Article

Fault sensitivity analysis

Authors:

Kazuo Sakiyama,

Shigeto Gomisawa,

Toshinori Fukunaga,

Junko Takahashi,

Kazuo OhtaAuthors Info & Claims

CHES'10: Proceedings of the 12th international conference on Cryptographic hardware and embedded systems

Pages 320 - 334

Published: 17 August 2010 Publication History

Abstract

This paper proposes a new fault-based attack called the Fault Sensitivity Analysis (FSA) attack, which unlike most existing fault-based analyses including Differential Fault Analysis (DFA) does not use values of faulty ciphertexts. Fault sensitivity means the critical condition when a faulty output begins to exhibit some detectable characteristics, e.g., the clock frequency when fault operation begins to occur. We explain that the fault sensitivity exhibits sensitive-data dependency and can be used to retrieve the secret key. This paper presents two practical FSA attacks against two AES hardware implementations on SASEBO-R, PPRM1-AES and WDDL-AES. Different from previous work, we show that WDDL-AES is not perfectly secure against setup-time violation attacks. We also discuss a masking technique as a potential countermeasure against the proposed fault-based attack.

References

[1]

Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513-525. Springer, Heidelberg (1997).

Digital Library

[2]

Blömer, J., Seifert, J.-P.: Fault Based Cryptanalysis of the Advanced Encryption Standard (AES). In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 162-181. Springer, Heidelberg (2003).

[3]

Boscher, A., Handschuh, H.: Masking Does Not Protect Against Differential Fault Attacks. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC, pp. 35-40. IEEE Computer Society, Los Alamitos (2008).

Digital Library

[4]

Dusart, P., Letourneux, G., Vivolo, O.: Differential Fault Analysis on A.E.S., Cryptology ePrint Archive, Report2003/010 (2003).

[5]

Research Center for Information Security (RCIS). Side-channel Attack Standard Evaluation Board (SASEBO), http://www.rcis.aist.go.jp/special/SASEBO/CryptoLSI-en.html

[6]

Giraud, C.: DFA on AES, Cryptology ePrint Archive, Report2003/008 (2003).

[7]

Li, Y., Gomisawa, S., Sakiyama, K., Ohta, K.: An Information Theoretic Perspective on the Differential Fault Analysis against AES, Cryptology ePrint Archive, Report2010/032 (2010).

[8]

Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A Generalized Method of Differential Fault Attack Against AES Cryptosystem. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 91-100. Springer, Heidelberg (2006).

Digital Library

[9]

Morioka, S., Satoh, A.: An Optimized S-Box Circuit Architecture for Low Power AES Design. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 172-186. Springer, Heidelberg (2003).

Digital Library

[10]

Mukhopadhyay, D.: An Improved Fault Based Attack of the Advanced Encryption Standard. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 421-434. Springer, Heidelberg (2009).

Digital Library

[11]

Guilley, S., Graba, T., Selmane, N., Bhasin, S., Danger, J.-L.: WDDL is Protected Against Setup Time Violation Attacks. In: FDTC, pp. 73-83. IEEE Computer Society, Los Alamitos (2009).

Digital Library

[12]

Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77-88. Springer, Heidelberg (2003).

[13]

Saha, D., Mukhopadhyay, D., RoyChowdhury, D.: A Diagonal Fault Attack on the Advanced Encryption Standard, Cryptology ePrint Archive, Report2009/581 (2009).

[14]

Sakiyama, K., Yagi, T., Ohta, K.: Fault Analysis Attack against an AES Prototype Chip Using RSL. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 429-443. Springer, Heidelberg (2009).

Digital Library

[15]

Tiri, K., Verbauwhede, I.: A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation. In: DATE, pp. 246-251. IEEE Computer Society, Los Alamitos (2004).

Digital Library

[16]

Tunstall, M., Mukhopadhyay, D.: Differential Fault Analysis of the Advanced Encryption Standard using a Single Fault, Cryptology ePrint Archive, Report2009/ 575 (2009).

Cited By

Savage SLie DMannan MBackes MWang X(2018)Lawful Device Access without Mass Surveillance RiskProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243758(1761-1774)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243758
Yuce BGhalaty NDeshpande CPatrick CNazhandali LSchaumont P(2016)FAMEProceedings of the Hardware and Architectural Support for Security and Privacy 201610.1145/2948618.2948626(1-8)Online publication date: 18-Jun-2016
https://dl.acm.org/doi/10.1145/2948618.2948626
Miura NNajm ZHe WBhasin SNgo XNagata MDanger J(2016)PLL to the rescueProceedings of the 53rd Annual Design Automation Conference10.1145/2897937.2898065(1-6)Online publication date: 5-Jun-2016
https://dl.acm.org/doi/10.1145/2897937.2898065
Show More Cited By

