Fault Tolerant Infective Countermeasure for AES

Patranabis, Sikhar; Chakraborty, Abhishek; Mukhopadhyay, Debdeep

doi:10.1007/s41635-017-0006-1

Cited by 37 publications

(13 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software countermeasures against fault attacks can be generally divided into two main groups: instruction-level and algorithmlevel techniques [12]. Instruction-based countermeasures include instruction duplication or triplication, and fault-tolerant instruction sequences, where an instruction is replaced by functionally equivalent sequence of more secure instructions [13]. This technique was recently extended to a new approach, called intra-instruction redundancy [14].…”

Section: Countermeasuresmentioning

confidence: 99%

On Evaluating Fault Resilient Encoding Schemes in Software

Breier¹,

Hou²,

Liu

2021

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Cryptographic implementations are often vulnerable against physical attacks, fault injection analysis being among the most popular techniques. On par with development of attacks, the area of countermeasures is advancing rapidly, utilizing both hardware-and software-based approaches. When it comes to software encoding countermeasures for fault protection and their evaluation, there are very few proposals so far, mostly focusing on single operations rather than cipher as a whole. In this paper we propose an evaluation framework that can be used for analyzing the effectivity of software encoding countermeasures against fault attacks. We first formalize the encoding schemes in software, helping us to define what properties are required when designing a fault protection. Based on these findings, we develop an evaluation metric that can be used universally to determine the robustness of a software encoding scheme against bit flip faults and instruction skips. We provide a way to select a code according to user criteria and also a dynamic code analysis method to estimate the level of protection of assembly implementations using encoding schemes. Finally, we verify our findings by implementing a block cipher PRESENT, protected by encoding scheme based on anticodes, and provide a detailed evaluation of this implementation using different codes.

show abstract

Section: Countermeasuresmentioning

confidence: 99%

On Evaluating Fault Resilient Encoding Schemes in Software

Breier¹,

Hou²,

Liu

2021

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…As an example for infection-based countermeasures, we consider the infective countermeasure presented by Tupsamudre et al at CHES 2014 [TBM14] as an extension of an infective countermeasure presented by Gierlichs et al [GST12]. Patranabis et al [PCM15] give a formal proof for this countermeasure against differential fault analysis using a single fault injection under the assumption that the sequence of executed instructions is neither skipped, nor altered. The only attacks on this countermeasure so far are attacks that either skip or alter instructions [BG16].…”

Section: Infective Countermeasurementioning

confidence: 99%

“…The infection countermeasure by Patranabis et al [PCM15] can be seen as an extended version of the one described in subsubsection 2.1.2. Hence, we limit our description solely to the actual differences between both designs.…”

Section: Infection By Patranabis Et Almentioning

confidence: 99%

SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography

Dobraunig

Eichlseder

Korak

et al. 2018

TCHES

114

View full text Add to dashboard Cite

Since the seminal work of Boneh et al., the threat of fault attacks has been widely known and techniques for fault attacks and countermeasures have been studied extensively. The vast majority of the literature on fault attacks focuses on the ability of fault attacks to change an intermediate value to a faulty one, such as differential fault analysis (DFA), collision fault analysis, statistical fault attack (SFA), fault sensitivity analysis, or differential fault intensity analysis (DFIA). The other aspect of faults—that faults can be induced and do not change a value—has been researched far less. In case of symmetric ciphers, ineffective fault attacks (IFA) exploit this aspect. However, IFA relies on the ability of an attacker to reliably induce reproducible deterministic faults like stuck-at faults on parts of small values (e.g., one bit or byte), which is often considered to be impracticable.As a consequence, most countermeasures against fault attacks do not focus on such attacks, but on attacks exploiting changes of intermediate values and usually try to detect such a change (detection-based), or to destroy the exploitable information if a fault happens (infective countermeasures). Such countermeasures implicitly assume that the release of “fault-free” ciphertexts in the presence of a fault-inducing attacker does not reveal any exploitable information. In this work, we show that this assumption is not valid and we present novel fault attacks that work in the presence of detection-based and infective countermeasures. The attacks exploit the fact that intermediate values leading to “fault-free” ciphertexts show a non-uniform distribution, while they should be distributed uniformly. The presented attacks are entirely practical and are demonstrated to work for software implementations of AES and for a hardware co-processor. These practical attacks rely on fault induction by means of clock glitches and hence, are achieved using only low-cost equipment. This is feasible because our attack is very robust under noisy fault induction attempts and does not require the attacker to model or profile the exact fault effect. We target two types of countermeasures as examples: simple time redundancy with comparison and several infective countermeasures. However, our attacks can be applied to a wider range of countermeasures and are not restricted to these two countermeasures.

show abstract

“…Therefore, [PYGS16,LCFS17]. Another approach is a technique called infective countermeasure that tries to distribute the fault evenly to the whole cipher state so that the attacker does not get any usable information about the secret key [PCM15]. Each of these countermeasures has some assumptions, e.g.…”

Section: Countermeasuresmentioning

confidence: 99%

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code

Breier¹,

Hou

Liu

2018

TCHES

View full text Add to dashboard Cite

Over the past decades, fault injection attacks have been extensively studied due to their capability to efficiently break cryptographic implementations. Fault injection attack models are normally determined by analyzing the cipher structure and finding exploitable spots in non-linear and permutation layers. However, this level of abstraction is often too high to distinguish vulnerable parts of software implementations, due to specific operations and optimizations. On the other hand, manually analyzing the assembly code requires non-negligible amount of time and expertise. In this paper, we propose an automated approach for analyzing cipher implementations in assembly. We represent the whole assembly program as a data flow graph so that the vulnerable spots can be found efficiently. Fault propagation is analyzed in a subgraph constructed from each vulnerable spot, allowing equations for Differential Fault Analysis (DFA) to be automatically generated. We have created a tool that implements our approach: DATAC – DFA Automation Tool for Assembly Code. We have successfully used this tool for attacking PRESENT- 80, being able to find implementation-specific vulnerabilities that can be exploited in order to recover the last round key with 16 faults. Our results show that DATAC is useful in finding attack spots that are not visible from the cipher structure, but can be easily exploited when dealing with real-world implementations.

show abstract

Fault Tolerant Infective Countermeasure for AES

Cited by 37 publications

References 21 publications

On Evaluating Fault Resilient Encoding Schemes in Software

On Evaluating Fault Resilient Encoding Schemes in Software

SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code

Contact Info

Product

Resources

About