Stealthy Hardware Trojan Based Algebraic Fault Analysis of HIGHT Block Cipher
Authors: 
Hao Chen, Tao Wang, Fan Zhang, Xinjie Zhao, Wei He, Lumin Xu, Yunfei Ma Academic Editor: Namje ParkAuthors Info & Claims
Hao Chen, Tao Wang, Fan Zhang, Xinjie Zhao, Wei He, Lumin Xu, Yunfei Ma Academic Editor: Namje ParkAuthors Info & ClaimsAbstract
HIGHT is a lightweight block cipher which has been adopted as a standard block cipher. In this paper, we present a bit-level algebraic fault analysis (AFA) of HIGHT, where the faults are perturbed by a stealthy HT. The fault model in our attack assumes that the adversary is able to insert a HT that flips a specific bit of a certain intermediate word of the cipher once the HT is activated. The HT is realized by merely 4 registers and with an extremely low activation rate of about 0.000025. We show that the optimal location for inserting the designed HT can be efficiently determined by AFA in advance. Finally, a method is proposed to represent the cipher and the injected faults with a merged set of algebraic equations and the master key can be recovered by solving the merged equation system with an SAT solver. Our attack, which fully recovers the secret master key of the cipher in 12572.26 seconds, requires three times of activation on the designed HT. To the best of our knowledge, this is the first Trojan attack on HIGHT.
References
[1]
P. Sethi and S. R. Sarangi, “Internet of things: architectures, protocols, and applications,” Journal of Electrical and Computer Engineering, vol. 2017, pp. 1–25, 2017.
[2]
A. Juels, “RFID security and privacy: a research survey,” IEEE Journal on Selected Areas in Communications, vol. 24, no. 2, pp. 381–394, 2006.
[3]
P. H. Cole, D. C. Ranasinghe, and C. Damith, Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting, Springer, Berlin, Germany, 2008.
[4]
A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin, and C. Vikkelsoe, “PRESENT: an ultra-lightweight block cipher,” in Proceeding of CHES 2007, vol. 4727 of Lectures in computer science, pp. 450–466, Heidelberg, 2007.
[5]
J. Guo, T. Peyrin, A. Poschmann, and M. Robshaw, “The LED block cipher,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 6917, pp. 326–341, 2011.
[6]
R. Beaulieu, S. Treatman-Clark, D. Shors, B. Weeks, J. Smith, and L. Wingers, “The SIMON and SPECK lightweight block cIPhers,” Cryptology ePrint Archive, 2013, http://eprint.iacr.org/.
[7]
C. H. Lim and T. Korkishko, “mCrypton – A lightweight block cipher for security of low-cost RFID tags and sensors,” in Information Security Applications, vol. 3786 of Lecture Notes in Computer Science, pp. 243–258, Springer, Berlin, Heidelberg, 2006.
[8]
D. Hong, J. Sung, S. Hong, J. Kim, S. Lee, B.-S. Koo, C. Lee, D. Chang, J. Lee, K. Jeong, H. Kim, and J. Kim, “HIGHT: a new block cipher suitable for low-resource device,” in Cryptographic Hardware and Embedded Systems—CHES 2006: 8th International Workshop, Yokohama, Japan, October 10–13, vol. 4249 of Lecture Notes in Computer Science, pp. 46–59, Springer, Berlin, Germany, 2006.
[9]
International Organization for Standardization, ISO/IEC18033-3:2005, Information technology-Security techniques – Encryption algorithms-Part 3: Block ciphers (2005).
[10]
R. Kumar, P. Jovanovic, W. Burleson, and I. Polian, “Parametric trojans for fault-injection attacks on cryptographic hardware,” in Proceedings of the 11th Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2014, pp. 18–28, Republic of Korea.
[11]
S. Bhunia, M. S. Hsiao, M. Banga, and S. Narasimhan, “Hardware trojan attacks: Threat analysis and countermeasures,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1229–1247, 2014.
[12]
M. Tehranipoor and F. Koushanfar, “A survey of hardware trojan taxonomy and detection,” IEEE Design and Test of Computers, vol. 27, no. 1, pp. 10–25, 2010.
[13]
W. Danesh, J. Dofe, and Q. Yu, “Efficient hardware Trojan detection with differential cascade voltage switch logic,” VLSI Design, vol. 2014, 2014.