Recommendations

Analyzing and eliminating the causes of fault sensitivity analysis
DATE '14: Proceedings of the conference on Design, Automation & Test in Europe

Fault Sensitivity Analysis (FSA) is a new type of side-channel attack that exploits the relation between the sensitive data and the faulty behavior of a circuit, the so-called fault sensitivity. This paper analyzes the behavior of different ...
Analyzing the Fault Injection Sensitivity of Secure Embedded Software
Special Issue on Secure and Fault-Tolerant Embedded Computing and Regular Papers

Fault attacks on cryptographic software use faulty ciphertext to reverse engineer the secret encryption key. Although modern fault analysis algorithms are quite efficient, their practical implementation is complicated because of the uncertainty that ...
An Efficient Countermeasure against Fault Sensitivity Analysis Using Configurable Delay Blocks
FDTC '12: Proceedings of the 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography

In this paper, we present an efficient countermeasure against Fault Sensitivity Analysis (FSA) based on a configurable delay blocks (CDBs). FSA is a new type of fault attack which exploits the relationship between fault sensitivity and secret ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CHES'10: Proceedings of the 12th international conference on Cryptographic hardware and embedded systems

August 2010

457 pages

ISBN:3642150306

Editors:
Stefan Mangard
Chip Card & Security, Infineon Technologies, Neubiberg, Germany
,
François-Xavier Standaert
Crypto Group, Université Catholique de Louvain, Louvain-la-Neuve, Belgium

Sponsors

IACR: International Association for Cryptologic Research

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 17 August 2010

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Savage SLie DMannan MBackes MWang X(2018)Lawful Device Access without Mass Surveillance RiskProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243758(1761-1774)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243758
Yuce BGhalaty NDeshpande CPatrick CNazhandali LSchaumont P(2016)FAMEProceedings of the Hardware and Architectural Support for Security and Privacy 201610.1145/2948618.2948626(1-8)Online publication date: 18-Jun-2016
https://dl.acm.org/doi/10.1145/2948618.2948626
Miura NNajm ZHe WBhasin SNgo XNagata MDanger J(2016)PLL to the rescueProceedings of the 53rd Annual Design Automation Conference10.1145/2897937.2898065(1-6)Online publication date: 5-Jun-2016
https://dl.acm.org/doi/10.1145/2897937.2898065
Wang QWang AWu LZhang J(2016)A new zero value attack combined fault sensitivity analysis on masked AESMicroprocessors & Microsystems10.1016/j.micpro.2016.06.01445:PB(355-362)Online publication date: 1-Sep-2016
https://dl.acm.org/doi/10.1016/j.micpro.2016.06.014
Dey PChakraborty AAdhikari AMukhopadhyay DNebel WAtienza D(2015)Improved practical differential fault analysis of grain-128Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition10.5555/2755753.2755858(459-464)Online publication date: 9-Mar-2015
https://dl.acm.org/doi/10.5555/2755753.2755858
Zussa LExurville IDutertre JRigaud JRobisson BTria AClédière JPimentel AWong SPelosi GKoren IAgosta GBarenghi A(2015)Evidence of an information leakage between logically independent blocksProceedings of the Second Workshop on Cryptography and Security in Computing Systems10.1145/2694805.2694810(25-30)Online publication date: 19-Jan-2015
https://dl.acm.org/doi/10.1145/2694805.2694810
Patranabis SChakraborty ANguyen PMukhopadhyay D(2015)A Biased Fault Attack on the Time Redundancy Countermeasure for AESRevised Selected Papers of the 6th International Workshop on Constructive Side-Channel Analysis and Secure Design - Volume 906410.1007/978-3-319-21476-4_13(189-203)Online publication date: 13-Apr-2015
https://dl.acm.org/doi/10.1007/978-3-319-21476-4_13
Ghalaty NYuce BSchaumont P(2015)Differential Fault Intensity Analysis on PRESENT and LED Block CiphersRevised Selected Papers of the 6th International Workshop on Constructive Side-Channel Analysis and Secure Design - Volume 906410.1007/978-3-319-21476-4_12(174-188)Online publication date: 13-Apr-2015
https://dl.acm.org/doi/10.1007/978-3-319-21476-4_12
Li YEndo SDebande NHomma NAoki TLe TDanger JOhta KSakiyama K(2013)Exploring the relations between fault sensitivity and power consumptionProceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design10.1007/978-3-642-40026-1_9(137-153)Online publication date: 6-Mar-2013
https://dl.acm.org/doi/10.1007/978-3-642-40026-1_9
Zhao LNishide TSakurai K(2012)Differential fault analysis of full LBlockProceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design10.1007/978-3-642-29912-4_11(135-150)Online publication date: 3-May-2012
https://dl.acm.org/doi/10.1007/978-3-642-29912-4_11

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents