Skip to main content
SpringerLink
Log in

Transform Without Encode is not Sufficient for SIFA and FTA Security: A Case Study

  • Conference paper
  • First Online:
Book cover Constructive Side-Channel Analysis and Secure Design (COSADE 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12910))

Abstract

Statistical Ineffective Fault Analysis (SIFA) and Fault Template Attack (FTA) are two recently proposed classes of Fault Attacks (FA), which evade almost all existing FA countermeasures, even while they are combined with Side-Channel Analysis (SCA) countermeasures such as masking. Protecting against these attacks requires an entirely new class of mechanisms, and only a handful of suggestions have been made in the context of SIFA so far. Recently, a countermeasure targeting both of these attack classes has been proposed in DATE 2021 [1], claiming security for single-bit faults. In this paper, we present successful SIFA and FTA attacks against this countermeasure using single-bit faults only. Considering the fact that the target countermeasure is a partial instantiation of one of the earliest SIFA countermeasures proposed in [2] (which, on the contrary, is secure against SIFA), this attack establishes that any unproven modification to a countermeasure can be fatal. The proposed attacks were validated in simulation considering state-of-the-art fault models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Recently, automated tools have been proposed to figure out DFAs in block ciphers [17].

  2. 2.

    Biased faults can bypass many code-based error-detection because code-based fault-tolerance techniques always assume that faults are random, and the probability of fault bypassing the detection code is very low. This assumption is not true for biased repeatable faults as the fault bypassing the protection can be created with probability close to one.

  3. 3.

    Note that, the potency against SCA countermeasures is important even in the fault context because masking can prevent a certain class of FAs (such as BFA, SEA, etc.), especially those which does not require ciphertext access.

  4. 4.

    One may wonder how the bias from the S-Box output gets transferred to the input. This is straightforward as the S-Box is bijective.

  5. 5.

    The net where the fault is injected should not be an input of an XOR gate. In such a case, conditional propagation of the fault due to non-linear gates would not hold.

References

  1. Baksi, A., Bhasin, S., Breier, J., Chattopadhyay, A., Kumar, V.B.Y.: Feeding three birds with one scone: a generic duplication based countermeasure to fault attacks (extended version). Cryptology ePrint Archive, Report 2020/1542 (2020). https://eprint.iacr.org/2020/1542

  2. Saha, S., et al.: A framework to counter statistical ineffective fault analysis of block ciphers using domain transformation and error correction. IEEE Trans. Inf. Forensics Secur. 15, 1905–1919 (2019)

    Google Scholar 

  3. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (eds.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_4

  4. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (eds.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052259

  5. Selmane, N., Guilley, S., Danger, J.L.: Practical setup time violation attacks on AES. In: 2008 Seventh European Dependable Computing Conference, pp. 91–96. IEEE (2008)

    Google Scholar 

  6. Barenghi, A., Bertoni, G.M., Breveglieri, L., Pellicioli, M., Pelosi, G.: Low voltage fault attacks to AES. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 7–12. IEEE (2010)

    Google Scholar 

  7. Schmidt, J.M.: Optical and EM fault-attacks on CRT-based RSA: concrete results. In: Austrochip 2007, pp. 61–67 (2007)

    Google Scholar 

  8. Saha, S., Bag, A., Basu Roy, D., Patranabis, S., Mukhopadhyay, D.: Fault template attacks on block ciphers exploiting fault propagation. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 612–643. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_22

  9. Selmke, B., Brummer, S., Heyszl, J., Sigl, G.: Precise laser fault injections into 90 nm and 45 nm SRAM-cells. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 193–205. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-31271-2_12

  10. Selmke, B., Heyszl, J., Sigl, G.: Attack on a DFA protected AES by simultaneous laser fault injections. In: 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 36–46. IEEE (2016)

    Google Scholar 

  11. Bhattacharya, S., Mukhopadhyay, D.: Curious case of Rowhammer: flipping secret exponent bits using timing analysis. In: Gierlichs, B., Poschmann, A. (eds.) CHES 2016. LNCS, vol. 9813, pp. 602–624. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_29

  12. Murdock, K., Oswald, D., Garcia, F.D., Van Bulck, J., Gruss, D., Piessens, F.: Plundervolt: software-based fault injection attacks against Intel SGX. In: Proceedings of 41st IEEE Symposium on Security and Privacy (S&P), pp. 1466–1482. IEEE, San Francisco, May 2020

    Google Scholar 

  13. Chen, Z., Vasilakis, G., Murdock, K., Dean, E., Oswald, D., Garcia, F.D.: VoltPillager: hardware-based fault injection attacks against Intel SGX enclaves using the SVID voltage scaling interface. In: 29th USENIX Security Symposium. USENIX (2020)

    Google Scholar 

  14. Sabbagh, M., Fei, Y., Kaeli, D.: A novel GPU overdrive fault attack. In: 2020 57th ACM/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2020)

    Google Scholar 

  15. Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21040-2_15

  16. Saha, D., Mukhopadhyay, D., Chowdhury, D.R.: A diagonal fault attack on the advanced encryption standard. IACR Cryptol. ePrint Arch. 2009(581) (2009)

    Google Scholar 

  17. Saha, S., Mukhopadhyay, D., Dasgupta, P.: ExpFault: an automated framework for exploitable fault characterization in block ciphers. IACR Trans. Crypt. Hardw. Embed. Syst. 242–276 (2018)

    Google Scholar 

  18. Fuhr, T., Jaulmes, E., Lomné, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: Proceedings of the 10th IEEE Workshop Fault Diagnosis Tolerance Cryptography (FDTC), pp. 108–118. IEEE, Santa Barbara, August 2013

    Google Scholar 

  19. Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.X. (eds.) CHES 2010, vol. 6225, pp. 320–334. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_22

  20. Ghalaty, N.F., Yuce, B., Taha, M., Schaumont, P.: Differential fault intensity analysis. In: Proceedings of the 11th Workshop Fault Diagnosis Tolerance Cryptography (FDTC), pp. 49–58. IEEE, Busan, September 2014

    Google Scholar 

  21. Yen, S.M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)

    Google Scholar 

  22. Korkikian, R., Pelissier, S., Naccache, D.: Blind fault attack against SPN ciphers. In: FDTC, pp. 94–103. IEEE (2014)

    Google Scholar 

  23. Guo, X., Mukhopadhyay, D., Jin, C., Karri, R.: Security analysis of concurrent error detection against differential fault analysis. J. Cryptogr. Eng. 5(3), 153–169 (2015). https://doi.org/10.1007/s13389-014-0092-8

  24. Breier, J., He, W., Jap, D., Bhasin, S., Chattopadhyay, A.: Attacks in reality: the limits of concurrent error detection codes against laser fault injection. J. Hardw. Syst. Secur. 1(4), 298–310 (2017). https://doi.org/10.1007/s41635-017-0020-3

  25. Patranabis, S., Chakraborty, A., Nguyen, P.H., Mukhopadhyay, D.: A biased fault attack on the time redundancy countermeasure for AES. In: Mangard, S., Poschmann, A. (eds.) COSADE 2015. LNCS, vol. 9604, pp. 189–203. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21476-4_13

  26. Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization. In: Batina, L., Robshaw, M. (eds) CHES 2014, vol. 8731, pp. 93–111. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_6

  27. Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 547–572 (2018)

    Google Scholar 

  28. Dobraunig, C., Eichlseder, M., Gross, H., Mangard, S., Mendel, F., Primas, R.: Statistical ineffective fault attacks on masked AES with fault countermeasures. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 315–342. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_11

  29. Saha, S., Jap, D., Roy, D.B., Chakraborty, A., Bhasin, S., Mukhopadhyay, D.: A framework to counter statistical ineffective fault analysis of block ciphers using domain transformation and error correction. IEEE Trans. Inf. Forensics Secur. 15, 1905–1919 (2020)

    Google Scholar 

  30. Daemen, J., Dobraunig, C., Eichlseder, M., Gross, H., Mendel, F., Primas, R.: Protecting against statistical ineffective fault attacks. Cryptology ePrint Archive, Report 2019/536 (2019). https://eprint.iacr.org/2019/536

  31. Breier, J., Khairallah, M., Hou, X., Liu, Y.: A countermeasure against statistical ineffective fault analysis. Cryptology ePrint Archive, Report 2019/515 (2019). http://eprint.iacr.org/2019/515

  32. Shahmirzadi, A.R., Rasoolzadeh, S., Moradi, A.: Impeccable circuits II. In: Proceedings of 57th ACM/IEEE Design Automation Conference, (DAC), pp. 1–6. IEEE, San Francisco, July 2020

    Google Scholar 

  33. Saha, S., Bag, A., Mukhopadhyay, D.: Pushing the limits of fault template attacks: the role of side-channels. Cryptology ePrint Archive, Report 2020/892 (2020)

    Google Scholar 

  34. Baksi, A., Kumar, V.B.Y., Karmakar, B., Bhasin, S., Saha, D., Chattopadhyay, A.: A novel duplication based countermeasure to statistical ineffective fault analysis. In: Liu, J.K., Cui, H. (eds.) ACISP 2020. LNCS, vol. 12248, pp. 525–542. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-55304-3_27

  35. Daemen, J., Hoffert, S., Assche, G.V., Keer, R.V.: The design of Xoodoo and Xoofff. IACR Trans. Symmetric Cryptol. 2018(4), 1–38 (2018)

    Google Scholar 

  36. Bogdanov, A., et al.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31

  37. Zhang, F., et al.: Persistent fault analysis on block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 150–172 (2018)

    Google Scholar 

  38. Pan, J., Zhang, F., Ren, K., Bhasin, S.: One fault is all it needs: breaking higher-order masking with persistent fault analysis. In: 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1–6. IEEE (2019)

    Google Scholar 

  39. Mukhopadhyay, D.: Faultless to a fault? The case of threshold implementations of crypto-systems vs fault template attacks. In: IEEE/ACM International Conference on Computer Aided Design, ICCAD 2020, San Diego, CA, USA, 2–5 November 2020, pp. 66:1–66:9. IEEE (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology Kharagpur, Kharagpur, India

    Sayandeep Saha & Debdeep Mukhopadhyay

Authors
  1. Sayandeep Saha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Debdeep Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Shivam Bhasin

  2. Siemens AG, Munich, Germany

    Fabrizio De Santis

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Saha, S., Mukhopadhyay, D. (2021). Transform Without Encode is not Sufficient for SIFA and FTA Security: A Case Study. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89915-8_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89914-1

  • Online ISBN: 978-3-030-89915-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation