In this paper, we present a fault-based security evaluation for an Elliptic Curve Cryptography (ECC) implementation using the Montgomery Powering Ladder (MPL). We focus in particular on the L´opez-Dahab algorithm, which is used to calculate a point on an elliptic curve efficiently without using the y - coordinate. Several previous fault analysis attacks cannot be applied to the ECC implementation employing the L´opez-Dahab algorithm in a straight-forward manner. In this paper, we evaluate the security of the L´opez-Dahab algorithm using Fault Sensitivity Analysis (FSA). Although the initial work on FSA was applied only to an Advanced Encryption Standard (AES) implementation, we apply the technique to the ECC implementation. Consequently, we found a vulnerability to FSA for the ECC implementation using the L´opez-Dahab algorithm.
在本文中,我们提出了一种基于故障的椭圆曲线加密(ECC)实现的安全性评估方法,该方法使用Montgomery power Ladder (MPL)。我们特别关注L´opez-Dahab算法,该算法用于在不使用y坐标的情况下有效地计算椭圆曲线上的点。以前的几种故障分析攻击不能直接应用于采用L´opez-Dahab算法的ECC实现。在本文中,我们使用故障灵敏度分析(FSA)来评估L´opez-Dahab算法的安全性。虽然FSA的初始工作仅应用于高级加密标准(AES)实现,但我们将该技术应用于ECC实现。因此,我们发现了使用L´opez-Dahab算法实现ECC的FSA漏洞。
{"title":"Fault Sensitivity Analysis Against Elliptic Curve Cryptosystems","authors":"Hikaru Sakamoto, Yang Li, K. Ohta, K. Sakiyama","doi":"10.1109/FDTC.2011.17","DOIUrl":"https://doi.org/10.1109/FDTC.2011.17","url":null,"abstract":"In this paper, we present a fault-based security evaluation for an Elliptic Curve Cryptography (ECC) implementation using the Montgomery Powering Ladder (MPL). We focus in particular on the L´opez-Dahab algorithm, which is used to calculate a point on an elliptic curve efficiently without using the y - coordinate. Several previous fault analysis attacks cannot be applied to the ECC implementation employing the L´opez-Dahab algorithm in a straight-forward manner. In this paper, we evaluate the security of the L´opez-Dahab algorithm using Fault Sensitivity Analysis (FSA). Although the initial work on FSA was applied only to an Advanced Encryption Standard (AES) implementation, we apply the technique to the ECC implementation. Consequently, we found a vulnerability to FSA for the ECC implementation using the L´opez-Dahab algorithm.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114227141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In FDTC 2009, Li et al. published a DFA attack [20] against the symmetric block cipher SHACAL1 [11]. This block cipher substantially consists of the compression function of the hash function SHA1 [16] except for the final addition operation. When using the SHA1 compression function as a primitive in a keyed hash function like HMAC-SHA1 [17] or in a key derivation function it might be of some interest if the attack of Li et al. also applies to the SHA1 compression function. However, the final addition operation turns out to completely prevent this direct application. In this paper we extend the attack of Li et al. in order to overcome the problem of the final addition and to extract the secret inputs of the SHA1 compression function by analysing faulty outputs. Our implementation of the new attack needs about 1000 faulty outputs and a computation time of three hours on a normal PC to fully extract the secret inputs with high probability.
{"title":"Differential Fault Analysis on the SHA1 Compression Function","authors":"Ludger Hemme, Lars Hoffmann","doi":"10.1109/FDTC.2011.16","DOIUrl":"https://doi.org/10.1109/FDTC.2011.16","url":null,"abstract":"In FDTC 2009, Li et al. published a DFA attack [20] against the symmetric block cipher SHACAL1 [11]. This block cipher substantially consists of the compression function of the hash function SHA1 [16] except for the final addition operation. When using the SHA1 compression function as a primitive in a keyed hash function like HMAC-SHA1 [17] or in a key derivation function it might be of some interest if the attack of Li et al. also applies to the SHA1 compression function. However, the final addition operation turns out to completely prevent this direct application. In this paper we extend the attack of Li et al. in order to overcome the problem of the final addition and to extract the secret inputs of the SHA1 compression function by analysing faulty outputs. Our implementation of the new attack needs about 1000 faulty outputs and a computation time of three hours on a normal PC to fully extract the secret inputs with high probability.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121561858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Sub Bytes (S-boxes) is the only non-linear transformation in the encryption of the Advanced Encryption Standard (AES), occupying more than half of its hardware implementation resources. One important required aspect of the hardware architectures of the S-boxes is the reliability of their implementations. This can be compromised by occurrence of internal faults or intrusion of the attackers. In this paper, we present a high-speed architecture for the S-boxes constructed using mixed bases to counteract these internal/malicious faults. Although using polynomial and normal bases for the S-boxes has been studied extensively, using mixed bases has just been considered very recently in CHES 2010. In the proposed fault detection scheme of this paper, we present formulations for multi-bit parities for the S-boxes using mixed bases. Then, these formulations are utilized in our error simulations and it is shown that the presented architecture reaches very high error coverage. Through our ASIC syntheses utilizing a 65-nm CMOS technology, we show that with comparable hardware complexity, the efficiency of the presented reliable architecture (without sub-pipelining) reaches around $5.02$ $frac{Mbps}{mu m^{2}}$, outperforming other fault detection schemes for composite field architectures.
