Today’s trend in the smart card industry is to move from ROM+EEPROM chips to Flash-only products. Recent publications have illustrated the vulnerability of Floating Gate memories to UV and heat radiation. In this paper, we explain how, by using low cost means, such a vulnerability can be used to modify specific data within an EEPROM memory even in the presence of a given type of counter-measure. Using simple means, we devise a fault injection tool that consistently causes predictable modifications of the targeted memories’ contents by flipping ‘1’s to ‘0’s. By mastering the location of those modifications, we illustrate how we can reverse-engineer a simple address scrambling mechanism in a white box analysis of a given EEPROM. Such an approach can be used to test the security of Floating Gate memories used in security devices like smart cards. We also explain how to prevent such attacks and we propose some counter-measures that can be either implemented on the hardware level by chip designers or on the software level in the Operating System interacting with those memories.
{"title":"Memory Address Scrambling Revealed Using Fault Attacks","authors":"J. Fournier, Philippe Loubet-Moundi","doi":"10.1109/FDTC.2010.13","DOIUrl":"https://doi.org/10.1109/FDTC.2010.13","url":null,"abstract":"Today’s trend in the smart card industry is to move from ROM+EEPROM chips to Flash-only products. Recent publications have illustrated the vulnerability of Floating Gate memories to UV and heat radiation. In this paper, we explain how, by using low cost means, such a vulnerability can be used to modify specific data within an EEPROM memory even in the presence of a given type of counter-measure. Using simple means, we devise a fault injection tool that consistently causes predictable modifications of the targeted memories’ contents by flipping ‘1’s to ‘0’s. By mastering the location of those modifications, we illustrate how we can reverse-engineer a simple address scrambling mechanism in a white box analysis of a given EEPROM. Such an approach can be used to test the security of Floating Gate memories used in security devices like smart cards. We also explain how to prevent such attacks and we propose some counter-measures that can be either implemented on the hardware level by chip designers or on the software level in the Operating System interacting with those memories.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130093954","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dusko Karaklajic, Miroslav Knezevic, I. Verbauwhede
The testability of cryptographic cores brings an extra dimension to the process of digital circuits testing security. The benefits of the classical methods such as the scan-chain method introduce new vulnerabilities concerning the data protection. The Built-In Self-Test (BIST) is considered to be the most suitable countermeasure for this purpose. In this work we propose the use of a digit-serial multiplier over GF (2m), that is at the heart of many public-key cryptosystems, as a basic building block for the BIST circuitry. We show how the multiplier can be configuredto operate as a Test Pattern Generator and a Signature Analyzer. Furthermore, the multiplier becomes a fully self-testable design. All the additional features come at the cost of only a few extra gates. With a hardware overhead of 0.33 % this approach makes the multiplier perfectly suitable for low-end embedded devices.
{"title":"Low Cost Built in Self Test for Public Key Crypto Cores","authors":"Dusko Karaklajic, Miroslav Knezevic, I. Verbauwhede","doi":"10.1109/FDTC.2010.12","DOIUrl":"https://doi.org/10.1109/FDTC.2010.12","url":null,"abstract":"The testability of cryptographic cores brings an extra dimension to the process of digital circuits testing security. The benefits of the classical methods such as the scan-chain method introduce new vulnerabilities concerning the data protection. The Built-In Self-Test (BIST) is considered to be the most suitable countermeasure for this purpose. In this work we propose the use of a digit-serial multiplier over GF (2m), that is at the heart of many public-key cryptosystems, as a basic building block for the BIST circuitry. We show how the multiplier can be configuredto operate as a Test Pattern Generator and a Signature Analyzer. Furthermore, the multiplier becomes a fully self-testable design. All the additional features come at the cost of only a few extra gates. With a hardware overhead of 0.33 % this approach makes the multiplier perfectly suitable for low-end embedded devices.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124710944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Many implementations of cryptographic algorithms have shown to be susceptible to fault attacks. To detect manipulations, countermeasures have been proposed. In the case of AES, most countermeasures deal with the non-linear and the linear part separately, which either leaves vulnerable points at the interconnections or causes different error detection rates across the algorithm. In this paper, we present a way to achieve a constant error detection rate throughout the whole algorithm. The use of extended AN+B codes together with redundant table lookups allows to construct a countermeasure that provides complete protection against adversaries who are able to inject faults of byte size or less. The same holds for adversaries who skip an instruction. Other adversaries are detected with a probability of more than $99%$.
