Abstract
Infective countermeasures have been a promising class of fault attack countermeasures. However, they have been subjected to several attacks owing to lack of formal proofs of security and improper implementations. In this paper, we first provide a formal information theoretic proof of security for one of the most recently proposed state of the art infective countermeasures against DFA, under the assumption that the adversary does not change the flow sequence or skip any instruction. Subsequently, we identify weaknesses in the infection mechanism of the countermeasure that could be exploited by attacks which change the flow sequence. Furthermore, we propose an augmented infective countermeasure scheme obtained by introducing suitable randomizations that reduce the success probabilities of such attacks. Finally, we develop a fault tolerant implementation of the countermeasure using the x86 instruction set to make any attacks which attempt to change the control flow of the algorithm via instruction skips practically infeasible. All the claims have been validated by supporting simulations and real-life experiments on a SASEBO-W platform. We also compare the fault tolerance provided by our proposed countermeasure scheme against that provided by the existing scheme.
Similar content being viewed by others
References
Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Kaliski BS Jr (ed) Advances in cryptology – CRYPTO 1997, volume 1294 of lecture notes in computer science, pp 513–525. Springer
Boneh D, DeMillo RA, Lipton RJ (1997) On the importance of checking cryptographic protocols for faults. In: Fumy W (ed) Advances in cryptology – EUROCRYPT 1997, volume 1233 of lecture notes in computer science, pp 37–51. Springer
Ghalaty N, Yuce B, Taha M, Schaumont P (2014) Differential fault intensity analysis 2014 workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE
Blömer J, Seifert J-P (2003) Fault based cryptanalysis of the advanced encryption standard (AES). In: Wright R N (ed) Financial cryptography, volume 2742 of lecture notes in computer science, pp 162–181. Springer
Malkin TG, Standaert F-X, Yung M (2006) A comparative cost/security analysis of fault attack countermeasures Fault diagnosis and tolerance in cryptography, pp 159–172. Springer
Maistri P, Leveugle R (2008) Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans Comput 57(11):1528–1539
Patranabis S, Chakraborty A, Nguyen PH, Mukhopadhyay D (2015) A biased fault attack on the time redundancy countermeasure for AES Constructive side-channel analysis and secure design. Springer
Lomné V, Roche T, Thillard A (2012) On the need of randomness in fault attack countermeasures—application to AES. In: Bertoni G, Gierlichs B (eds) Fault diagnosis and tolerance in cryptography – FDTC 2012, pp 85–94. IEEE Computer Society
Gierlichs B, Schmidt J-M, Tunstall M (2012) Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. In: Hevia A, Neven G (eds) Progress in cryptology – LATINCRYPT 2012, volume 7533 of lecture notes in computer science, pp 305–321. Springer
Battistello A, Giraud C (2013) Fault analysis of infective AES computations. In: Fischer W, Schmidt J-M (eds) Fault diagnosis and tolerance in cryptography – FDTC 2013, pp 101–107. IEEE Computer Society
Tupsamudre H, Bisht S, Mukhopadhyay D (2014) Destroying fault invariant with randomization Cryptographic hardware and embedded systems–CHES 2014, pp 93–111. Springer
Schmidt J, Herbst C (2008) A practical fault attack on square and multiply 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, 2008. FDTC’08, pp 53–58. IEEE
Barenghi A, Bertoni GM, Breveglieri L, Pelosi G (2013) A fault induction technique based on voltage underfeeding with application to attacks against aes and rsa. J Syst Softw 86(7):1864–1878
Balasch J, Gierlichs B (2011) Ingrid Verbauwhede. An in-depth and black-box characterization of the effects of clock glitches on 8-bit mcus 2011 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 105–114. IEEE
Dehbaoui Ax, Dutertre J-M, Robisson B, Tria A (2012) Electromagnetic transient faults injection on a hardware and a software implementations of aes 2012 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 7–15. IEEE
Trichina E, Korkikyan R (2010) Multi fault laser attacks on protected crt-rsa 2010 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 75–86. IEEE
Piret G, Quisquater J-J (2003) A Differential fault attack technique against SPN structures, with application to the AES and KHAZAD Cryptographic hardware and embedded systems, CHES 2003, pp 77–88. Springer
Mukhopadhyay D (2009) An improved fault based attack of the advanced encryption standard. In: Preneel B (ed) Progress in cryptology – AFRICACRYPT 2009, volume 5580 of lecture notes in computer science, pp 421–434. Springer
Tunstall M, Mukhopadhyay D, Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault Information security theory and practice. Security and privacy of mobile devices in wireless communication, pp 224–233. Springer
Fuhr T, Jaulmes E, Lomne V, Thillard A (2013) Fault attacks on AES with faulty ciphertexts only 2013 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 108–118. IEEE
Robisson B, Manet P (2007) Differential behavioral analysis Proceedings of the 9th international workshop on cryptographic hardware and embedded systems, 2007. CHES 2007, pp 413–426. Vienna, Austria
Li Y, Sakiyama K, Gomisawa S, Fukunaga T, Takahashi J, Ohta K (2010) Fault sensitivity analysis. Cryptographic hardware and embedded systems, CHES 2010, pp 320–334. Springer
Mischke O, Moradi A, Güneysu T (2014) Fault sensitivity analysis meets zero-value attack 2014 Workshop on fault diagnosis and tolerance in cryptography FDTC 2014, Busan, South Korea, September 23, 2014, pp 59–67
Joye M, Manet P, Rigaud J-B (2007) Strengthening hardware aes implementations against fault attacks. IET Inf Secur 1(3):106– 110
Guo X, Karri R (2013) Recomputing with permuted operands: a concurrent error detection approach. IEEE Trans Comput Aided Des Integr Circuits Syst 32(10):1595–1608
Bringer J, Carlet C, Chabanne H, Guilley S, Maghrebi H (2014) Orthogonal direct sum masking Information security theory and practice. Securing the internet of things, pp 40–56. Springer
Heydemann K, Moro N, Encrenaz E, Robisson B (2013) Formal verification of a software countermeasure against instruction skip attacks PROOFS
Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices Theory, practice, and countermeasures. Proc IEEE 100(11):3056–3076
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Patranabis, S., Chakraborty, A. & Mukhopadhyay, D. Fault Tolerant Infective Countermeasure for AES. J Hardw Syst Secur 1, 3–17 (2017). https://doi.org/10.1007/s41635-017-0006-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-017-0006-1