{"title":"A High-Performance Fault Diagnosis Approach for the AES SubBytes Utilizing Mixed Bases","authors":"Mehran Mozaffari Kermani, A. Reyhani-Masoleh","doi":"10.1109/FDTC.2011.11","DOIUrl":"https://doi.org/10.1109/FDTC.2011.11","url":null,"abstract":"The Sub Bytes (S-boxes) is the only non-linear transformation in the encryption of the Advanced Encryption Standard (AES), occupying more than half of its hardware implementation resources. One important required aspect of the hardware architectures of the S-boxes is the reliability of their implementations. This can be compromised by occurrence of internal faults or intrusion of the attackers. In this paper, we present a high-speed architecture for the S-boxes constructed using mixed bases to counteract these internal/malicious faults. Although using polynomial and normal bases for the S-boxes has been studied extensively, using mixed bases has just been considered very recently in CHES 2010. In the proposed fault detection scheme of this paper, we present formulations for multi-bit parities for the S-boxes using mixed bases. Then, these formulations are utilized in our error simulations and it is shown that the presented architecture reaches very high error coverage. Through our ASIC syntheses utilizing a 65-nm CMOS technology, we show that with comparable hardware complexity, the efficiency of the presented reliable architecture (without sub-pipelining) reaches around $5.02$ $frac{Mbps}{mu m^{2}}$, outperforming other fault detection schemes for composite field architectures.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130376075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose a new class of error detection codes, {em quadratic dual residue codes}, to protect cryptographic computations running on general-purpose processor cores against fault attacks. The assumed adversary model is a powerful one, whereby the attacker can inject errors anywhere in the data path of a general-purpose microprocessor by bit flipping. We demonstrate that quadratic dual residue codes provide a much better protection under this powerful adversary model compared to similar codes previously proposed for the same purpose in the literature. The adopted strategy aims to protect the single-precision arithmetic operations, such as addition and multiplication, which usually dominate the execution time of many public key cryptography algorithms in general-purpose microprocessors. Two so called {em robust} units for addition and multiplication operations, which provide a protection against faults attacks, are designed and tightly integrated into the data path of a simple, embedded re-configurable processor. We report the implementation results that compare the proposed error detection codes favorably with previous proposals of similar type in the literature. In addition, we present performance evaluations of the software implementations of Montgomery multiplication algorithm using the robust execution units. Implementation results clearly show that it is feasible to implement robust arithmetic units with relatively low overhead even for a simple embedded processor.
{"title":"On Protecting Cryptographic Applications Against Fault Attacks Using Residue Codes","authors":"Kazim Yumbul, S. Erdem, E. Savaş","doi":"10.1109/FDTC.2011.14","DOIUrl":"https://doi.org/10.1109/FDTC.2011.14","url":null,"abstract":"We propose a new class of error detection codes, {em quadratic dual residue codes}, to protect cryptographic computations running on general-purpose processor cores against fault attacks. The assumed adversary model is a powerful one, whereby the attacker can inject errors anywhere in the data path of a general-purpose microprocessor by bit flipping. We demonstrate that quadratic dual residue codes provide a much better protection under this powerful adversary model compared to similar codes previously proposed for the same purpose in the literature. The adopted strategy aims to protect the single-precision arithmetic operations, such as addition and multiplication, which usually dominate the execution time of many public key cryptography algorithms in general-purpose microprocessors. Two so called {em robust} units for addition and multiplication operations, which provide a protection against faults attacks, are designed and tightly integrated into the data path of a simple, embedded re-configurable processor. We report the implementation results that compare the proposed error detection codes favorably with previous proposals of similar type in the literature. In addition, we present performance evaluations of the software implementations of Montgomery multiplication algorithm using the robust execution units. Implementation results clearly show that it is feasible to implement robust arithmetic units with relatively low overhead even for a simple embedded processor.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124248437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we detail the latest developments regarding optical fault injection on secure micro controllers. On these targets, a combination of countermeasures makes fault injection less than trivial. We develop fault injection methods to show experimentally that protected smart cards are still vulnerable. We perform power signal guided fault injection, using a triggering mechanism based on real-time pattern recognition. Furthermore, the use of jitter-free diode lasers shows current countermeasures may be inadequate for the near future.