[14]
M. L. Flotters, “On the effectiveness of hardware trojan detection via sidel-channel analysis,” Information Security Journal: A Global Perspective, no. 22, pp. 226–236, 2013.
[15]
S. Bhunia, M. Abramovici, D. Agrawal, M. S. Hsiao, J. Plusquellic, M. Tehranipoor, and P. Bradley, “Protection against hardware trojan attacks: Towards a comprehensive solution,” IEEE Design and Test, vol. 30, no. 3, pp. 6–17, 2013.
[16]
E. Biham and A. Shamir, “Differential fault analysis of secret key cryptosystems,” in Proceeding of CRYPTO 1997, vol. 1294 of Lecture Notes in Computer Science, pp. 513–525, Springer, Heidelberg, Berlin, Germany, 1997.
[17]
N. T. Courtois and J. Pieprzyk, “Cryptanalysis of block ciphers with overdefined systems of equations,” in Advances in cryptology ASIACRYPT 2002, vol. 2501 of Lecture Notes in Computer Science, pp. 267–287, Springer, Berlin, Berlin, 2002.
[18]
N. T. Courtois, D. Ware, and K. Jackson, “Fault-Algebraic Attacks on Inner Rounds of DES,” in Proceedings of the eSmart 2010, pp. 22–24, 2010.
[19]
M. S. E. Mohamed, S. Bulygin, and J. Buchmann, “Using SAT solving to improve differential fault analysis of Trivium,” International Journal of Security and Its Applications, vol. 6, no. 1, pp. 29–38, 2012.
[20]
S. Sarkar, S. Banik, and S. Maitra, “Differential fault attack against grain family with very few faults and minimal assumptions,” IEEE Transactions on Computers, vol. 64, no. 6, pp. 1647–1657, 2015.
[21]
G. Piret and J. Quisquater, “A differential fault attack technique against spn structures, with application to the AES and khazad,” in Cryptographic Hardware and Embedded Systems - CHES 2003, vol. 2779 of Lecture Notes in Computer Science, pp. 77–88, Springer, Berlin, Heidelberg, Germany, 2003.
[22]
P. Jovanovic, M. Kreuzer, and I. Polian, “An Algebraic Fault Attack on the LED Block Cipher,” Cryptology ePrint Archive, 2012, http://eprint.iacr.org/2012/400.pdf.
[23]
X. J. Zhao, S. Z. Guo, F. Zhang, Z. J. Shi, C. J. Ma, and T. Wang, “Algebraic differential fault attacks on LED using a single fault injection,” Cryptology ePrint Archive, http://eprint.iacr.org/2012/347.pdf.
[24]
Z. Wang, X. Dong, K. Jia, and J. Zhao, “Differential fault attack on KASUMI cipher used in GSM telephony,” Mathematical Problems in Engineering, vol. 2014, 2014.
[25]
F. Zhang, X. J. Zhao, S. Guo, T. Wang, and Z. J. Shi, “Improved algebraic fault analysis: a case study on piccolo and applications to other lightweight block ciphers,” in Proceedings of the COSADE 2013, vol. 7864 of Lecture Notes in Computer Science, pp. 62–79, Springer.
[26]
A. Barenghi, L. Breveglieri, I. Koren, and D. Naccache, “Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures,” 11, Politecnio di Milano, Milan, Italy, 2012.
[27]
National Institute of Advanced Industrial Science and Technology (AIST), Side-channel Attack Standard Evaluation Board SASEBO-GII Specification, 1.01 edition, 2009.
[28]
J. Lu, “Cryptanalysis of reduced versions of the HIGHT block cipher from CHES 2006,” in Information security and cryptology (ICISC 2007), vol. 4817 of Lecture Notes in Computer Science, pp. 11–26, Springer, Berlin, Germany, 2007.
[29]
O. Özen, K. Varici, C. Tezcan, and C. Kocair, “Lightweight block ciphers revisited: cryptanalysis of reduced round PRESENT and HIGHT,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 5594, pp. 90–107, Springer, Heidelberg, Berlin, Germany, 2009.
[30]
P. Zhang, B. Sun, and C. Li, “Saturation attack on the block cipher HIGHT,” in Proceedings of the CANS 2009, vol. 5888, pp. 76–86.
