3] Example @ TELECOM-ParisTech ...... Setup



Cours FIA

Fault attacks — 7

31.1€

Presentation Outline Physical Faults

### [3/3] Example @ TELECOM-ParisTech .....ASIC



Presentation Outline Physical Faults

## [3/3] Example @ TELECOM-ParisTech .....ASIC



Fault Induction Attacks: FA and DFA on RSA & DES DFA on AES Countermeasures Presentation Outline Physical Faults

#### EMI disturbance system



Cours FIA

Fault Induction Attacks: FA and DFA on RSA & DES DFA on AES Countermeasures

Presentation Outlin Physical Faults

#### Example of setup for EMI



Cours FIA Fault attacks — 1

Fault Induction Attacks: FA and DFA on RSA & DES DFA on AES Countermeasures

Presentation Outlin Physical Faults

### Example of setup for EMI



Presentation Outline Physical Faults

### Flipping Bits in Memory Without Accessing Them

# http://users.ece.cmu.edu/~yoonguk/papers/kim-isca14. pdf [KDK<sup>+</sup>14] — RowHammer.



- ◆ @ ▶ - ◆ 臣

Presentation Outline Physical Faults

### Other faults on the RAM [Ver06]



Cours FIA Fault attacks — 14

Fault Induction Attacks: FA and DFA on RSA & DES DFA on AES Countermeasures Presentation Outline Physical Faults

### Other faults on the RAM [Ver06]



Cours FIA

The Differential Fault Attack Faults Models and Tolerance

#### The So-Called "Bellcore" Attack

#### Bellcore = Bell Communications Research

- Three employees of Bellcore (and Pr. @ Stanford) find an attack that breaks RSA by injecting a single fault.
- Reference: "On the importance of checking cryptographic protocols for faults". by D. Boneh, R. DeMillo, and R. Lipton. Journal of Cryptology, Springer-Verlag, Vol. 14, No. 2, pp. 101–119, 2001. Extended abstract in Proceedings of Eurocrypt'97, Lecture Notes in Computer Science, Vol. 1233, Springer-Verlag, pp. 37–51, 1997.
- http://crypto.stanford.edu/~dabo/papers/faults.ps.gz

イロン イヨン イヨン イヨン

### Bellcore attack against RSA signatures with CRT

- Signature S of message x:  $S \doteq x^d \mod N$ , with  $N = p \cdot q$ .
- Using Chinese Remainder Theorem (CRT), the signature can be simplified as:
  - $S_1 = x^{d \mod (p-1)} \mod p$  and
  - S<sub>2</sub> = x<sup>d mod (q-1)</sup> mod q, both operations working on half bitwidth.
- The signature is obtained back using the two constants:

$$\begin{cases} a = 0 \mod q \\ a = 1 \mod p \end{cases} \quad \text{and} \quad \begin{cases} b = 1 \mod q \\ b = 0 \mod p \end{cases}$$

- $S = a \cdot S_1 + b \cdot S_2 \mod N$ .
- Now, if  $S_1$  happens to be faulty:  $S_1 o \widehat{S_1}$  for whatever reason,
- $\operatorname{gcd}(S \widehat{S}, N) = \operatorname{gcd}(a \cdot (S_1 \widehat{S}_1), N) = q.$

### The Almost Universal Differential Fault Attack

- Bellcore attack targets public key cryptosystems
  - It needs algebraic properties to work
- DFA targets *almost whatever* algorithm (*known* or even *unknown*)
  - It works on complex bit operations, such as the ones involved in secret key cryptography
  - It is demonstrated on DES
- Reference: "Differential Fault Analysis of Secret Key Cryptosystems", by Eli Biham, Adi Shamir, CRYPTO 1997, LNCS 1294, pp. 513–525.

▲ □ ► < □ ►</p>

**The Differential Fault Attack** Faults Models and Tolerance

#### **DFA Attack Setting**



#### DFA Assumptions

- Unrolled implementation.
- Single bit-flips on any right register R<sub>i</sub>, for i ∈ [1, 16].
- Ciphertext-only attack.

