Abstract
Statistical Ineffective Fault Analysis (SIFA) and Fault Template Attack (FTA) are two recently proposed classes of Fault Attacks (FA), which evade almost all existing FA countermeasures, even while they are combined with Side-Channel Analysis (SCA) countermeasures such as masking. Protecting against these attacks requires an entirely new class of mechanisms, and only a handful of suggestions have been made in the context of SIFA so far. Recently, a countermeasure targeting both of these attack classes has been proposed in DATE 2021 [1], claiming security for single-bit faults. In this paper, we present successful SIFA and FTA attacks against this countermeasure using single-bit faults only. Considering the fact that the target countermeasure is a partial instantiation of one of the earliest SIFA countermeasures proposed in [2] (which, on the contrary, is secure against SIFA), this attack establishes that any unproven modification to a countermeasure can be fatal. The proposed attacks were validated in simulation considering state-of-the-art fault models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Recently, automated tools have been proposed to figure out DFAs in block ciphers [17].
- 2.
Biased faults can bypass many code-based error-detection because code-based fault-tolerance techniques always assume that faults are random, and the probability of fault bypassing the detection code is very low. This assumption is not true for biased repeatable faults as the fault bypassing the protection can be created with probability close to one.
- 3.
Note that, the potency against SCA countermeasures is important even in the fault context because masking can prevent a certain class of FAs (such as BFA, SEA, etc.), especially those which does not require ciphertext access.
- 4.
One may wonder how the bias from the S-Box output gets transferred to the input. This is straightforward as the S-Box is bijective.
- 5.
The net where the fault is injected should not be an input of an XOR gate. In such a case, conditional propagation of the fault due to non-linear gates would not hold.
References
Baksi, A., Bhasin, S., Breier, J., Chattopadhyay, A., Kumar, V.B.Y.: Feeding three birds with one scone: a generic duplication based countermeasure to fault attacks (extended version). Cryptology ePrint Archive, Report 2020/1542 (2020). https://eprint.iacr.org/2020/1542
Saha, S., et al.: A framework to counter statistical ineffective fault analysis of block ciphers using domain transformation and error correction. IEEE Trans. Inf. Forensics Secur. 15, 1905–1919 (2019)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (eds.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_4
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (eds.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052259
Selmane, N., Guilley, S., Danger, J.L.: Practical setup time violation attacks on AES. In: 2008 Seventh European Dependable Computing Conference, pp. 91–96. IEEE (2008)
Barenghi, A., Bertoni, G.M., Breveglieri, L., Pellicioli, M., Pelosi, G.: Low voltage fault attacks to AES. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 7–12. IEEE (2010)
Schmidt, J.M.: Optical and EM fault-attacks on CRT-based RSA: concrete results. In: Austrochip 2007, pp. 61–67 (2007)
Saha, S., Bag, A., Basu Roy, D., Patranabis, S., Mukhopadhyay, D.: Fault template attacks on block ciphers exploiting fault propagation. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 612–643. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_22
Selmke, B., Brummer, S., Heyszl, J., Sigl, G.: Precise laser fault injections into 90 nm and 45 nm SRAM-cells. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 193–205. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-31271-2_12
Selmke, B., Heyszl, J., Sigl, G.: Attack on a DFA protected AES by simultaneous laser fault injections. In: 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 36–46. IEEE (2016)
Bhattacharya, S., Mukhopadhyay, D.: Curious case of Rowhammer: flipping secret exponent bits using timing analysis. In: Gierlichs, B., Poschmann, A. (eds.) CHES 2016. LNCS, vol. 9813, pp. 602–624. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_29
Murdock, K., Oswald, D., Garcia, F.D., Van Bulck, J., Gruss, D., Piessens, F.: Plundervolt: software-based fault injection attacks against Intel SGX. In: Proceedings of 41st IEEE Symposium on Security and Privacy (S&P), pp. 1466–1482. IEEE, San Francisco, May 2020
Chen, Z., Vasilakis, G., Murdock, K., Dean, E., Oswald, D., Garcia, F.D.: VoltPillager: hardware-based fault injection attacks against Intel SGX enclaves using the SVID voltage scaling interface. In: 29th USENIX Security Symposium. USENIX (2020)
Sabbagh, M., Fei, Y., Kaeli, D.: A novel GPU overdrive fault attack. In: 2020 57th ACM/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2020)
Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21040-2_15
Saha, D., Mukhopadhyay, D., Chowdhury, D.R.: A diagonal fault attack on the advanced encryption standard. IACR Cryptol. ePrint Arch. 2009(581) (2009)
Saha, S., Mukhopadhyay, D., Dasgupta, P.: ExpFault: an automated framework for exploitable fault characterization in block ciphers. IACR Trans. Crypt. Hardw. Embed. Syst. 242–276 (2018)
Fuhr, T., Jaulmes, E., Lomné, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: Proceedings of the 10th IEEE Workshop Fault Diagnosis Tolerance Cryptography (FDTC), pp. 108–118. IEEE, Santa Barbara, August 2013
Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.X. (eds.) CHES 2010, vol. 6225, pp. 320–334. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_22
Ghalaty, N.F., Yuce, B., Taha, M., Schaumont, P.: Differential fault intensity analysis. In: Proceedings of the 11th Workshop Fault Diagnosis Tolerance Cryptography (FDTC), pp. 49–58. IEEE, Busan, September 2014
Yen, S.M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)
Korkikian, R., Pelissier, S., Naccache, D.: Blind fault attack against SPN ciphers. In: FDTC, pp. 94–103. IEEE (2014)
Guo, X., Mukhopadhyay, D., Jin, C., Karri, R.: Security analysis of concurrent error detection against differential fault analysis. J. Cryptogr. Eng. 5(3), 153–169 (2015). https://doi.org/10.1007/s13389-014-0092-8
Breier, J., He, W., Jap, D., Bhasin, S., Chattopadhyay, A.: Attacks in reality: the limits of concurrent error detection codes against laser fault injection. J. Hardw. Syst. Secur. 1(4), 298–310 (2017). https://doi.org/10.1007/s41635-017-0020-3
Patranabis, S., Chakraborty, A., Nguyen, P.H., Mukhopadhyay, D.: A biased fault attack on the time redundancy countermeasure for AES. In: Mangard, S., Poschmann, A. (eds.) COSADE 2015. LNCS, vol. 9604, pp. 189–203. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21476-4_13
Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization. In: Batina, L., Robshaw, M. (eds) CHES 2014, vol. 8731, pp. 93–111. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_6
Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 547–572 (2018)
Dobraunig, C., Eichlseder, M., Gross, H., Mangard, S., Mendel, F., Primas, R.: Statistical ineffective fault attacks on masked AES with fault countermeasures. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 315–342. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_11
Saha, S., Jap, D., Roy, D.B., Chakraborty, A., Bhasin, S., Mukhopadhyay, D.: A framework to counter statistical ineffective fault analysis of block ciphers using domain transformation and error correction. IEEE Trans. Inf. Forensics Secur. 15, 1905–1919 (2020)
Daemen, J., Dobraunig, C., Eichlseder, M., Gross, H., Mendel, F., Primas, R.: Protecting against statistical ineffective fault attacks. Cryptology ePrint Archive, Report 2019/536 (2019). https://eprint.iacr.org/2019/536
Breier, J., Khairallah, M., Hou, X., Liu, Y.: A countermeasure against statistical ineffective fault analysis. Cryptology ePrint Archive, Report 2019/515 (2019). http://eprint.iacr.org/2019/515
Shahmirzadi, A.R., Rasoolzadeh, S., Moradi, A.: Impeccable circuits II. In: Proceedings of 57th ACM/IEEE Design Automation Conference, (DAC), pp. 1–6. IEEE, San Francisco, July 2020
Saha, S., Bag, A., Mukhopadhyay, D.: Pushing the limits of fault template attacks: the role of side-channels. Cryptology ePrint Archive, Report 2020/892 (2020)
Baksi, A., Kumar, V.B.Y., Karmakar, B., Bhasin, S., Saha, D., Chattopadhyay, A.: A novel duplication based countermeasure to statistical ineffective fault analysis. In: Liu, J.K., Cui, H. (eds.) ACISP 2020. LNCS, vol. 12248, pp. 525–542. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-55304-3_27
Daemen, J., Hoffert, S., Assche, G.V., Keer, R.V.: The design of Xoodoo and Xoofff. IACR Trans. Symmetric Cryptol. 2018(4), 1–38 (2018)
Bogdanov, A., et al.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31
Zhang, F., et al.: Persistent fault analysis on block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 150–172 (2018)
Pan, J., Zhang, F., Ren, K., Bhasin, S.: One fault is all it needs: breaking higher-order masking with persistent fault analysis. In: 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1–6. IEEE (2019)
Mukhopadhyay, D.: Faultless to a fault? The case of threshold implementations of crypto-systems vs fault template attacks. In: IEEE/ACM International Conference on Computer Aided Design, ICCAD 2020, San Diego, CA, USA, 2–5 November 2020, pp. 66:1–66:9. IEEE (2020)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Saha, S., Mukhopadhyay, D. (2021). Transform Without Encode is not Sufficient for SIFA and FTA Security: A Case Study. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-89915-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89914-1
Online ISBN: 978-3-030-89915-8
eBook Packages: Computer ScienceComputer Science (R0)