Alessandro Barenghi, L. Breveglieri, I. Koren, Gerardo Pelosi, F. Regazzoni
{"title":"Countermeasures against fault attacks on software implemented AES: effectiveness and cost","authors":"Alessandro Barenghi, L. Breveglieri, I. Koren, Gerardo Pelosi, F. Regazzoni","doi":"10.1145/1873548.1873555","DOIUrl":null,"url":null,"abstract":"In this paper we present software countermeasures specifically designed to counteract fault injection attacks during the execution of a software implementation of a cryptographic algorithm and analyze the efficiency of these countermeasures. We propose two approaches based on the insertion of redundant computations and checks, which in their general form are suitable for any cryptographic algorithm. In particular, we focus on selective instruction duplication to detect single errors, instruction triplication to support error correction, and parity checking to detect corruption of a stored value. We developed a framework to automatically add the desired countermeasure, and we support the possibility to apply the selected redundancy to either all the instructions of the cryptographic routine or restrict it to the most sensitive ones, such as table lookups and key fetching. Considering an ARM processor as a target platform and AES as a target algorithm, we evaluate the overhead of the proposed countermeasures while keeping the robustness of the implementation high enough to thwart most or all of the known fault attacks. Experimental results show that in the considered architecture, the solution with the smallest overhead is per-instruction selective doubling and checking, and that the instruction triplication scheme is a viable alternative if very high levels of injected fault resistance are required.","PeriodicalId":114446,"journal":{"name":"WESS '10","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"89","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"WESS '10","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1873548.1873555","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 89
Abstract
In this paper we present software countermeasures specifically designed to counteract fault injection attacks during the execution of a software implementation of a cryptographic algorithm and analyze the efficiency of these countermeasures. We propose two approaches based on the insertion of redundant computations and checks, which in their general form are suitable for any cryptographic algorithm. In particular, we focus on selective instruction duplication to detect single errors, instruction triplication to support error correction, and parity checking to detect corruption of a stored value. We developed a framework to automatically add the desired countermeasure, and we support the possibility to apply the selected redundancy to either all the instructions of the cryptographic routine or restrict it to the most sensitive ones, such as table lookups and key fetching. Considering an ARM processor as a target platform and AES as a target algorithm, we evaluate the overhead of the proposed countermeasures while keeping the robustness of the implementation high enough to thwart most or all of the known fault attacks. Experimental results show that in the considered architecture, the solution with the smallest overhead is per-instruction selective doubling and checking, and that the instruction triplication scheme is a viable alternative if very high levels of injected fault resistance are required.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