#### **DES** Properties

 All the DES constitutive boxes, but the S, are linear: f(x ⊕ a) = f(x) ⊕ f(a), for f ∈ {Id, P, E, FP}.

590

• 
$$L_{16} = R_{15}$$
.

Fault attacks — 1

**The Differential Fault Attack** Faults Models and Tolerance

#### One Fault Occurs in $R_{15}$



#### What Has Happened?

Bit  $b \in [1, 32]$  of  $R_{15}$  is flipped.

#### Attack Scenario

- Find b by looking in  $L_{16}$ .
- Deduce which S<sub>i</sub>, i ∈ [1, 8], (there can be two of them) has output a wrong value.
- Solve the equation couple:  $\begin{cases}
  R_{16} = L_{15} \oplus S_i(K_{16} \oplus R_{15}), \\
  \tilde{R}_{16} = L_{15} \oplus S_i(K_{16} \oplus \tilde{R}_{15}).
  \end{cases}$

• It has  $\approx$  four 6-bit solutions.

**The Differential Fault Attack** Faults Models and Tolerance

#### One Fault Occurs in $R_{14}$



#### What Has Happened?

Bit  $b \in [1, 32]$  of  $R_{14}$  is flipped.

#### Attack Scenario

- Previous attack on  $R_{15}$ allowed a straightforward subkey  $K_{16}$  retrieval at the input of  $(b-1)/8^{\text{th}}$  S-box.
- Current attack requires a differential analysis of the last two rounds of DES.

イロト イヨト イヨト イヨト

æ

• Details to come...

**The Differential Fault Attack** Faults Models and Tolerance

### Solving the " $R_{14}$ bit flip" plot (1/2)

#### Notations

- Tilded symbols, *e.g.*  $L_{16}$ , denote faulted quantities.
- $R_{14} \oplus \tilde{R_{14}} = 00 \cdots 010 \cdots 00 \doteq \mathbb{1}_b$ , the "1" lying at position b.

#### Which bit b was flipped?

- Notice that  $\Delta \doteq L_{16} \oplus \tilde{L_{16}}$  is also the difference at the output of S, at round 15.
- For each S-box i, S<sub>i</sub>(x) ⊕ S<sub>i</sub>(x ⊕ 1<sub>b</sub>) = Δ, x being the unknown value (R<sub>14</sub> ⊕ K<sub>15</sub>) [8·i, 8·(i+1)], has few solutions b.
- Validate potential *b* by verifying that  $\Delta$  passed through S, at round 16, can generate the difference  $R_{16} \oplus \left(\tilde{R_{16}} \oplus \mathbb{1}_b\right)$ .

<ロ> (日) (日) (日) (日) (日)

3

**The Differential Fault Attack** Faults Models and Tolerance

### Solving the " $R_{14}$ bit flip" plot (2/2)

#### Retrieving Information on $K_{16}$ subkey

- Now that flipped bit *b* in *R*<sub>14</sub> is known, the differences *before* and *after* S-boxes in round 16 are known.
- This property allows to eliminate many subkeys K<sub>16</sub> 6-bit parts at the input of activated S-boxes (6 out of 8.)

#### Attack Extension

- Basically the same differential attack can be used if the error occurs in round 14 (*but not higher*...).
- Not surprisingly, Eli Biham and Adi Shamir, inceptors of the DFA, are also the fathers of the *differential cryptanalysis*.
  - → "Differential Cryptanalysis of the Full 16-Round DES", CS 708, December 1991, Proceedings of Crypto'92, LNCS 740.

**The Differential Fault Attack** Faults Models and Tolerance

#### The DFA Efficiency

#### A Powerful Attack!

- According to authors, between 50 and 200 faults on whatever round are required to fully expose the last round subkey.
- Once  $K_{16}$  is known, the key K can be retrieved by an exhaustive search attacks on the 56 48 = 8 remaining bits.