{"title":"Practical Optical Fault Injection on Secure Microcontrollers","authors":"J. V. Woudenberg, M. Witteman, Federico Menarini","doi":"10.1109/FDTC.2011.12","DOIUrl":"https://doi.org/10.1109/FDTC.2011.12","url":null,"abstract":"In this paper we detail the latest developments regarding optical fault injection on secure micro controllers. On these targets, a combination of countermeasures makes fault injection less than trivial. We develop fault injection methods to show experimentally that protected smart cards are still vulnerable. We perform power signal guided fault injection, using a triggering mechanism based on real-time pattern recognition. Furthermore, the use of jitter-free diode lasers shows current countermeasures may be inadequate for the near future.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129454891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Since its announcement, AES has been subject to different DFA attacks. Most of these attacks target the AES with 128-bit key. However, the two other variants are nowadays deployed in various applications and are also submitted to the same attack path. In this paper, we adapt DFA techniques originally used on AES-128 in order to retrieve the whole keys of AES-192 and AES-256. The two main kinds of injection localization have been analyzed: faults during cipher and during Key Expansion computations. Analysis of this last case highlights different fault diffusion problems requiring to be solved to exploit the differential faults. Finally, we propose the first attack on AES-192 and AES-256 on Key Expansion. This attack leads finding the whole initial key with 16 fault injections in both cases.
{"title":"From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks on Key Expansion","authors":"Noémie Floissac, Yann L'Hyver","doi":"10.1109/FDTC.2011.15","DOIUrl":"https://doi.org/10.1109/FDTC.2011.15","url":null,"abstract":"Since its announcement, AES has been subject to different DFA attacks. Most of these attacks target the AES with 128-bit key. However, the two other variants are nowadays deployed in various applications and are also submitted to the same attack path. In this paper, we adapt DFA techniques originally used on AES-128 in order to retrieve the whole keys of AES-192 and AES-256. The two main kinds of injection localization have been analyzed: faults during cipher and during Key Expansion computations. Analysis of this last case highlights different fault diffusion problems requiring to be solved to exploit the differential faults. Finally, we propose the first attack on AES-192 and AES-256 on Key Expansion. This attack leads finding the whole initial key with 16 fault injections in both cases.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126532450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Differential Fault Analysis has been known since 1996 (Dan Boneh, Richard A. DeMilIo and Richard ]. Lipton, "The Bellcore Attack") [1]. Before that, the implementations of cryptographic functions were developed without the awareness of fault analysis attacks. The first fault injection set-ups produced single voltage glitches or single light flashes at a single location on the silicon. A range of countermeasures has been developed and applied in cryptographic devices since. But while the countermeasures against perturbation attacks were being developed, attack techniques also evolved. The accuracy of the timing was improved, mUltiple light flashes were used to circumvent double checks, perturbation attacks were being combined with side channels such as power consumption and detection methods developed to prevent chips from blocking after they detected the perturbation attempt. Against all these second generation attack methods new countermeasures were developed. This raised the level of security of secure microcontroller chips to a high level , especially compared to products of ten years ago. The certification schemes are mandating more and more advanced tests to keep secure systems secure in the future. One of the latest requirements is light manipulation test using power consumption waveform based triggering with mUltiple light flashes at mUltiple locations on the silicon. If attack scenarios that are as complicated as this one are in scope where will it end? The equipment necessary for the attack is expensive and special software is required. The perturbation attacks that are performed outside security labs and universities are of a different level. The security laboratories need to improve their attack techniques to match the findings of academic research, attacks in the field and attacks developed by other laboratories. The level of required security is increasing, also increasing the price of the products because of the extra countermeasures that need to be implemented. These extra countermeasures result in significantly more complicated hardware designs, software implementations, higher power consumption and performance loss. Evaluation costs also increase with every extra penetration test that is added by the schemes because test set-ups have to be enhanced and more