[31]
B. Koo, D. Hong, and D. Kwon, “Related-Key Attack on the Full HIGHT,” in in Proceeding of ICISC, 2010., LNCS, vol. 6829, pp. 49–67, Springer, Heidel-berg, Berlin, Germany, 2011.
[32]
D. Hong, B. Koo, and D. Kwon, “Biclique Attack on the Full HIGHT,” in in Proceeding of ICISC, 2011, LNCS, vol. 7259, pp. 365–374, Springer, Heidel-berg, Berlin, Germany, 2012.
[33]
Y. Lee, J. Kim, J. H. Park, and S. Hong, “Differential fault analysis on the block cipher HIGHT,” Lecture Notes in Electrical Engineering, vol. 164, no. 1, pp. 407–416, 2012.
[34]
M. S. Mohamed, W. S. Mohamed, J. Ding, and J. Buchmann, “MXL2: solving polynomial equations over GF(2) Using an improved mutant strategy,” in Post-quantum cryptography, vol. 5299 of Lecture Notes in Computer Science, pp. 203–215, Springer, Heidelberg, Berlin, 2008.
[35]
M. S. E. Mohamed, S. Bulygin, M. Zohner, A. Heuser, M. Walter, and J. Buchmann, “Improved algebraic side-channel attack on AES,” Cryptology ePrint Archive, pp. 146–151, 2011, http://eprint.iacr.org/2012/084.pdf.
[36]
M. Renauld and F.-X. Standaert, “Algebraic side-channel attacks,” in Information security and cryptology, vol. 6151 of Lecture Notes in Computer Science, pp. 393–410, Springer, Berlin, 2010.
[37]
J. C. Faugère, “Gröbner Bases,” in FSE 2007, Invited Talk (2007), Applications in Cryptology, 2007, http://fse2007.uni.lu/slides/faugere.pdf.
[38]
X. Wang, S. Narasimhan, A. Krishna, T. Mal-Sarkar, and S. Bhunia, “Sequential hardware trojan: side-channel aware design and placement,” in Proceedings of the 29th IEEE International Conference on Computer Design 2011, ICCD 2011, pp. 297–300, USA, November 2011.
[39]
V. B. Gregory, Algebraic Cryptanalysis, Springer, 2009.
[40]
SAT, Sat Race Competition, http://www.satcompetition.org/.
[41]
S. Paul and B. Preneel, Solving Systems of Differential Equations of Additions, vol. 3574 of Proceeding of ACISP 2005, LNCS, Springer, Heidelberg, Berlin, Germany, 2005.
[42]
J. Ding, J. Buchmann, M. S. E. Mohamed, M. Mohamed, and R. P. Weinmann, “MutantXL algorithm,” in Proceedings of the 1st International Conference in Symbolic Computation and Cryptography, pp. 16–22, 2008.
Index Terms
- Stealthy Hardware Trojan Based Algebraic Fault Analysis of HIGHT Block Cipher
Index terms have been assigned to the content through auto-classification.
Recommendations
Multidimensional zero-correlation attacks on lightweight block cipher HIGHT
HIGHT is a block cipher designed in Korea with the involvement of Korea Information Security Agency. It was proposed at CHES 2006 for usage in lightweight applications such as sensor networks and RFID tags. Lately, it has been adopted as ISO standard. ...
Saturation Attack on the Block Cipher HIGHT
CANS '09: Proceedings of the 8th International Conference on Cryptology and Network SecurityHIGHT is a block cipher with 64-bit block length and 128-bit key length, which was proposed by Hong et al. in CHES 2006 for extremely constrained environments such as RFID tags and sensor networks. In this paper, a new saturation attack on HIGHT is ...
Cryptanalysis of reduced versions of the HIGHT block cipher from CHES 2006
ICISC'07: Proceedings of the 10th international conference on Information security and cryptologyHIGHT is a 32-round block cipher with a 64-bit block size and a 128-bit user key, which was proposed at CHES '06 for low-resource applications like RFID. In this paper, we present an impossible differential attack on 25-round HIGHT, a related-key ...
Comments
Information & Contributors
Information
Published In
Copyright © 2017 Hao Chen et al.
This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 01 January 2017
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 04 Feb 2025