#### Generalization

- If K<sub>16</sub> is known, the DFA can be applied to the 15-round DES variant...
- The rounds are peeled off (and detected faults corrected).
- Thus, Triple-DES and DES with independent subkeys (768 bit) can be attacked.

イロト イヨト イヨト イヨト

The Differential Fault Attack Faults Models and Tolerance



#### Single Event Effects (SEE)

- SET: Single Event Transient Fault.
- SEU: Single Event Upsets. Transient Fault. Memory point inversion by current peak (soft error) It was the fault model of the DFA.
- SEL: Single Event Latchups. Short-circuit between Vss and Vdd, causing a permanent fault (hard error)

Data courtesy of the MARS project.

The Differential Fault Attack Faults Models and Tolerance

#### SEUs Can Be Modeled at Various Levels



イロン イヨン イヨン イヨン

3

The Differential Fault Attack Faults Models and Tolerance

#### Observable impacts on an inverter





▲ロ > ▲圖 > ▲ 圖 > ▲ 圖 >

The Differential Fault Attack Faults Models and Tolerance

#### SRAM cell

## (two inverters)



Cours FIA Fault attacks —

The Differential Fault Attack Faults Models and Tolerance

### Laser beam impact (if '1', $\rightarrow$ 0 / if '0', $\rightarrow$ 1)



Cours FIA Fa

The Differential Fault Attack Faults Models and Tolerance

#### Laser cartography



Cours FIA Fault attacks

**Theoretical Fault Attacks** Practical Attacks Fault Sensitivity Analysis (FSA)

#### State-of-the-Art of Fault Attacks against AES

| • Giraud in 2003: (50 faults)                                 | [Gir04] |
|---------------------------------------------------------------|---------|
| • Dusart, Letourneux & Vivolo in 2002: (5 $\times$ 4 faults)  | [DLV03] |
| • Piret & Quisquater in 2004: 2 faults                        | [PQ03]  |
| <ul> <li>Tunstall, Mukhopadhyay &amp; Ali: 1 fault</li> </ul> | [TMA11] |

◆□ > ◆□ > ◆臣 > ◆臣 > ○

**Theoretical Fault Attacks** Practical Attacks Fault Sensitivity Analysis (FSA)

### Ch. Giraud in 2003

#### Bit-fault ej attack on the last round

#### **Regular encryption** (*C*):

•  $C_{\texttt{ShiftRow}(i)} = \texttt{SubBytes}(M^9_i) \oplus K^{10}_{\texttt{ShiftRow}(i)}$  for  $i \in [1, 16]$ 

#### Faulted encryption (D):

- $D_{\texttt{ShiftRow}(i)} = \texttt{SubBytes}(M^9_i) \oplus \mathcal{K}^{10}_{\texttt{ShiftRow}(i)}$  for  $i \in [1, 16] \setminus \{j\}$  and
- $C_{\texttt{ShiftRow}(j)} = \texttt{SubBytes}(M_j^9 \oplus e_j) \oplus K^{10}_{\texttt{ShiftRow}(j)}$

#### Attack:

•  $C_{\text{ShiftRow}(j)} \oplus D_{\text{ShiftRow}(j)} =$ SubBytes $(M_j^9) \oplus \text{SubBytes}(M_j^9 \oplus e_j).$ 

イロン イヨン イヨン イヨン

**Theoretical Fault Attacks** Practical Attacks Fault Sensitivity Analysis (FSA)

#### Detail of Ch. Giraud's attack

#### Goal: finding the value of $M_i^9$ .

- $C_{\text{ShiftRows}(j)} \oplus D_{\text{ShiftRows}(j)} = \Delta =$ SubBytes $(M_j^9) \oplus SubBytes(M_j^9 \oplus e_j)$  has between 2 and 14 solutions in  $(e_j, M_j^9)$  (set of  $8 \times 2^8$  unknown), and 8 in average.
- However, the exact value of  $e_j$  is of no importance.

