Strengthening hardware AES implementations against fault attacks

Joye, Marc; Manet, Pascal; Rigaud, Jean-Baptiste

doi:10.1049/iet-ifs:20060163

Cited by 64 publications

(57 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The first step usually involves the usage of some form of spatiotemporal redundancy to detect the occurrence of the fault, while the second phase attempts to either suppress or adequately randomize the effect of the fault so as to render it ineffective in recovering the secret key. Some popular countermeasure techniques in the current literature include the use of redundancy in various forms-temporal [5], spatial [24], information [25], and hybrid to name a few. Infective countermeasures, on the other hand, avoid the usage of comparison (as opposed to detection based countermeasures) by diffusing the effect of the fault to render the ciphertext unexploitable.…”

Section: Countermeasures Against Fault Attacksmentioning

confidence: 99%

Fault Tolerant Infective Countermeasure for AES

2017

View full text Add to dashboard Cite

Infective countermeasures have been a promising class of fault attack countermeasures. However, they have been subjected to several attacks owing to lack of formal proofs of security and improper implementations. In this paper, we first provide a formal information theoretic proof of security for one of the most recently proposed state of the art infective countermeasures against DFA, under the assumption that the adversary does not change the flow sequence or skip any instruction. Subsequently, we identify weaknesses in the infection mechanism of the countermeasure that could be exploited by attacks which change the flow sequence. Furthermore, we propose an augmented infective countermeasure scheme obtained by introducing suitable randomizations that reduce the success probabilities of such attacks. Finally, we develop a fault tolerant implementation of the countermeasure using the x86 instruction set to make any attacks which attempt to change the control flow of the algorithm via instruction skips practically infeasible. All the claims have been validated by supporting simulations and real-life experiments on a SASEBO-W platform. We also compare the fault tolerance provided by our proposed countermeasure scheme against that provided by the existing scheme.

show abstract

Section: Countermeasures Against Fault Attacksmentioning

confidence: 99%

Fault Tolerant Infective Countermeasure for AES

2017

View full text Add to dashboard Cite

show abstract

“…This work showed that faults can be induced reliably in accordance with an AES fault model and, more importantly, without permanently damaging the unit under attack. In [42], a practical application of the concepts presented in [26] and [44] is presented which allowed fault injection analysis to retrieve a full AES-128 key by analyzing less than 50 ciphertexts.…”

Section: 43mentioning

confidence: 99%

“…These methods offer a high level of assurance but inevitably impact performance significantly. In [44] the authors propose adding redundancy to the implementation and using a simple comparison to detect faults. The premise is that practical fault injection will not be able to identically affect both redundant elements and that the differences will be detectable at the function's outputs through comparison.…”

Section: 44mentioning

confidence: 99%

An overview of cryptanalysis research for the advanced encryption standard

Kaminsky

Kurdziel²,

Radziszowski

2010

2010 - Milcom 2010 Military Communications Conference

View full text Add to dashboard Cite

-Since its release in November 2001, the Advanced Encryption Standard (NIST FIPS-197) has been the subject of extensive cryptanalysis research. The importance of this research has intensified since AES was named, in 2003, by NSA as a Type-1 Suite B Encryption Algorithm (CNSSP-15). As such, AES is now authorized to protect classified and unclassified national security systems and information. This paper provides an overview of current cryptanalysis research on the AES cryptographic algorithm. Discussion is provided on the impact by each technique to the strength of the algorithm in national security applications. The paper is concluded with an attempt at a forecast of the usable life of AES in these applications. Keywords-Advanced Encryption Standard; AES; Cryptanalysis; Side Channel Attacks INTRODUCTIONIn 2003, the National Security Agency took the unprecedented step of approving a public-domain encryption algorithm, AES, for classified information processing. Prior to this milestone, all encryption algorithms approved by the NSA for classified processing were, themselves, classified. The strength of any good encryption algorithm is not enhanced by holding the design as secret. In fact, a public domain encryption standard is subject to continuous, vigilant, expert cryptanalysis. Any breakthroughs will very likely be available to users as well as their adversaries at the same time.In consumer applications, this isn't as much of a problem, but in military communication applications it can be disastrous. Here, the adversary can have national intelligence agency level resources and can exploit vulnerabilities as soon as they are identified. If practical vulnerabilities are found, there will be a period of reduced confidence until a new algorithm can be installed.It is prudent for users and providers of military communications equipment to stay abreast of the progress and trends on cryptanalysis of AES. Facilitating this process is the objective of this paper.Section 2 presents a summary of the past and current areas of research on cryptanalysis of the AES. This section is divided into 5 subsections. The first discusses attacks that pre-existed AES and were addressed as part of its design. The second discusses progress in the new area of algebraic attacks. The third discusses progress on SAT solver and hybrid attacks. Subsection 4 discusses the progress made in side-channel cryptanalysis. Subsection 5 presents a summary of related-key vulnerabilities and distinguishing attacks on AES. These are particularly relevant when AES is used in applications other than traffic encryption (such as hash functions). Section 3 provides discussion of the current strength of AES in national security applications. A forecast of the usable life of AES in these applications is attempted. The paper is concluded in Section 4. CURRENT AREAS OF RESEARCH 2.1Pre-Existing Attacks 2.1.1 Linear Cryptanalysis Linear cryptanalysis exploits approximate linear relationships that exist between inputs and outputs of a function block [1]. In ...

show abstract

“…But as the detection position is related to the data being processed [5], the comparison step itself is prone to fault attacks. The other ones based on infection [6,7]. The idea of infection countermeasures is to make faulty ciphertexts unexploitable by diffusing the effect of a fault.…”

Section: Introductionmentioning

confidence: 99%

“…To overcome the drawbacks in the above works, this paper presents a novel framework for infection mechanism called random infection mechanism to resist fault attacks based on the research of [4] and [6]. We use the encryption/decryption circuit to construct the fault diffusion pattern, so it could avoid under the possibility of double error attacks.…”

Section: Introductionmentioning

confidence: 99%

Against fault attacks based on random infection mechanism

Zhang

et al. 2016

IEICE Electron. Express

View full text Add to dashboard Cite

Fault attack is a very effective way to crack the key for cipher chip. Among existing fault attack countermeasures, the infection countermeasures are very effective means, but, most existing infection countermeasures are based on the single fault assumption, and the accuracy of fault injections has significantly improved in the late years, it has become possible to implementation of double fault attacks in specific circuit regions, and it is, therefore, flawed in the resistance to double fault attacks. Aim at the flawed mentioned, this paper proposes a countermeasure called random infection mechanism to resist fault attacks. We use the encryption/decryption circuit to construct the fault diffusion pattern and avoid under the possibility of double error attacks. Furthermore, in order to against single byte fault attacks, we introduce random numbers to make the fault diffusion randomization. Experiments are carried out to verify the proposed algorithm and the results show that the proposed random infection mechanism can resist fault attacks effectively including single byte error attacks.

show abstract

Strengthening hardware AES implementations against fault attacks

Cited by 64 publications

References 12 publications

Fault Tolerant Infective Countermeasure for AES

Fault Tolerant Infective Countermeasure for AES

An overview of cryptanalysis research for the advanced encryption standard

Against fault attacks based on random infection mechanism

Contact Info

Product

Resources

About