Skip to main content
SpringerLink
Log in

An automated framework for exploitable fault identification in block ciphers

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Faults have been practically exploited on several occasions to compromise the security of mathematically robust cryptosystems at the implementation level. However, not every possible fault within a cryptosystem is exploitable for fault attack. Comprehensive knowledge about the exploitable part of the fault space is thus imperative for both the algorithm designer and the implementer in order to invent precise countermeasures and robust algorithms. This paper addresses the problem of exploitable fault characterization in the context of differential fault analysis attacks on block ciphers. A generic and automated framework has been proposed, which can determine the exploitability of fault instances from any given block cipher in a fast and scalable manner. Such automation is supposed to work as the core engine for analysing the fault spaces, which are, in general, difficult to characterize with manual effort due to their formidable size and the complex structural features of the ciphers. Our framework significantly outperforms another recently proposed one as reported by Khanna et.al. (in: DAC, ACM, pp. 1–6, 2017), in terms of attack class coverage and automation effort. Evaluation of the framework on AES and PRESENT establishes the efficacy of it as a potential tool for exploitable fault analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. Roughly speaking, distinguishers are certain mathematical constraints over the values assumed by an intermediate state (or more specifically, constraints over the XOR difference between the correct and faulty computation of an intermediate state) of a cipher, resulting from the injection of a fault. They typically work as filters for eliminating wrong candidates reducing the entropy of the secret key.

  2. Without loss of generality, we assume all the states to be of fixed length.

  3. As a concrete example, in PRESENT the S-Boxes process data as 4-bit words, whereas the bit-permutation layer processes it as bits.

  4. From now onward, we shall use the terms wrong key distinguisher and distinguisher interchangeably.

  5. It is worth noting that Definitions 9 and 6 are equivalent. The reduction in the entropy of a state-differential implies that its underlying distribution is biased (i.e. not uniformly random). As already pointed out in Sect. 2.2.2, the constraints over state-differential variables make the underlying state-differential distribution non-uniform. This non-uniformity can be quantified via the reduction in Shannon entropy.

  6. Set-up for the Apriori algorithm is provided in the extended version of the paper in [7].

  7. Our prototype implementation can output such graphs in .dot format during analysis.

  8. As the fault injection points go deeper inside the rounds (from the ciphertext side), the number of state-differentials to analyse increases. That is why we observe this linear increase in runtime.

  9. In principle, any nonlinear operation standing between a distinguisher and a key addition layer should lead to the construction of fault difference equations for key extraction.

References

  1. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO’97, pp. 513–525 (1997)

  2. Derbez, P., et al.: Meet-in-the-middle and impossible differential fault analysis on AES. In: CHES’11

  3. Dusart, P., et al.: Differential fault analysis on AES. In: ACNS’03, pp. 293–306. Springer (2003)

  4. Hall, M., et al.: The WEKA data mining software: an update. SIGKDD Explor. 11(1), 10–18 (2009)

    Article  Google Scholar 

  5. Jeong, K., et al.: Improved differential fault analysis on PRESENT-80/128. Int. J. Comput. Math. 90(12), 2553–2563 (2013)

    Article  MATH  Google Scholar 

  6. Khanna, P., et al.: XFC: a framework for eXploitable fault characterization in block ciphers. In: DAC. pp. 1–6. ACM (2017)

  7. Saha, S., et al.: Differential fault analysis automation. IACR Cryptology ePrint Archive. http://eprint.iacr.org/2017/673 (2017)

  8. Tunstall, M., et al.: Differential fault analysis of the advanced encryption standard using a single fault. In: WISTP’11, pp. 224–233. Springer (2011)

  9. Zhang, F., et al.: A framework for the analysis and evaluation of algebraic fault attacks on lightweight block ciphers. IEEE Trans. Inf. Forensics Secur. 11(5), 1039–1054 (2016)

    Article  Google Scholar 

  10. Barthe, G., et al.: Synthesis of fault attacks on cryptographic implementations. In: ACMCCS 2014, pp. 1016–1027. ACM (2014)

  11. Banik, S., et al.: GIFT: a small PRESENT. In: CHES 2017, pp. 321–345. Springer (2017)

  12. Ghalaty, N.F., et al.: Differential fault intensity analysis. In: FDTC 2014, pp. 49–58. IEEE (2014)

  13. Saha, S., et al.: ExpFault: an automated framework for exploitable fault characterization in block ciphers IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 242–276 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, West Bengal, 721302, India

    Sayandeep Saha, Ujjawal Kumar, Debdeep Mukhopadhyay & Pallab Dasgupta

Authors
  1. Sayandeep Saha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ujjawal Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Debdeep Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pallab Dasgupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sayandeep Saha.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Saha, S., Kumar, U., Mukhopadhyay, D. et al. An automated framework for exploitable fault identification in block ciphers. J Cryptogr Eng 9, 203–219 (2019). https://doi.org/10.1007/s13389-019-00203-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-019-00203-9

Keywords

Search

Navigation