#### Attack Strength

- Thus, with 2 faults, there is 50 % chance to get one  $M_i^9$ .
- With 3 faults, there is 97 % chance to get one  $M_i^9$ .
- Once  $M_j^9$  is known, we have  $K_j^{10} = C_j \oplus SubBytes(M_j^9)$ .

イロト イヨト イヨト イヨト

**Theoretical Fault Attacks** Practical Attacks Fault Sensitivity Analysis (FSA)

### G. Piret & J.-J. Quisquater in 2003



One faulty Byte at round 9 generates 4 faulty Bytes at the output  $255\times4$  candidates for  $K_{10}$ 2 faults  $\Rightarrow$  98% 8 faults  $\Rightarrow$  100%

\_∢ ≣ ≯

▲ □ > < □ >

**Theoretical Fault Attacks** Practical Attacks Fault Sensitivity Analysis (FSA)

### G. Piret & J.-J. Quisquater in 2003



Theoretical Fault Attacks **Practical Attacks** Fault Sensitivity Analysis (FSA)

### Faults injection: Local Over-Clocking



Theoretical Fault Attacks **Practical Attacks** Fault Sensitivity Analysis (FSA)

# Faults injection: Setup-Time Violation Attack Sketch







Theoretical Fault Attacks **Practical Attacks** Fault Sensitivity Analysis (FSA)

#### Occurrence

# (nominal voltage is 3.3 V)



Theoretical Fault Attacks **Practical Attacks** Fault Sensitivity Analysis (FSA)

## Coverage



Theoretical Fault Attacks **Practical Attacks** Fault Sensitivity Analysis (FSA)

#### Round statistics



Theoretical Fault Attacks **Practical Attacks** Fault Sensitivity Analysis (FSA)

#### Sbox statistics



Theoretical Fault Attacks Practical Attacks Fault Sensitivity Analysis (FSA)

# FSA: Principle



- The stress level at which a fault occurs...
- ... might be related to the computed value.
- Ex: any combinational circuit
- Ex: DPL circuit with early evaluation (e.g. WDDL)
- Ex: Key-dependent clock-wise collisions [NLS+12]

イロト イヨト イヨト イヨト

Generic

#### Redundance

- Time
- Space
- Information

Authenticated encryption is one protocol-level solution (see CAESAR competition).

#### Resilience

• Let the system output erroneous errors, as long as they convey no information about the internal sensitive values [GSDS10]

イロト イヨト イヨト イヨト

## Redundance in information [KKT04]



◆□▶ ◆□▶ ◆臣▶ ◆臣▶ 臣 のへで

Generic

#### **DPL** overview



2 Networks: T and F





2 phases

▲ロ > ▲圖 > ▲ 圖 > ▲ 圖 >

æ



イロン イヨン イヨン イヨン

æ

#### Design Example: Frequency Sensitivity



//22

(日) (部) (王) (王)

# 2. Main technical characteristics

#### Digital, hence:

- Simple API
- Stable
- Small
- Discreet, more difficult to recognize



© SECURE 0 2012 All rights reserved | Confidential document, property of Secure-IC S.A.S.

12

# 2. Main technical characteristics

#### Digital, hence:

- Simple API
- Stable
- Small
- Discreet, more difficult to recognize
- Melted within the rest of the SoC, more difficult to by-pass



© SECURE 0 2012 All rights reserved | Confidential document, property of Secure-IC S.A.S.

<ロ> (四) (四) (三) (三)

Generic

#### A protection against instruction-skip attacks

# Instruction skip attacks and protection [HMER13, MHER14]

- One instruction can be skipped
- Replacement sequences for idempotent instructions:

| Instruction     | Description          | Replacement     |
|-----------------|----------------------|-----------------|
| mov r1,r8       | Copies r8 into r1    | mov r1,r8       |
|                 |                      | mov r1,r8       |
| ldr r1,[r8,r2]  | Loads the value      | ldr r1,[r8,r2]  |
|                 | at the address       | ldr r1,[r8,r2]  |
|                 | r8+r2 into r1        |                 |
| str r3,[r2,#10] | Stores r3 at         | str r3,[r2,#10] |
|                 | the address $r2+10$  | str r3,[r2,#10] |
| add r3,r1,r2    | Puts r1+r2           | add r3,r1,r2    |
|                 | into <mark>r3</mark> | add r3,r1,r2    |
|                 |                      |                 |

#### Fault injection [RG14, Appendix 2.A]

- Pulse amplitude:  $\dots 0 500 \text{ mV}$ .
- Pulse duration: .....2 ns.
- Repeatability: .....500 MHz.