{"title":"A Continuous Fault Countermeasure for AES Providing a Constant Error Detection Rate","authors":"M. Medwed, Jörn-Marc Schmidt","doi":"10.1109/FDTC.2010.16","DOIUrl":"https://doi.org/10.1109/FDTC.2010.16","url":null,"abstract":"Many implementations of cryptographic algorithms have shown to be susceptible to fault attacks. To detect manipulations, countermeasures have been proposed. In the case of AES, most countermeasures deal with the non-linear and the linear part separately, which either leaves vulnerable points at the interconnections or causes different error detection rates across the algorithm. In this paper, we present a way to achieve a constant error detection rate throughout the whole algorithm. The use of extended AN+B codes together with redundant table lookups allows to construct a countermeasure that provides complete protection against adversaries who are able to inject faults of byte size or less. The same holds for adversaries who skip an instruction. Other adversaries are detected with a probability of more than $99%$.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114080200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Coron, Christophe Giraud, N. Morin, G. Piret, David Vigilant
At CHES 2008, Vigilant proposed an efficient way of implementing a CRT-RSA resistant against Fault Analysis. In this paper, we investigate the fault-resistance of this scheme and we show that it is not immune to fault injection. Indeed, we highlight two weaknesses which can lead an attacker to recover the whole private key by using only one faulty signature. We also suggest some modifications with a negligible cost to improve the fault-resistance of Vigilant's scheme. Therefore the scheme including modifications remains suited to embedded device constraints.
{"title":"Fault Attacks and Countermeasures on Vigilant's RSA-CRT Algorithm","authors":"J. Coron, Christophe Giraud, N. Morin, G. Piret, David Vigilant","doi":"10.1109/FDTC.2010.9","DOIUrl":"https://doi.org/10.1109/FDTC.2010.9","url":null,"abstract":"At CHES 2008, Vigilant proposed an efficient way of implementing a CRT-RSA resistant against Fault Analysis. In this paper, we investigate the fault-resistance of this scheme and we show that it is not immune to fault injection. Indeed, we highlight two weaknesses which can lead an attacker to recover the whole private key by using only one faulty signature. We also suggest some modifications with a negligible cost to improve the fault-resistance of Vigilant's scheme. Therefore the scheme including modifications remains suited to embedded device constraints.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121893323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The naive implementation of AES is known to be vulnerable to Differential Fault Analysis (DFA). We can findthe key of AES-128 (AES with 128-bit key) with one pair of correct and faulty cipher texts. Recently several works on the extension of the attack to AES with 192 and 256-bit key have been published. Due to the longer key size and the characteristic of AES key schedule, we need subtle caution in attacking AES-192and AES-256. We propose new DFA against AES with 192 and256-bit key. We could retrieve AES-192 key with two pairs of correct and faulty cipher texts. With three pairs we could succeed in finding the key of AES-256. These are the minimal faults among the existing methods.
{"title":"Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults","authors":"Chong Hee Kim","doi":"10.1109/FDTC.2010.10","DOIUrl":"https://doi.org/10.1109/FDTC.2010.10","url":null,"abstract":"The naive implementation of AES is known to be vulnerable to Differential Fault Analysis (DFA). We can findthe key of AES-128 (AES with 128-bit key) with one pair of correct and faulty cipher texts. Recently several works on the extension of the attack to AES with 192 and 256-bit key have been published. Due to the longer key size and the characteristic of AES key schedule, we need subtle caution in attacking AES-192and AES-256. We propose new DFA against AES with 192 and256-bit key. We could retrieve AES-192 key with two pairs of correct and faulty cipher texts. With three pairs we could succeed in finding the key of AES-256. These are the minimal faults among the existing methods.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125336668","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Side channel attacks are typically divided into two phases: In the{it collection phase} the attacker tries to measure some physical property of the implementation, and in the {it analysis phase} he tries to derive the cryptographic key from the measured information. The field is highly fragmented, since there are many types of leakage, and each one of them usually requires a different type of analysis. In this paper we formalize a general notion of {it leakage attacks} on iterated cryptosystems, in which the attacker can collect (via physical probing, power measurement, or any other type of side channel) one bit of information about the intermediate state of the encryption after each round. Since bits computed during the early rounds can be usually represented by low degree multivariate polynomials in the plaintext and key bits, we can use the recently discovered cube attack as a generic analysis phase which can be applied in principle to any type of leaked data. However, the original cube attack requires extremely clean data, whereas the information provided by side channel attacks can be quite noisy. To address this problem, we develop in this paper a new type of {it robust cube attack}, which can recover the key even when some of the leaked bits are unreliable. In particular, we show how to exploit{it trivial equations} (of the form $0=0$, which are plentiful but useless in standard cube attacks) in order to correct a fraction of measurement errors which can be arbitrarily close to1. Finally, we demonstrate our approach by describing efficient leakage attacks on Serpent (requiring only $2^{18}$ time for full key recovery when the leaked state bits are clean) and on AES (requiring $2^{35}$ time in the same scenario), and show how to make them robust with a small additional complexity.
