Security analysis of concurrent error detection against differential fault analysis

Guo, Xiurong; Mukhopadhyay, Debdeep; Jin, Chenglu; Karri, Ramesh

doi:10.1007/s13389-014-0092-8

Cited by 72 publications

(24 citation statements)

References 53 publications

(136 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this case, the designer can add protection to registers using the DDR technique [20]. The FMR for NREPO is around 0.01 for byte faults which most DFA uses [3,13]. An attacker can try 100 fault injections to obtain a single byte fault and thus extract the secret key.…”

Section: Security Analysis Against Dfamentioning

confidence: 99%

NREPO: Normal basis Recomputing with Permuted Operands

Guo

Mukhopadhyay

Jin

et al. 2014

2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)

Self Cite

View full text Add to dashboard Cite

Abstract. Hardware implementations of cryptographic algorithms are vulnerable to natural and malicious faults. Concurrent Error Detection (CED) can be used to detect these faults. We present NREPO, a CED which does not require redundant computational resources in the design. Therefore, one can integrate it when computational resources are scarce or when the redundant resources are difficult to harness for CED. We integrate NREPO in a low-cost Advanced Encryption Standard (AES) implementation with 8-bit datapath. We show that NREPO has 25 and 50 times lower fault miss rate than robust code and parity, respectively. The area, throughput, and power are compared with other CEDs on 45nm ASIC. The hardware overhead of NREPO is 34.9%. The throughput and power are 271.6Mbps and 1579.3µW , respectively. One can also implement NREPO in other cryptographic algorithms.

show abstract

Section: Security Analysis Against Dfamentioning

confidence: 99%

NREPO: Normal basis Recomputing with Permuted Operands

Guo

Mukhopadhyay

Jin

et al. 2014

2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)

Self Cite

View full text Add to dashboard Cite

show abstract

“…It also provides provable security against fault attacks [48]. Therefore, we can add additional registers to the AES and use them to store the round input and output of the normal computation.…”

Section: Fault Coveragementioning

confidence: 99%

Low-Cost Concurrent Error Detection for GCM and CCM

Guo

Karri

2014

J Electron Test

Self Cite

View full text Add to dashboard Cite

Abstract. In many applications, encryption alone does not provide enough security. To enhance security, dedicated authenticated encryption (AE) mode are invented. Galios Counter Mode (GCM) and Counter with CBC-MAC mode (CCM) are the AE modes recommended by the National Institute of Standards and Technology.To support high data rates, AE modes are usually implemented in hardware. However, natural faults reduce its reliability and may undermine both its encryption and authentication capability. We present a low-cost concurrent error detection (CED) scheme for 7 AE architectures. The proposed technique explores idle cycles of the AE mode architectures. Experimental results shows that the performance overhead can be lower than 100% for all architectures depending on the workload. FPGA implementation results show that the hardware overhead in the 0.1-23.3% range and the power overhead is in the 0.2-23.2% range. ASIC implementation results show that the hardware overhead in the 0.1-22.8% range and the power overhead is in the 0.3-12.6% range. The underlying block cipher and hash module need not have CED built in. Thus, it allows system designers to integrate block cipher and hash function intellectual property from different vendors.

show abstract

“…Fault attacks can compromise the cipher implementation produce faulty ciphertexts for cryptanalysts to retrieve the secret key [1,5,7,11,13,15]. White light, laser beams, glitches, and temperature control are possible manipulation Manuscript means to perform fault attacks [2].…”

Section: Introductionmentioning

confidence: 99%

Strengthening SIMON Implementation Against Intelligent Fault Attacks

Dofe

Frey

Pahlevanzadeh

et al. 2015

IEEE Embedded Syst. Lett.

View full text Add to dashboard Cite

Driven by malicious intent, attackers are impelled to extract the cipher key and thus compromise the cryptosystem through fault attacks. Existing fault-detection methods can effectively detect random faults in the cipher implementation, but yield a high fault bypass rate (FBR) under intelligent fault attacks. To address this limitation, we propose a new microarchitecture to thwart fault attacks that place mathematically symmetric faults on the two encryption data paths. To further reduce the FBR for a new lightweight cipher SIMON, we propose a new countermeasure that integrates operand permutation and masking techniques. Closed-form expressions for de-permutation and de-masking in SIMON are provided in this letter. Our method was assessed under two fault attack scenarios (random and symmetric fault injections) with bit-flip, stuck-at-0, and stuck-at-1 fault models. Simulation results show that our method minimizes the FBR to zero with the fault attack scenarios of symmetric fault location and stuck-at-0 fault injections. Overall, the proposed method outperforms the existing fault-detection methods in multiple fault attack conditions, at the cost of 5% more area overhead than the most hardware-efficient fault detection method. Index Terms-Block cipher, cryptography, fault attacks, fault bypass rate, fault detection, security, SIMON.

show abstract

Security analysis of concurrent error detection against differential fault analysis

Cited by 72 publications

References 53 publications

NREPO: Normal basis Recomputing with Permuted Operands

NREPO: Normal basis Recomputing with Permuted Operands

Low-Cost Concurrent Error Detection for GCM and CCM

Strengthening SIMON Implementation Against Intelligent Fault Attacks

Contact Info

Product

Resources

About