Cours FIA

ault attacks — 50

Generic

#### A protection against instruction-skip attacks

# Instruction skip attacks and protection [HMER13, MHER14]

- One instruction can be skipped
- Replacement sequences for idempotent instructions:

| Instruction     | Description          | Replacement      |
|-----------------|----------------------|------------------|
| mov r1,r8       | Copies r8 into r1    | mov r1,r8        |
|                 |                      | mov r1,r8        |
| ldr r1,[r8,r2]  | Loads the value      | ldr r1,[r8,r2]   |
|                 | at the address       | ldr r1, [r8, r2] |
|                 | r8+r2 into r1        |                  |
| str r3,[r2,#10] | Stores r3 at         | str r3,[r2,#10]  |
|                 | the address $r2+10$  | str r3,[r2,#10]  |
| add r3,r1,r2    | Puts r1+r2           | add r3,r1,r2     |
|                 | into <mark>r3</mark> | add r3,r1,r2     |
|                 |                      |                  |

#### Fault injection [RG14, Appendix 2.A]

- Pulse amplitude:  $\dots 0 500 \text{ mV}$ .
- Pulse duration: .....2 ns.
- Repeatability: .....500 MHz.



Cours FIA

Fault attacks — 51

Generic

#### A protection against instruction-skip attacks

# Instruction skip attacks and protection [HMER13, MHER14]

- One instruction can be skipped
- Replacement sequences for idempotent instructions:

| Instruction     | Description          | Replacement     |
|-----------------|----------------------|-----------------|
| mov r1,r8       | Copies r8 into r1    | mov r1,r8       |
|                 |                      | mov r1,r8       |
| ldr r1,[r8,r2]  | Loads the value      | ldr r1,[r8,r2]  |
|                 | at the address       | ldr r1,[r8,r2]  |
|                 | r8+r2 into r1        |                 |
| str r3,[r2,#10] | Stores r3 at         | str r3,[r2,#10] |
|                 | the address $r2+10$  | str r3,[r2,#10] |
| add r3,r1,r2    | Puts r1+r2           | add r3,r1,r2    |
|                 | into <mark>r3</mark> | add r3,r1,r2    |
|                 |                      |                 |

#### Fault injection [RG14, Appendix 2.A]

- Pulse amplitude:  $\dots 0 500 \text{ mV}$ .
- Pulse duration: ......2 ns.
- Repeatability: .....500 MHz.



Cours FIA

ault attacks — 52

Generic

# EM pulses should not be too long!



Cours FIA

Fault attacks — 53

Generic

# References on Fault Attacks I

# [DLV03] Pierre Dusart, Gilles Letourneux, and Olivier Vivolo. Differential Fault Analysis on A.E.S. In Jianying Zhou, Moti Yung, and Yongfei Han, editors, ACNS, volume 2846 of LNCS, pages 293–306. Springer, 2003.

#### [Gir04] Christophe Giraud.

#### DFA on AES.

In Hans Dobbertin, Vincent Rijmen, and Aleksandra Sowa, editors, *AES Conference*, volume 3373 of *Lecture Notes in Computer Science*, pages 27–41. Springer, 2004.

[GSDS10] Sylvain Guilley, Laurent Sauvage, Jean-Luc Danger, and Nidhal Selmane. Fault Injection Resilience. In FDTC, pages 51–65. IEEE Computer Society, August 21 2010. Santa Barbara, CA, USA. DOI: 10.1109/FDTC.2010.15; Complete

version: http://hal.archives-ouvertes.fr/hal-00482194/en/.

<ロ> <同> <同> <三>

Generic

# References on Fault Attacks II

[HMER13] Karine Heydemann, Nicolas Moro, Emmanuelle Encrenaz, and Bruno Robisson.

Formal Verification of a Software Countermeasure Against Instruction Skip Attacks.

Cryptology ePrint Archive, Report 2013/679, 2013. http://eprint.iacr.org/2013/679.

[KDK<sup>+</sup>14] Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors.

In ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Minneapolis, MN, USA, June 14-18, 2014, pages 361–372. IEEE Computer Society, 2014.

[KKT04] Mark G. Karpovsky, Konrad J. Kulikowski, and Alexander Taubin. Robust Protection against Fault Injection Attacks on Smart Cards Implementing the Advanced Encryption Standard. In DSN, pages 93–101. IEEE Computer Society, June 28 – July 01 2004. Florence, Italy.

イロン イヨン イヨン イヨン

Generic

# References on Fault Attacks III

 [LSG<sup>+</sup>10] Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Toshinori Fukunaga, Junko Takahashi, and Kazuo Ohta.
 Fault Sensitivity Analysis.
 In CHES, volume 6225 of Lecture Notes in Computer Science, pages 320–334. Springer, August 17-20 2010.
 Santa Barbara, CA, USA.

[MHER14] Nicolas Moro, Karine Heydemann, Emmanuelle Encrenaz, and Bruno Robisson.

Formal verification of a software countermeasure against instruction skip attacks.

J. Cryptographic Engineering, 4(3):145–156, 2014.

[NLS<sup>+</sup>12] Toshiki Nakasone, Yang Li, Yu Sasaki, Mitsugu Iwamoto, Kazuo Ohta, and Kazuo Sakiyama.

Key-Dependent Weakness of AES-Based Ciphers under Clockwise Collision Distinguisher.

In Taekyoung Kwon, Mun-Kyu Lee, and Daesung Kwon, editors, *ICISC*, volume 7839 of *Lecture Notes in Computer Science*, pages 395–409. Springer, 2012.

・ロン ・回と ・ヨン ・ヨン

Generic

# References on Fault Attacks IV

 [PQ03] Gilles Piret and Jean-Jacques Quisquater.
 A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD.
 In CHES, volume 2779 of LNCS, pages 77–88. Springer, September 2003. Cologne, Germany.

[RG14] Pablo Rauzy and Sylvain Guilley. Formal Analysis of CRT-RSA Vigilant's Countermeasure Against the BellCoRe Attack.

In 3rd ACM SIGPLAN Program Protection and Reverse Engineering Workshop (PPREW 2014), January 25 2014. San Diego, CA, USA. ISBN: 978-1-4503-2649-0.

[SBGD11] Nidhal Selmane, Shivam Bhasin, Sylvain Guilley, and Jean-Luc Danger. Security evaluation of application-specific integrated circuits and field programmable gate arrays against setup time violation attacks. *IET Information Security*, 5(4):181–190, December 2011. DOI: 10.1049/iet-ifs.2010.0238.

イロト イヨト イヨト イヨト

Generic

## References on Fault Attacks V

#### [TMA11] Michael Tunstall, Debdeep Mukhopadhyay, and Subidh Ali. Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault. In Cloudia Argenting Ardenna and Jianving Zhou, editors, WISTR, volume

In Claudio Agostino Ardagna and Jianying Zhou, editors, *WISTP*, volume 6633 of *Lecture Notes in Computer Science*, pages 224–233. Springer, 2011.

[Ver06] Olli Vertanen.

#### Java Type Confusion and Fault Attacks.

In *FTDC*, volume 4236 of *LNCS*, pages 237–251. Springer, 2006. DOI: 10.1007/11889700, ISSN 0302-9743 (Print) 1611-3349 (Online), ISBN 978-3-540-46250-7.

<ロ> <同> <同> <三>