自1996年以来,微分故障分析已经为人所知(Dan Boneh, Richard A. DeMilIo和Richard)。利普顿,“贝尔科攻击”)[1]。在此之前,加密功能的实现是在没有故障分析攻击意识的情况下开发的。第一次故障注入装置在硅片上的单个位置产生单个电压故障或单个闪光。从那时起,一系列的对抗措施被开发并应用于加密设备。但是,在开发针对摄动攻击的对策的同时,攻击技术也在发展。时间的准确性得到了提高,多次闪光用于规避双重检查,微扰攻击与侧通道(如功耗)相结合,并开发了检测方法,以防止芯片在检测到微扰尝试后阻塞。针对这些第二代攻击方法,开发了新的对策。这将安全微控制器芯片的安全水平提升到一个很高的水平,特别是与十年前的产品相比。认证方案要求越来越多的高级测试,以确保安全系统在未来的安全。最新的要求之一是光操作测试,使用基于功耗波形的触发,在硅上的多个位置有多个闪光灯。如果像这样复杂的攻击场景出现在范围内,它将在哪里结束?攻击所需的设备非常昂贵,并且需要特殊的软件。在安全实验室和大学之外进行的扰动攻击是一个不同的级别。安全实验室需要改进其攻击技术,以匹配学术研究结果、现场攻击和其他实验室开发的攻击。所需的安全水平正在提高,同时也增加了产品的价格,因为需要实施额外的对策。这些额外的对策导致硬件设计、软件实现、更高的功耗和性能损失显著增加。评估成本也会随着每一次额外的渗透测试的增加而增加,因为测试设置必须得到加强
{"title":"Fault Injection, A Fast Moving Target in Evaluations","authors":"R. Bekkers, Hans König","doi":"10.1109/FDTC.2011.20","DOIUrl":"https://doi.org/10.1109/FDTC.2011.20","url":null,"abstract":"Differential Fault Analysis has been known since 1996 (Dan Boneh, Richard A. DeMilIo and Richard ]. Lipton, \"The Bellcore Attack\") [1]. Before that, the implementations of cryptographic functions were developed without the awareness of fault analysis attacks. The first fault injection set-ups produced single voltage glitches or single light flashes at a single location on the silicon. A range of countermeasures has been developed and applied in cryptographic devices since. But while the countermeasures against perturbation attacks were being developed, attack techniques also evolved. The accuracy of the timing was improved, mUltiple light flashes were used to circumvent double checks, perturbation attacks were being combined with side channels such as power consumption and detection methods developed to prevent chips from blocking after they detected the perturbation attempt. Against all these second generation attack methods new countermeasures were developed. This raised the level of security of secure microcontroller chips to a high level , especially compared to products of ten years ago. The certification schemes are mandating more and more advanced tests to keep secure systems secure in the future. One of the latest requirements is light manipulation test using power consumption waveform based triggering with mUltiple light flashes at mUltiple locations on the silicon. If attack scenarios that are as complicated as this one are in scope where will it end? The equipment necessary for the attack is expensive and special software is required. The perturbation attacks that are performed outside security labs and universities are of a different level. The security laboratories need to improve their attack techniques to match the findings of academic research, attacks in the field and attacks developed by other laboratories. The level of required security is increasing, also increasing the price of the products because of the extra countermeasures that need to be implemented. These extra countermeasures result in significantly more complicated hardware designs, software implementations, higher power consumption and performance loss. Evaluation costs also increase with every extra penetration test that is added by the schemes because test set-ups have to be enhanced and more","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125828144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The literature about fault analysis typically describes fault injection mechanisms, e.g. glitches and lasers, and cryptanalytic techniques to exploit faults based on some assumed fault model. Our work narrows the gap between both topics. We thoroughly analyse how clock glitches affect a commercial low-cost processor by performing a large number of experiments on five devices. We observe that the effects of fault injection on two-stage pipeline devices are more complex than commonly reported in the literature. While injecting a fault is relatively easy, injecting an exploitable fault is hard. We further observe that the easiest to inject and reliable fault is to replace instructions, and that random faults do not occur. Finally we explain how typical fault attacks can be mounted on this device, and describe a new attack for which the fault injection is easy and the cryptanalysis trivial.
{"title":"An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs","authors":"J. Balasch, Benedikt Gierlichs, I. Verbauwhede","doi":"10.1109/FDTC.2011.9","DOIUrl":"https://doi.org/10.1109/FDTC.2011.9","url":null,"abstract":"The literature about fault analysis typically describes fault injection mechanisms, e.g. glitches and lasers, and cryptanalytic techniques to exploit faults based on some assumed fault model. Our work narrows the gap between both topics. We thoroughly analyse how clock glitches affect a commercial low-cost processor by performing a large number of experiments on five devices. We observe that the effects of fault injection on two-stage pipeline devices are more complex than commonly reported in the literature. While injecting a fault is relatively easy, injecting an exploitable fault is hard. We further observe that the easiest to inject and reliable fault is to replace instructions, and that random faults do not occur. Finally we explain how typical fault attacks can be mounted on this device, and describe a new attack for which the fault injection is easy and the cryptanalysis trivial.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114498682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Literature on Differential Fault Analysis (DFA) on AES-128 shows that it is more difficult to attack AES when the fault is induced in the key schedule, than when it is injected in the intermediate states. Recent research shows that DFA on AES key schedule still requires two faulty cipher texts, while it requires only one faulty cipher text and a brute-force search of $2^8$ AES-128 keys when the fault is injected inside the round of AES. The present paper proposes a DFA on AES-128 key schedule which requires only one single byte fault and a brute-force search of $2^8$ keys, showing that a DFA on AES key schedule is equally dangerous as a fault analysis when the fault is injected in the intermediate state of AES. Further, the fault model of the present attack is a single byte fault. This is more realistic than the existing fault model of injecting three byte faults in a column of the AES key which has a less chance of success. To the best of our knowledge the proposed attack is the best known DFA on AES key schedule and requires minimum number of faulty cipher text. The simulated attack, running on 3GHz Intel Core 2 Duo desktop machine with 2GB RAM, takes around 35 minutes to reveal the secret key.
{"title":"A Differential Fault Analysis on AES Key Schedule Using Single Fault","authors":"Subidh Ali, Debdeep Mukhopadhyay","doi":"10.1109/FDTC.2011.10","DOIUrl":"https://doi.org/10.1109/FDTC.2011.10","url":null,"abstract":"Literature on Differential Fault Analysis (DFA) on AES-128 shows that it is more difficult to attack AES when the fault is induced in the key schedule, than when it is injected in the intermediate states. Recent research shows that DFA on AES key schedule still requires two faulty cipher texts, while it requires only one faulty cipher text and a brute-force search of $2^8$ AES-128 keys when the fault is injected inside the round of AES. The present paper proposes a DFA on AES-128 key schedule which requires only one single byte fault and a brute-force search of $2^8$ keys, showing that a DFA on AES key schedule is equally dangerous as a fault analysis when the fault is injected in the intermediate state of AES. Further, the fault model of the present attack is a single byte fault. This is more realistic than the existing fault model of injecting three byte faults in a column of the AES key which has a less chance of success. To the best of our knowledge the proposed attack is the best known DFA on AES key schedule and requires minimum number of faulty cipher text. The simulated attack, running on 3GHz Intel Core 2 Duo desktop machine with 2GB RAM, takes around 35 minutes to reveal the secret key.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130483683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
I. Verbauwhede, Dusko Karaklajic, Jörn-Marc Schmidt
For a secure hardware designer, the vast array of fault attacks and countermeasures looks like a jungle. This paper aims at providing a guide through this jungle and at helping a designer of secure embedded devices to protect a design in the most efficient way. We classify the existing fault attacks on implementations of cryptographic algorithms on embedded devices according to different criteria. By doing do, we expose possible security threats caused by fault attacks and propose different classes of countermeasures capable of preventing them.
{"title":"The Fault Attack Jungle - A Classification Model to Guide You","authors":"I. Verbauwhede, Dusko Karaklajic, Jörn-Marc Schmidt","doi":"10.1109/FDTC.2011.13","DOIUrl":"https://doi.org/10.1109/FDTC.2011.13","url":null,"abstract":"For a secure hardware designer, the vast array of fault attacks and countermeasures looks like a jungle. This paper aims at providing a guide through this jungle and at helping a designer of secure embedded devices to protect a design in the most efficient way. We classify the existing fault attacks on implementations of cryptographic algorithms on embedded devices according to different criteria. By doing do, we expose possible security threats caused by fault attacks and propose different classes of countermeasures capable of preventing them.","PeriodicalId":150423,"journal":{"name":"2011 Workshop on Fault Diagnosis and Tolerance in Cryptography","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131268232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: