Abstract
In CHES 2010, Fault Sensitivity Analysis (FSA) on Advanced Encryption Standard (AES) hardware circuit based on S-box setup-time acquired by injecting clock glitches is proposed. Soon after, some improvements of FSA were presented such as colliding timing characteristics from Moradi et al. However, the acquisition of timing characteristics requires complex procedure due to the very gradual decrease of clock glitch cycle and the heavy requirements of setup-time samples. In HOST 2015, Wang et al. presented template-based right or wrong collision rate attack to improve the efficiency of FSA, but its profiling and plaintexts-choice procedures required too many encryptions. In this paper, we fix only one specific clock glitch cycle, and take the right or wrong collision rate as a collision distinguisher. So, the whole process is a non-profiling collision attack which can be executed automatically without massive pre-computations and interactions between PC and signal generator. According to the experiments, 256 encryptions are enough for exactly deciding whether two plaintext bytes can induce an S-box collision. Compared with the existing power analysis and FSA-based attacks on AES hardware, it costs negligible time (about 6.65 s) and storage space (only one byte), and no offline computations for finding the collision between two masked S-boxes. Furthermore, our study shows that the signal-to-noise ratio in FSA-based attacks is much higher than power-based attacks.
Similar content being viewed by others
References
Kocher P. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Advances in Cryptology—CRYPTO’96. Berlin: Springer, 1996. 104–113
Bogdanov A. Improved side-channel collision attacks on AES. In: Selected Areas in Cryptography. Berlin: Springer, 2007. 84–95
Bogdanov A. Multiple-differential side-channel collision attacks on AES. In: Cryptographic Hardware and Embedded Systems—CHES 2008. Berlin: Springer, 2008. 30–44
Schramm K, Leander G, Felke P, et al. A collision-attack on AES combining side channel- and differential-attack. In: Cryptographic Hardware and Embedded Systems—CHES 2004. Berlin: Springer, 2004. 163–175
Schramm K, Wollinger T J, Paar C. A new class of collision attacks and its application to DES. In: Fast Software Encryption. Berlin: Springer, 2003. 206–222
Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems—CHES 2004. Berlin: Springer, 2004. 16–29
Bogdanov A, Kizhvatov I. Beyond the limits of DPA: combined side-channel collision attacks. IEEE Trans Comput, 2012, 61: 1153–1164
Clavier C, Feix B, Gagnerot G, et al. Improved collision-correlation power analysis on first order protected AES. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 49–62
Oswald E, Mangard S, Herbst C, et al. Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Topics in Cryptology—CT-RSA 2006. Berlin: Springer, 2006. 192–207
Chair S, Rao J R, Rohatgi P. Template attacks. In: Cryptographic Hardware and Embedded Systems—CHES 2002. Berlin: Springer, 2003. 13–28
Biham E, Shamir A. Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology—CRYPTO’97. Berlin: Springer, 1997. 513–525
Ege B, Eisenbarth T, Batina L. Near collision side channel attacks. In: Selected Areas in Cryptography—SAC 2015 Cryptology. Berlin: Springer. 2015. 277–292
Ye X, Chen C, Eisenbarth T. Non-linear collision analysis. In: Radio Frequency Identification: Security and Privacy Issues. Berlin: Springer, 2014. 198–214
Li Y, Sakiyama K, Gomisawa S, et al. Fault sensitivity analysis. In: Cryptographic Hardware and Embedded Systems, CHES 2010. Berlin: Springer, 2010. 320–334
Moradi A, Mischke O, Eisenbarth T. Correlation-enhanced power analysis collision attack. In: Cryptographic Hardware and Embedded Systems, CHES 2010. Berlin: Springer, 2010. 125–139
Moradi A, Mischke O, Paar C, et al. On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 292–311
Wang A, Chen M, Wang Z Y, et al. Fault rate analysis: breaking masked AES hardware implementations efficiently. IEEE Trans Circ Syst, 2013, 60: 517–521
Ren Y T,Wang A, Wu L J. Transient-steady effect attack on block ciphers. In: Cryptographic Hardware and Embedded Systems—CHES 2015. Berlin: Springer, 2015. 433–450
Wang Q, Wang A, Wu L J, et al. Template attack on masking AES based on fault sensitivity analysis. In: Proceedings of IEEE International Symposium on Hardware Oriented Security and Trust (HOST 2015), Washington, 2015. 96–99
Mangard S, Aigner M, Dominikus S. A highly regular and scalable AES hardware architecture. IEEE Trans Comput, 2003, 52: 483–491
Canright D. A very compact S-box for AES. In: Cryptographic Hardware and Embedded Systems—CHES 2005. Berlin: Springer, 2005. 441–455
Paar C. Efficient VLSI architectures for bit-parallel computation in Galois fields. Dissertation for Ph.D. Degree. Essen: University of Essen, 1994
Rudra A, Dubey P K, Jutla C S, et al. Efficient Rijdael encryption implementation with composite field arithmetic. In: Cryptographic Hardware and Embedded Systems—CHES 2001. Berlin: Springer, 2001. 171–184
Morioka S, Satoh A. An optimized S-box circuit architecture for low power AES design. In: Cryptographic Hardware and Embedded Systems—CHES 2002. Berlin: Springer, 2003. 172–186
Canright D, Batina L. A very compact “perfectly masked” S-box for AES. In: Applied Cryptography and Network Security. Berlin: Springer, 2008. 446–459
Genelle L, Prouff E, Quisquater M. Thwarting higher-order side channel analysis with additive and multiplicative maskings. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 240–255
Kim H, Hong S, Lim J. A fast and provably secure higher-order masking of AES S-box. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 95–107
Endo S, Sugawara T, Homma N, et al. An on-chip glitchy-clock generator for testing fault injection attacks. J Cryptogr Eng, 2011, 1: 265–270
Acknowledgments
This work was supported by National Natural Science Foundation of China (Grant Nos. 61402252, 61402536), Beijing Natural Science Foundation (Grant No. 4162053), Foundation of Science and Technology on Information Assurance Laboratory (Grant No. KJ-15-005), and Beijing Institute of Technology Research Fund Program for Young Scholars.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, A., Zhang, Y., Tian, W. et al. Right or wrong collision rate analysis without profiling: full-automatic collision fault attack. Sci. China Inf. Sci. 61, 032101 (2018). https://doi.org/10.1007/s11432-016-0616-4
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-016-0616-4