Cited By
View all- Saha RGeetha GKumar GKim T(2018)RK-AESSecurity and Communication Networks10.1155/2018/98024752018Online publication date: 1-Jan-2018
A new zero value attack combined fault sensitivity analysis on masked AES
Authors: 
Qian Wang, An Wang, Liji Wu, Jiliang ZhangAuthors Info & Claims
Qian Wang, An Wang, Liji Wu, Jiliang ZhangAuthors Info & ClaimsPages 355 - 362
Abstract
Recently, a new kind of fault-based attacks called fault sensitivity analysis (FSA) has been proposed, which has significant advantage over the traditional Differential Fault Attacks (DFA). However, the masking countermeasure could resist original FSA attack. In this paper, we first find the zero value sensitivity model in masked AES, and propose a new FSA method combined with zero value attack, which could break the masked AES S-box. To further verify our zero value method, successful attack experiments were conducted on a masked AES implemented in hardware. Experimental results and comparisons confirm that the zero value attack method is more efficient than other FSA methods because of retrieving the secret key by set up the experiment once with only one clock frequency. Moreover, the offline calculation of our zero value method is saved by eliminating the correlation coefficient calculations, and the 28 times searches in key guess process are also omitted in our method.
References
[1]
P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in: Adv. Cryptology-CRYPTO'96, 1996, pp. 104-113.
[2]
S. Chari, J.R. Rao, P. Rohatgi, Template attacks, in: Cryptographic Hardware and Embedded Systems-CHES 2002, Springer, 2003, pp. 13-28.
[3]
A. Bogdanov, Improved side-channel collision attacks on AES, in: Selected Areas in Cryptography, 2007, pp. 84-95.
[4]
L. Batina, B. Gierlichs, E. Prouff, M. Rivain, F.-X. Standaert, N. Veyrat-Charvillon, Mutual information analysis: a comprehensive study, J. Cryptol., 24 (2010) 269-291.
[5]
J. Daemen, V. Rijmen, The Design of Rijndael: AES-the Advanced Encryption Standard, Springer, 2002.
[6]
E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in: Advances in Cryptology-CRYPTO'97, Springer, 1997, pp. 513-525.
[7]
J. Blömer, J.-P. Seifert, Fault based cryptanalysis of the advanced encryption standard (AES), in: Financial Cryptography, 2003, pp. 162-181.
[8]
A. Moradi, M.T.M. Shalmani, M. Salmasizadeh, A generalized method of differential fault attack against AES cryptosystem, in: Cryptographic Hardware and Embedded Systems-CHES 2006, Springer, 2006, pp. 91-100.
[9]
M. Tunstall, D. Mukhopadhyay, S. Ali, Differential fault analysis of the advanced encryption standard using a single fault, in: Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication, Springer, 2011, pp. 224-233.
[10]
Y. Li, K. Sakiyama, S. Gomisawa, T. Fukunaga, J. Takahashi, K. Ohta, Fault sensitivity analysis, in: Cryptographic Hardware and Embedded Systems, CHES 2010, Springer, 2010, pp. 320-334.
[11]
A. Moradi, O. Mischke, C. Paar, Y. Li, K. Ohta, K. Sakiyama, On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting, in: Cryptographic Hardware and Embedded Systems-CHES 2011, Springer, 2011, pp. 292-311.
[12]
A. Wang, M. Chen, Z. Wang, X. Wang, Fault Rate Analysis: Breaking Masked AES Hardware Implementations Efficiently, IEEE Trans. Circuits Syst. II Express Briefs, 60 (2013) 517-521.
[13]
T.G. Oliver Mischke, Amir Moradi, Fault Sensitivity Analysis Meets Zero-Value Attack, in: submitted to FDTC, 2014.
[14]
L.I. Yang, K. Sakiyama, A new type of fault-based attack: fault behavior analysis, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 96 (2013) 177-184.
