Data

Tools

Indexes

Applications

Experiments

Open Source Science

libfiat

FIAT: Firmware for Implementation Attack Targets

https://github.com/danpage/fiat

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (10.2%) to scientific vocabulary
Last synced: 10 months ago · JSON representation ·

Repository

FIAT: Firmware for Implementation Attack Targets

Basic Info
Statistics
  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • Open Issues: 0
  • Releases: 4
Created over 1 year ago · Last pushed about 1 year ago
Metadata Files
Readme License Citation

README.md

FIAT: Firmware for Implementation Attack Targets

Read the Docs (version) PyPI - Version

Concept

Set within the more general context of cyber-security, a standard attack will focus on the (abstract) specification of some functionality; it must use any associated implementation in a "black box" model, limited to explicit, intentional input and output. In contrast, an implementation attack will focus on the (concrete) implementation of said functionality; it can use the associated implementation in a "grey box" model, including any and all implicit, potentially unintentional input and output. Narrowing the context to cryptography more specifically, consider an attacker tasked with recovery of some security critical data (e.g., key material) k from a target device. The permitted, black-box interaction is such that the former provides input x, upon which the latter computes and provides output r = f( k, x ). In a standard attack, the attacker attempts to recover k using x and r alone, e.g., via traditional cryptanalysis. In an implementation attack, however, the attacker might be permitted to actively influence and/or passively monitor computation by the target device: doing so captures the concepts of fault induction and side-channel (or information leakage) attack respectively.

Although a "real" attack would typically consider some form of COTS target device, research and development of both attacks and associated countermeasures will, at least initially, use an alternative platform that is more easily controlled and altered. Such a platform will include both hardware components, e.g., a target board compatible with ChipWhisperer , and software components, e.g., associated firmware executed on said target board. FIAT is intended to provide domain-specific support for development of the latter: the high-level goal is for it to

  • support interaction modelled as

+---------------------------+ +--------------------------+ | client | | target | +===========================+ +==========================+ | | ----- req ----> | kernel layer | | | <---- ack ----- |~~~~~~~~~~~~~~~~~~~~~~~~~~| | | | driver layer: SPRs, GPRs | | | |~~~~~~~~~~~~~~~~~~~~~~~~~~| | | <-- trigger --- | board layer: UART, GPIO | +---------------------------+ +--------------------------+

in the sense that the client transmits a req(uest) to the target, the target performs some computation,
then the target transmits an ack(nowledgement) to the client,

  1. a kernel layer, i.e., the use-case specific functionality of interest,
  2. a board layer, i.e., infrastructure related to the hardware, or board said functionality is executed on,
  3. a driver layer, which uses the board layer to provide an interface to the kernel,

Organisation

├── bin - scripts (e.g., environment configuration) ├── build - working directory for build ├── doc - documentation └── src ├── docker - source code for containers └── fiat - source code for FIAT ├── client - source code for FIAT client support └── target - source code for FIAT target support ├── board - board layer ├── driver - driver layer ├── kernel - kernel layer └── share - shared functionality

Usage

The easiest way to get started is arguably via the documentation: it includes a high-level overview of the workflow involved, plus a low(er)-level worked example of applying said workflow to capture a block cipher implementation.

Citation

If you want to reference this work (e.g., in the acknowledgements of a paper or report), it'd be really helpful if you'd use the meta-data in CITATION.cff. This makes use of the Citation File Format (CFF), which GitHub will allow automatic export of, e.g., as a BibTeX entry, using the "cite this repository" menu item in the about box.

Acknowledgements

Although this repository captures an independent (re-)implementation, prototypes which informed it were previously investigated by the harness repository which acts as a component of the SCA3S (or "side-channel analysis as a service") project.

Owner

  • Name: Daniel Page
  • Login: danpage
  • Kind: user
  • Location: Bristol, UK
  • Company: University of Bristol

Citation (CITATION.cff) 

cff-version: 1.2.0
title: 'FIAT: Firmware for Implementation Attack Targets'
type: software
authors:
  - given-names: Daniel
    family-names: Page
    email: dan@phoo.org
    orcid: 'https://orcid.org/0000-0002-6366-7641'
repository-code: 'https://www.github.com/danpage/fiat'
license: MIT

GitHub Events

Total
  • Release event: 2
  • Delete event: 1
  • Push event: 10
  • Public event: 1
  • Create event: 5
Last Year
  • Release event: 2
  • Delete event: 1
  • Push event: 10
  • Public event: 1
  • Create event: 5

Packages

  • Total packages: 1
  • Total downloads:
    • pypi 37 last-month
  • Total dependent packages: 0
  • Total dependent repositories: 0
  • Total versions: 4
  • Total maintainers: 1
pypi.org: libfiat

A Python 3 client for interacting with FIAT-based firmware

  • Documentation: https://libfiat.readthedocs.io/
  • License: MIT License Copyright (c) 2024 Daniel Page Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  • Latest release: 0.1.3
    published about 1 year ago
  • Versions: 4
  • Dependent Packages: 0
  • Dependent Repositories: 0
  • Downloads: 37 Last month
Rankings
Dependent packages count: 9.8%
Forks count: 31.9%
Average: 34.6%
Stargazers count: 41.8%
Dependent repos count: 55.0%
Maintainers (1)
danpage
Last synced: 10 months ago

Dependencies

src/docker/Dockerfile docker
  • ubuntu latest build
requirements.txt pypi
  • clang ==14.0
  • hatch *
  • hawkmoth *
  • myst-parser *
  • pyserial *
  • sphinx *
  • sphinx-rtd-theme *
src/fiat/client/pyproject.toml pypi
  • pyserial *