Abstract
Over the years, fault injection has become one of the most dangerous threats for embedded devices such as smartcards. It is thus mandatory for any embedded system to implement efficient protections against this hazard. Among the various countermeasures suggested so far, the idea of infective computation seems fascinating, probably due to its aggressive strategy. Originally conceived to protect asymmetric cryptosystems, infective computation has been recently adapted to symmetric systems. This paper investigates the security of a new symmetric infective countermeasure suggested at CHES 2014. By noticing that the number of executed rounds is not protected, we develop four different attacks that exploit the infection algorithm to disturb the round counter and related variables. Our attacks allow one to efficiently recover the secret key of the underlying cryptosystem by using any of the three most popular fault models used in literature.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bao, F., Deng, R., Han, Y., Jeng, A., Narasimhalu, A.D., Ngair, T.-H.: Breaking public key cryptosystems and tamper resistance devices in the presence of transient fault. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)
Battistello, A., Giraud, C.: Fault analysis of infective AES computations. In: Fischer, W., Schmidt, J.-M. (eds.) FDTC, pp. 101–107. IEEE (2013)
Berzati, A., Canovas, C., Goubin, L.: (In)security against fault injection attacks for CRT-RSA implementations. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.-P. (eds.) Fault Diagnosis and Tolerance in Cryptography - FDTC, pp. 101–107. IEEE Computer Society (2008)
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Choukri, H., Tunstall, M.: Round reduction using faults. In: Breveglieri, L., Koren, I. (eds.) Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC (2005)
Dutertre, J.-M., Mirbaha, A.-P., Naccache, D., Ribotta, A.-L., Tria, A., Vaschalde, T.: Fault round modification analysis of the advanced encryption standard. In: IEEE International Symposium on Hardware-Oriented Security and Trust - HOST, pp. 28–39. IEEE (2012)
Feix, B., Venelli, A.: Defeating with fault injection a combined attack resistant exponentiation. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 32–45. Springer, Heidelberg (2013)
FIPS PUB 197. Advanced Encryption Standard. National Institute of Standards and Technology, November 2001
Gierlichs, B., Schmidt, J.M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 305–321. Springer, Heidelberg (2012)
Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 27–41. Springer, Heidelberg (2005)
Lomné, V., Roche, T., Thillard, A.: On the need of randomness in fault attack countermeasures - application to AES. In: Bertoni, G., Gierlichs, B. (eds.) Fault Diagnosis and Tolerance in Cryptography - FDTC, pp. 85–94. IEEE Computer Society (2012)
Mukhopadhyay, D.: An improved fault based attack of the advanced encryption standard. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 421–434. Springer, Heidelberg (2009)
Patranabis, S., Chakraborty, A., Mukhopadhyay, D.: Fault Tolerant Infective Countermeasure for AES. Cryptology ePrint Archive, Report 2015/493 (2015). http://eprint.iacr.org/
Piret, G., Quisquater, J.J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)
Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 93–111. Springer, Heidelberg (2014)
Wagner, D.: Cryptanalysis of a provable secure CRT-RSA algorithm. In: Pfitzmann, B., Liu, P. (eds.) ACM Conference on Computer and Communications Security - CCS 2004, pp. 82–91. ACM Press (2004)
Yen, S.M., Kim, D., Moon, S.J.: Cryptanalysis of two protocols for RSA with CRT based on fault infection. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 53–61. Springer, Heidelberg (2006)
Yen, S.-M., Kim, S., Lim, S., Moon, S.-J.: RSA speedup with residue number system immune against hardware fault cryptanalysis. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 397–413. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Probability of Success of Attack 1
The success of Attack 1 depends on the chances for the attacker to fault the increment of i in the loop corresponding to the last redundant round execution. Let us denote by \(e_1\) the event of faulting the last redundant round during the q-th loop. The probability \(\mathcal {P}(e_1)\) is thus the probability of having a bit-string rstr that contains 20 “1” on the first \(q -1\) positions, one bit set on the q-th position and a last sub-string with only one bit set on the last \(t-q\) positions. The corresponding number of such sub-strings being equal to \(\left( {\begin{array}{c}q-1\\ 20\end{array}}\right) \), \(\left( {\begin{array}{c}1\\ 1\end{array}}\right) \) and \(\left( {\begin{array}{c}t-q\\ 1\end{array}}\right) \) respectively, this leads us to \(\left( {\begin{array}{c}q-1\\ 20\end{array}}\right) \left( {\begin{array}{c}t-q\\ 1\end{array}}\right) \) exploitable rstr strings.
By dividing this value by the number of possible rstr strings, we obtain the probability \(\mathcal {P}(e_1)\):
As described in Appendix E, we then compute by using Eq. (20) the probability to obtain at least one useful faulty ciphertext by repeating the fault injection r times.
B Probability of Success of Attack 2
Let us evaluate the probability that the event \(e_2\) of obtaining a useful faulty ciphertext by setting to zero the variable \(\lambda \) at Step 5 of Algorithm 1 happens. The probability \(\mathcal {P}(e_2)\) corresponds to the probability of obtaining a string rstr that has 21 bits set on the first \(q-1\) positions, a “1” on the q-th position and only “0”’s on the last \(t-q\) positions. As we have done in Appendix A, we compute this probability as the number of such strings divided by the total number of possible rstr strings. As there is only one possibility that the last \(t-(q-1)\) bits of rstr are exactly “\(1\,0\cdots 0\)”, we thus obtain:
As described in Appendix E, we then compute by using Eq. (20) the probability to obtain at least one useful faulty ciphertext by repeating the fault injection r times.
C Probability of Success of Attack 3
Let us denote by \(e_3\) the event that a random byte error disturbs the string rstr such that it contains only 21 or 20 “1”. To evaluate the probability \(\mathcal {P}(e_3)\) that the event \(e_3\) occurs, let us assume for the sake of simplicity that the attacker disturbs the least significant byte B of rstr which corresponds to a random byte fault model. By firstly evaluating the case 21, we observe that the probability that a bit-string has exactly 21 bits set on the first \(t-8\) positions and the remaining “1” in one of the last 8 positions is:
where we denote by HW(B) the Hamming weight of the byte B. Equation (9) corresponds to the probability that the last byte of rstr has an Hamming weight equal to 1. By summing the corresponding probabilities for all the Hamming weights between 1 and 8 we obtain the probability that the last byte of rstr has an Hamming weight greater than zero:
Now, let us compute the probability of injecting a random error on a byte of Hamming weight i such that the byte contains only \(i-1\) “1” after the disturbance. We thus count for each possible value of B how many 8-bit values e exist such that \(HW(B \oplus e) = HW(B) - 1\). This corresponds to the number of possible errors setting to “0” j bits “1” while setting to “1” \(j-1\) bits “0”. Afterwards we divide the result by the number of possible values for the error e:
This corresponds to the probability that \(HW(B \oplus e) = HW(B) - 1\) by injecting a random error e on a random 8-bit value B.
By combining the two probabilities above, we obtain the probability that rstr contains 21 “1” after a random error injection on the last byte of rstr:
For the case where rstr contains only 20 “1”, we use the same reasoning and we obtain:
Thus the total probability of disturbing the generation of one byte of rstr such that it contains a total of 21 or 20 “1” is:
As described in Appendix E, we then compute by using Eq. (20) the probability to obtain at least one useful faulty ciphertext by repeating the fault injection r times.
D Probability of Success of Attack 4
In the following we denote by \(e_4\) the event that the error e is injected after a cipher round and is such that \(q \oplus e >t\). In order to evaluate the probability \(\mathcal {P}(e_4)\) we need to compute:
-
the probability that the error e leads to \(q \oplus e > t\),
-
the probability that the attacker disturbs the algorithm after a cipher round and not after a redundant or dummy round.
For the first probability, without loss of generality, we assume that q is coded over one byte which should be the case in practice. We thus obtain that the probability of injecting an 8-bit error e such that \(q \oplus e > t\) depends only on t and is given by:
In order to evaluate the second probability we remark that it is equivalent to the probability that the string rstr contains two or three “1” in the first q positions. We recall that rstr is a string with 22 “1” at most. Thus the number of possible strings rstr with only two “1” in the first q positions is:
Summing Eq. (16) to the number of possible strings rstr with only three “1” in the first q positions we obtain the number of favorable cases for the attacker:
By dividing by the total number of possible rstr strings we thus obtain the probability that the algorithm has executed only one cipher round after q rounds:
where \(rstr[1, \ldots , q]\) denotes the sub-string of rstr between the first and the q-th position. By combining the two probabilities we obtain:
which corresponds to the probability that the algorithm returns an exploitable faulty ciphertext by injecting a random error after q rounds.
As described in Appendix E, we then compute by using Eq. 20 the probability to obtain at least one useful faulty ciphertext by repeating the fault injection r times.
E Attack Repetition Probability
For each attack, we denote by \(\mathcal {P}(e_i)\) the probability that event \(e_i\) occurs. By assuming that \(\mathcal {P}(e_i)\) is independent for each execution we can compute the probability of getting at least one useful faulty ciphertext by repeating the fault injection r times as:
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Battistello, A., Giraud, C. (2016). A Note on the Security of CHES 2014 Symmetric Infective Countermeasure. In: Standaert, FX., Oswald, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2016. Lecture Notes in Computer Science(), vol 9689. Springer, Cham. https://doi.org/10.1007/978-3-319-43283-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-43283-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-43282-3
Online ISBN: 978-3-319-43283-0
eBook Packages: Computer ScienceComputer Science (R0)