[15]
Y. Li, Y. Hayashi, A. Matsubara, N. Homma, T. Aoki, K. Ohta, K. Sakiyama, Yet another fault-based leakage in non-uniform faulty ciphertexts, in: Foundations and Practice of Security, Springer, 2014, pp. 272-287.
[16]
Y. Liu, J. Zhang, L. Wei, F. Yuan, Q. Xu, DERA: Yet another differential fault attack on cryptographic devices based on error rate analysis, in: Design Automation Conference (DAC), 2015 52nd ACM/EDAC/IEEE, 2015, pp. 1-6.
[17]
A. Moradi, O. Mischke, C. Paar, One attack to rule them all: collision timing attack versus 42 AES ASIC Cores, IEEE Trans. Comput., 62 (2013) 1786-1798.
[18]
A. Moradi, O. Mischke, T. Eisenbarth, Correlation-enhanced power analysis collision attack, in: Cryptographic Hardware and Embedded Systems, CHES 2010, Springer, 2010, pp. 125-139.
[19]
V. Rijmen, Efficient Implementation of the Rijndael S-box, Kathol. Univ. Leuven, Dept. ESAT, Belgium, 2000.
[20]
A. Satoh, S. Morioka, K. Takano, S. Munetoh, A compact Rijndael hardware architecture with S-box optimization, in: Advances in Cryptology-ASIACRYPT 2001, Springer, 2001, pp. 239-254.
[21]
D. Canright, A very compact S-box for AES, in: Cryptographic Hardware and Embedded Systems-CHES 2005, Springer, 2005, pp. 441-455.
[22]
J. Blömer, J. Guajardo, V. Krummel, Provably secure masking of AES, in: Selected Areas in Cryptography, 2005, pp. 69-83.
[23]
E. Oswald, S. Mangard, N. Pramstaller, V. Rijmen, A side-channel analysis resistant description of the AES S-box, in: Fast Software Encryption, 2005, pp. 413-423.
[24]
D. Canright, L. Batina, A very compact 'perfectly masked' S-box for AES, in: Applied Cryptography and Network Security, 2008, pp. 446-459.
[25]
A. Bogdanov, I. Kizhvatov, Beyond the limits of DPA: combined side-channel collision attacks, IEEE Trans. Comput., 61 (2012) 1153-1164.
Index Terms
- A new zero value attack combined fault sensitivity analysis on masked AES
Index terms have been assigned to the content through auto-classification.
Recommendations
Fault Sensitivity Analysis Meets Zero-Value Attack
FDTC '14: Proceedings of the 2014 Workshop on Fault Diagnosis and Tolerance in CryptographyPrevious works have shown that the combinatorial path delay of a cryptographic function, e.g., The AES S-box, depends on its input value. Since the relation between critical path delay and input value seems to be relatively random and highly dependent ...
Combined fault and side-channel attack on protected implementations of AES
CARDIS'11: Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced ApplicationsThe contribution of this paper is twofold: (1) a novel fault injection attack against AES, based on a new fault model, is proposed. Compared to state-of-the-art attacks, this fault model advantage is to relax constraints on the fault location, and then ...
Fault sensitivity analysis
CHES'10: Proceedings of the 12th international conference on Cryptographic hardware and embedded systemsThis paper proposes a new fault-based attack called the Fault Sensitivity Analysis (FSA) attack, which unlike most existing fault-based analyses including Differential Fault Analysis (DFA) does not use values of faulty ciphertexts. Fault sensitivity ...
Comments
Information & Contributors
Information
Published In
Copyright © Elsevier B.V.
Publisher
Elsevier Science Publishers B. V.
Netherlands
Publication History
Published: 01 September 2016
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 11 Sep 2024
Other Metrics
Citations
Cited By
View all- Saha RGeetha GKumar GKim T(2018)RK-AESSecurity and Communication Networks10.1155/2018/98024752018Online publication date: 1-Jan-2018
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in