2013
DOI: 10.1109/tcsii.2013.2268379
|View full text |Cite
|
Sign up to set email alerts
|

Fault Rate Analysis: Breaking Masked AES Hardware Implementations Efficiently

Abstract: International audienceIn 2011, Li presented clockwise collision analysis on nonprotected Advanced Encryption Standard (AES) hardware implementation. In this brief, we first propose a new clockwise collision attack, called fault rate analysis (FRA), on masked AES. Then, we analyze the critical and noncritical paths of the S-box and find that, for its three input bytes, namely, the input value, the input mask, and the output mask, the path relating to the output mask is much shorter than those relating to the ot… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
17
0

Year Published

2015
2015
2024
2024

Publication Types

Select...
6
2

Relationship

1
7

Authors

Journals

citations
Cited by 23 publications
(17 citation statements)
references
References 5 publications
0
17
0
Order By: Relevance
“…Each PUF response requires multiple runs (realizations n) of chaotic system iterations (m). Therefore, each PUF response requires m × r iterations, where each m'th iteration length results from the corresponding SCRO frequency (1). It is obvious that each PUF response requires a 2mr…”
Section: Testing and Resultsmentioning
confidence: 99%
See 1 more Smart Citation
“…Each PUF response requires multiple runs (realizations n) of chaotic system iterations (m). Therefore, each PUF response requires m × r iterations, where each m'th iteration length results from the corresponding SCRO frequency (1). It is obvious that each PUF response requires a 2mr…”
Section: Testing and Resultsmentioning
confidence: 99%
“…Modern cryptography is facing progressively more attacks directed not on cryptographic algorithms, but on their implementations-even the secured ones [1]. Among many kinds of sidechannel attacks (SCAs), there are various ways of retrieving information from memories, where the cryptographic keys are kept [2,3], and therefore there is a struggle for securing the memories against SCAs [4].…”
Section: Introductionmentioning
confidence: 99%
“…It is also known as Fault Rate Analysis. In this attack, clock glitch is inject into the masked S-Box to recover the secret key [46]. A Low complexity attack can be done on AES upto four round using three known plaintext and it can also increased to six round [47].…”
Section: Attacks and Countermeasure (If Possible)mentioning
confidence: 99%
“…In CHES 2011, Moradi et al combined correlation-enhanced collision attack [15] with fault sensitivity analysis, and gave new collision attack on two masked S-boxes of AES hardware implementation by colliding timing characteristics [16]. In 2013, the fault rate induced by the clock glitch is employed for collision detection on masked AES S-boxes [17]. Soon after, some other models are discussed [18,19].…”
Section: Introductionmentioning
confidence: 99%