{"title":"Generic Analysis of Small Cryptographic Leaks","authors":"Itai Dinur, A. Shamir","doi":"10.1109/FDTC.2010.11","DOIUrl":"https://doi.org/10.1109/FDTC.2010.11","url":null,"abstract":"Side channel attacks are typically divided into two phases: In the{it collection phase} the attacker tries to measure some physical property of the implementation, and in the {it analysis phase} he tries to derive the cryptographic key from the measured information. The field is highly fragmented, since there are many types of leakage, and each one of them usually requires a different type of analysis. In this paper we formalize a general notion of {it leakage attacks} on iterated cryptosystems, in which the attacker can collect (via physical probing, power measurement, or any other type of side channel) one bit of information about the intermediate state of the encryption after each round. Since bits computed during the early rounds can be usually represented by low degree multivariate polynomials in the plaintext and key bits, we can use the recently discovered cube attack as a generic analysis phase which can be applied in principle to any type of leaked data. However, the original cube attack requires extremely clean data, whereas the information provided by side channel attacks can be quite noisy. To address this problem, we develop in this paper a new type of {it robust cube attack}, which can recover the key even when some of the leaked bits are unreliable. In particular, we show how to exploit{it trivial equations} (of the form $0=0$, which are plentiful but useless in standard cube attacks) in order to correct a fraction of measurement errors which can be arbitrarily close to1. Finally, we demonstrate our approach by describing efficient leakage attacks on Serpent (requiring only $2^{18}$ time for full key recovery when the leaked state bits are clean) and on AES (requiring $2^{35}$ time in the same scenario), and show how to make them robust with a small additional complexity.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123026108","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Since the first publication of a successful practical two-fault attack on protected CRT-RSA surprisingly little attention was given by the research community to an ensuing new challenge. The reason for it seems to be two-fold. One is that generic higher order fault attacks are very difficult to model and thus finding robust countermeasures is also difficult. Another reason may be that the published experiment was carried out on an outdated 8 bit microcontroller and thus was not perceived as a serious threat to create a sense of urgency in addressing this new menace. In this paper we describe two-fault attacks on protected CRT-RSA implementations running on an advanced 32 bit ARM Cortex M3 core. To our knowledge, this is the first practical result of two fault laser attacks on a protected cryptographic application. Considering that laser attacks are much more accurate in targeting a particular variable, the significance of our result cannot be overlooked.
{"title":"Multi Fault Laser Attacks on Protected CRT-RSA","authors":"E. Trichina, Roman Korkikyan","doi":"10.1109/FDTC.2010.14","DOIUrl":"https://doi.org/10.1109/FDTC.2010.14","url":null,"abstract":"Since the first publication of a successful practical two-fault attack on protected CRT-RSA surprisingly little attention was given by the research community to an ensuing new challenge. The reason for it seems to be two-fold. One is that generic higher order fault attacks are very difficult to model and thus finding robust countermeasures is also difficult. Another reason may be that the published experiment was carried out on an outdated 8 bit microcontroller and thus was not perceived as a serious threat to create a sense of urgency in addressing this new menace. In this paper we describe two-fault attacks on protected CRT-RSA implementations running on an advanced 32 bit ARM Cortex M3 core. To our knowledge, this is the first practical result of two fault laser attacks on a protected cryptographic application. Considering that laser attacks are much more accurate in targeting a particular variable, the significance of our result cannot be overlooked.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122682651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper introduces some new types of optical fault attacks called fault masking attacks. These attacks are aimed at disrupting of the normal memory operation through preventing changes of the memory contents. The technique was demonstrated on an EEPROM and Flash memory inside PIC microcontrollers. Then it was improved with a backside approach and tested on a PIC and MSP430microcontrollers. These attacks can be used for the partial reverse engineering of semiconductor chips by spotting the areas of activity in reprogrammable non-volatile memory. This can assist in data analysis and other types of fault injection attacks later, thereby saving the time otherwise required for exhaustive search. Practical limits for optical fault masking attacks in terms of sample preparation, operating conditions and chip technology are discussed, together with possible countermeasures.
{"title":"Optical Fault Masking Attacks","authors":"S. Skorobogatov","doi":"10.1109/FDTC.2010.18","DOIUrl":"https://doi.org/10.1109/FDTC.2010.18","url":null,"abstract":"This paper introduces some new types of optical fault attacks called fault masking attacks. These attacks are aimed at disrupting of the normal memory operation through preventing changes of the memory contents. The technique was demonstrated on an EEPROM and Flash memory inside PIC microcontrollers. Then it was improved with a backside approach and tested on a PIC and MSP430microcontrollers. These attacks can be used for the partial reverse engineering of semiconductor chips by spotting the areas of activity in reprogrammable non-volatile memory. This can assist in data analysis and other types of fault injection attacks later, thereby saving the time otherwise required for exhaustive search. Practical limits for optical fault masking attacks in terms of sample preparation, operating conditions and chip technology are discussed, together with possible countermeasures.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130931543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fault injections constitute a major threat to the security of embedded systems. Errors occurring in the cryptographic algorithms have been shown to be extremely dangerous, since powerful attacks can exploit few of them to recover the full secrets. Most of the resistance techniques to perturbation attacks have relied so far on the detection of faults. We present in this paper another strategy, based on the resilience against fault attacks. The core idea is to allow an erroneous result to be outputted, but with the assurance that this faulty information conveys no information about the secrets concealed in the chip. We first underline the benefits of FIR: false positive are never raised, secrets are not erased uselessly in case of uncompromising faults injections, which increases the card lifespan if the fault is natural and not malevolent, and FIR enables a high potential of resistance even in the context of multiple faults. Then we illustrate two families of fault injection resilience (FIR) schemes suitable for symmetric encryption. The first family is a protocol-level scheme that can be formally proved resilient. The second family mobilizes a special logic-level architecture of the cryptographic module. We notably detail how a countermeasure of this later family, namely dual-rail with precharge logic style, can both protect both against active and passive attacks, thereby bringing a combined global protection of the device. The cost of this logic is evaluated as lower than detection schemes. Finally, we also give some ideas about the modalities of adjunction of FIR to some certification schemes.
{"title":"Fault Injection Resilience","authors":"S. Guilley, L. Sauvage, J. Danger, Nidhal Selmane","doi":"10.1109/FDTC.2010.15","DOIUrl":"https://doi.org/10.1109/FDTC.2010.15","url":null,"abstract":"Fault injections constitute a major threat to the security of embedded systems. Errors occurring in the cryptographic algorithms have been shown to be extremely dangerous, since powerful attacks can exploit few of them to recover the full secrets. Most of the resistance techniques to perturbation attacks have relied so far on the detection of faults. We present in this paper another strategy, based on the resilience against fault attacks. The core idea is to allow an erroneous result to be outputted, but with the assurance that this faulty information conveys no information about the secrets concealed in the chip. We first underline the benefits of FIR: false positive are never raised, secrets are not erased uselessly in case of uncompromising faults injections, which increases the card lifespan if the fault is natural and not malevolent, and FIR enables a high potential of resistance even in the context of multiple faults. Then we illustrate two families of fault injection resilience (FIR) schemes suitable for symmetric encryption. The first family is a protocol-level scheme that can be formally proved resilient. The second family mobilizes a special logic-level architecture of the cryptographic module. We notably detail how a countermeasure of this later family, namely dual-rail with precharge logic style, can both protect both against active and passive attacks, thereby bringing a combined global protection of the device. The cost of this logic is evaluated as lower than detection schemes. Finally, we also give some ideas about the modalities of adjunction of FIR to some certification schemes.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"13 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132154752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Christophe Clavier, B. Feix, Georges Gagnerot, Mylène Roussellet
Tamper resistance of hardware products is currently a very popular subject for researchers in the security domain. Since the first Kocher side-channel (passive)attack, the Bellcore researchers and Biham and Shamir fault (active) attacks, many other side-channel and fault attacks have been published. The design of efficient countermeasures still remains a difficult task for IC designers and manufacturers as they must also consider the attacks which combine active and passive threats. It has been shown previously that combined attacks can defeat RSA implementations if side-channel countermeasures and fault protections are developed separately instead of being designed together. This paper demonstrates that combined attacks are also effective on symmetric cryptosystems and shows how they may jeopardize a supposedly state of the art secure AES implementation.
{"title":"Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis","authors":"Christophe Clavier, B. Feix, Georges Gagnerot, Mylène Roussellet","doi":"10.1109/FDTC.2010.17","DOIUrl":"https://doi.org/10.1109/FDTC.2010.17","url":null,"abstract":"Tamper resistance of hardware products is currently a very popular subject for researchers in the security domain. Since the first Kocher side-channel (passive)attack, the Bellcore researchers and Biham and Shamir fault (active) attacks, many other side-channel and fault attacks have been published. The design of efficient countermeasures still remains a difficult task for IC designers and manufacturers as they must also consider the attacks which combine active and passive threats. It has been shown previously that combined attacks can defeat RSA implementations if side-channel countermeasures and fault protections are developed separately instead of being designed together. This paper demonstrates that combined attacks are also effective on symmetric cryptosystems and shows how they may jeopardize a supposedly state of the art secure AES implementation.","PeriodicalId":127275,"journal":{"name":"2010 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127833217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: