ABSTRACT
The propagation of faults in hardware devices for a Boolean circuit leaves a distinct fault template which can be used as a signature to launch a new class of attacks called Fault Template Attacks (FTA). In this paper we present a systematic methodology to develop fault templates of Boolean circuits using awell known concept in design verification, namely positive Davio's decomposition. We use this improved template called FTA* to attack a popular defence against side channel analysis called Threshold Implementations (TI), which are based on computations using non-complete shares of the secret data to hide it. The paper tries to explore whether such shares can be still combined to reveal the secret quantities by inflicting carefully crafted faults in the registers storing the shares and observing the fault propagation templates. In particular, we show as a case study that a TI-protected S-Box of the PRESENT block cipher can be circumvented by considering Double Event Upset (DEU) faults in single registers storing targeted shared bits as suggested by the derived fault templates. This shows that the TI crypto-circuits are not naturally faultless to faults and needs further explorations to thwart such powerful attack vectors.
- Eli Biham and Adi Shamir. 1997. Differential Fault Analysis of Secret Key Cryptosystems. In Advances in Cryptology - CRYPTO '97, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17--21, 1997, Proceedings (Lecture Notes in Computer Science), Burton S. Kaliski Jr. (Ed.), Vol. 1294. Springer, 513--525. Google ScholarCross Ref
- Begül Bilgin. [n.d.]. Threshold Implementations As Countermeasure Against Higher-Order Differential Power Analysis. Ph.D. Dissertation. K U Leuven, Belgium.Google Scholar
- Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract). In Advances in Cryptology - EUROCRYPT '97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11--15, 1997, Proceeding (Lecture Notes in Computer Science), Walter Fumy (Ed.), Vol. 1233. Springer, 37--51. Google ScholarDigital Library
- Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael: AES - The Advanced Encryption Standard. Springer. Google ScholarCross Ref
- Jeroen Delvaux. 2020. Threshold Implementations Are Not Provably Secure Against Fault Sensitivity Analysis. IACR Cryptol. ePrint Arch. 2020 (2020), 400. https://eprint.iacr.org/2020/400Google Scholar
- Siemen Dhooghe, Svetla Nikova, and Vincent Rijmen. 2019. Threshold Implementations in the Robust Probing Model. In Proceedings of ACM Workshop on Theory of Implementation Security Workshop, TIS@CCS 2019, London, UK, November 11, 2019, Begül Bilgin, Svetla Petkova-Nikova, and Vincent Rijmen (Eds.). ACM, 30--37. Google ScholarDigital Library
- Christoph Dobraunig, Maria Eichlseder, Hannes Groß, Stefan Mangard, Florian Mendel, and Robert Primas. 2018. Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures. IACR Cryptol. ePrint Arch. 2018 (2018), 357. https://eprint.iacr.org/2018/357Google Scholar
- Christoph Dobraunig, Maria Eichlseder, Hannes Groß, Stefan Mangard, Florian Mendel, and Robert Primas. 2018. Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures. In Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2--6, 2018, Proceedings, Part II (Lecture Notes in Computer Science), Thomas Peyrin and Steven D. Galbraith (Eds.), Vol. 11273. Springer, 315--342. Google ScholarCross Ref
- Pierre Dusart, Gilles Letourneux, and Olivier Vivolo. 2003. Differential Fault Analysis on A.E.S. In Applied Cryptography and Network Security, First International Conference, ACNS 2003. Kunming, China, October 16--19, 2003, Proceedings (Lecture Notes in Computer Science), Jianying Zhou, Moti Yung, and Yongfei Han (Eds.), Vol. 2846. Springer, 293--306. Google ScholarCross Ref
- Sikhar Patranabis Debdeep Mukhopadhyay (Editors). 2018. Fault Tolerant Architectures for Cryptography and Hardware Security. Springer.Google Scholar
- Nahid Farhady Ghalaty, Bilgiday Yuce, Mostafa M. I. Taha, and Patrick Schaumont. 2014. Differential Fault Intensity Analysis. In 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2014, Busan, South Korea, September 23, 2014, Assia Tria and Dooho Choi (Eds.). IEEE Computer Society, 49--58. Google ScholarDigital Library
- S. V. Dilip Kumar, Sikhar Patranabis, Jakub Breier, Debdeep Mukhopadhyay, Shivam Bhasin, Anupam Chattopadhyay, and Anubhab Baksi. 2017. A Practical Fault Attack on ARX-Like Ciphers with a Case Study on ChaCha20. In 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2017, Taipei, Taiwan, September 25, 2017. IEEE Computer Society, 33--40. Google ScholarCross Ref
- Yang Li, Kazuo Ohta, and Kazuo Sakiyama. 2012. New Fault-Based Side-Channel Attack Using Fault Sensitivity. IEEE Trans. Information Forensics and Security 7, 1 (2012), 88--97. Google ScholarDigital Library
- Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. 2020. Plundervolt: Software-based Fault Injection Attacks against Intel SGX. 2020 IEEE Symposium on Security and Privacy (SP) (2020), 1466--1482.Google ScholarCross Ref
- Svetla Nikova, Christian Rechberger, and Vincent Rijmen. 2006. Threshold Implementations Against Side-Channel Attacks and Glitches. In Information and Communications Security, 8th International Conference, ICICS 2006, Raleigh, NC, USA, December 4--7, 2006, Proceedings (Lecture Notes in Computer Science), Peng Ning, Sihan Qing, and Ninghui Li (Eds.), Vol. 4307. Springer, 529--545. Google ScholarDigital Library
- Ralph Heinz-Erik Nyberg. [n.d.]. New Techniques for Emulating Fault Attacks. Ph.D. Dissertation. Technische Universitat Munchen.Google Scholar
- Sikhar Patranabis, Abhishek Chakraborty, Phuong Ha Nguyen, and Debdeep Mukhopadhyay. 2015. A Biased Fault Attack on the Time Redundancy Countermeasure for AES. In Constructive Side-Channel Analysis and Secure Design - 6th International Workshop, COSADE 2015, Berlin, Germany, April 13--14, 2015. Revised Selected Papers (Lecture Notes in Computer Science), Stefan Mangard and Axel Y. Poschmann (Eds.), Vol. 9064. Springer, 189--203. Google ScholarDigital Library
- Axel Poschmann, Amir Moradi, Khoongming Khoo, Chu-Wee Lim, Huaxiong Wang, and San Ling. 2011. Side-Channel Resistant Crypto for Less than 2, 300 GE. J. Cryptology 24, 2 (2011), 322--345. Google ScholarDigital Library
- Oscar Reparaz, Lauren De Meyer, Begül Bilgin, Victor Arribas, Svetla Nikova, Ventzislav Nikov, and Nigel P. Smart. 2018. CAPA: The Spirit of Beaver Against Physical Attacks. In Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19--23, 2018, Proceedings, Part I (Lecture Notes in Computer Science), Hovav Shacham and Alexandra Boldyreva (Eds.), Vol. 10991. Springer, 121--151. Google ScholarDigital Library
- Sayandeep Saha, Arnab Bag, Debapriya Basu Roy, Sikhar Patranabis, and Debdeep Mukhopadhyay. 2020. Fault Template Attacks on Block Ciphers Exploiting Fault Propagation. In Advances in Cryptology - EUROCRYPT 2020 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10--14, 2020, Proceedings, Part I (Lecture Notes in Computer Science), Anne Canteaut and Yuval Ishai (Eds.), Vol. 12105. Springer, 612--643. Google ScholarDigital Library
- Sayandeep Saha, Dirmanto Jap, Debapriya Basu Roy, Avik Chakraborty, Shivam Bhasin, and Debdeep Mukhopadhyay. 2020. A Framework to Counter Statistical Ineffective Fault Analysis of Block Ciphers Using Domain Transformation and Error Correction. IEEE Trans. Information Forensics and Security 15 (2020), 1905--1919. Google ScholarCross Ref
- Pascal Sasdrich, René Bock, and Amir Moradi. 2018. Threshold Implementation in Software - Case Study of PRESENT. In Constructive Side-Channel Analysis and Secure Design - 9th International Workshop, COSADE 2018, Singapore, April 23--24, 2018, Proceedings (Lecture Notes in Computer Science), Junfeng Fan and Benedikt Gierlichs (Eds.), Vol. 10815. Springer, 227--244. Google ScholarCross Ref
- Sergei P. Skorobogatov and Ross J. Anderson. 2002. Optical Fault Induction Attacks. In Cryptographic Hardware and Embedded Systems- CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13--15, 2002, Revised Papers (Lecture Notes in Computer Science), Vol. 2523. Springer, 2--12. Google ScholarCross Ref
- Michael Tunstall, Debdeep Mukhopadhyay, and Subidh Ali. 2011. Differential fault analysis of the advanced encryption standard using a single fault. In IFIP international workshop on information security theory and practices. Springer, 224--233.Google ScholarDigital Library
- Harshal Tupsamudre, Shikha Bisht, and Debdeep Mukhopadhyay. 2014. Destroying Fault Invariant with Randomization - A Countermeasure for AES Against Differential Fault Attacks. In Cryptographic Hardware and Embedded Systems - CHES 2014 - 16th International Workshop, Busan, South Korea, September 23--26, 2014. Proceedings (Lecture Notes in Computer Science), Lejla Batina and Matthew Robshaw (Eds.), Vol. 8731. Springer, 93--111. Google ScholarDigital Library
- Fan Zhang, Xiaoxuan Lou, Xinjie Zhao, Shivam Bhasin, Wei He, Ruyi Ding, Samiya Qureshi, and Kui Ren. 2018. Persistent Fault Analysis on Block Ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 3 (2018), 150--172. Google ScholarCross Ref
- Faultless to a fault?: the case of threshold implementations of crypto-systems vs fault template attacks
Recommendations
Trade-offs in Protecting Keccak Against Combined Side-Channel and Fault Attacks
Constructive Side-Channel Analysis and Secure DesignAbstractWhen deployed in a potentially hostile environment, security-critical devices are susceptible to physical attacks. Consequently, cryptographic implementations need to be protected against side-channel analysis, fault attacks and attacks that ...
Multi-Spot Laser Fault Injection Setup: New Possibilities for Fault Injection Attacks
Smart Card Research and Advanced ApplicationsAbstractFault injection attacks rely on experimental techniques to inject one or several faults into a device during operation. Among these techniques, laser fault injection is known as a powerful one, thanks to its unmatched spatial and temporal ...
Fault attacks on Tiaoxin-346
ACSW '18: Proceedings of the Australasian Computer Science Week MulticonferenceThis paper describes two different fault injection attacks on the authenticated encryption stream cipher Tiaoxin-346, a third round candidate in the CAESAR cryptographic competition. The first type of fault injection uses a bit-flipping fault model to ...
Comments