Advertisement

Fault Template Attacks on Block Ciphers Exploiting Fault Propagation

  • Sayandeep SahaEmail author
  • Arnab BagEmail author
  • Debapriya Basu Roy
  • Sikhar Patranabis
  • Debdeep Mukhopadhyay
Conference paper
  • 351 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12105)

Abstract

Fault attacks (FA) are one of the potent practical threats to modern cryptographic implementations. Over the years the FA techniques have evolved, gradually moving towards the exploitation of device-centric properties of the faults. In this paper, we exploit the fact that activation and propagation of a fault through a given combinational circuit (i.e., observability of a fault) is data-dependent. Next, we show that this property of combinational circuits leads to powerful Fault Template Attacks (FTA), even for implementations having dedicated protections against both power and fault-based vulnerabilities. The attacks found in this work are applicable even if the fault injection is made at the middle rounds of a block cipher, which are out of reach for most of the other existing fault analysis strategies. Quite evidently, they also work for a known-plaintext scenario. Moreover, the middle round attacks are entirely blind in the sense that no access to the ciphertexts (correct/faulty) or plaintexts are required. The adversary is only assumed to have the power of repeating an unknown plaintext several times. Practical validation over a hardware implementation of SCA-FA protected PRESENT, and simulated evaluation on a public software implementation of protected AES prove the efficacy of the proposed attacks.

Keywords

Fault attack Fault propagation Masking 

Notes

Acknowledgements

Debdeep Mukhopadhyay would like to acknowledge Synopsys Inc, USA (for partial support through the grant entitled “Formal Methods for Physical Security Verification of Cryptographic Designs Against Fault Attacks”), Defence Research and Development Organisation (DRDO), India (for partial support through the grant entitled, “Secure Resource-constrained Communication Framework for Tactical Networks using Physically Unclonable Functions”), and Department of Science and Technology (DST), Government of India (for partial support through the Swarnajayanti Fellowship grant).

Supplementary material

495523_1_En_22_MOESM1_ESM.pdf (807 kb)
Supplementary material 1 (pdf 806 KB)

References

  1. 1.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_3CrossRefGoogle Scholar
  2. 2.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997).  https://doi.org/10.1007/3-540-69053-0_4CrossRefGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052259CrossRefGoogle Scholar
  4. 4.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_27CrossRefGoogle Scholar
  5. 5.
    Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_37CrossRefGoogle Scholar
  6. 6.
    Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006).  https://doi.org/10.1007/11935308_38CrossRefzbMATHGoogle Scholar
  7. 7.
    Gross, H., Mangard, S., Korak, T.: An efficient side-channel protected AES implementation with arbitrary protection order. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 95–112. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-52153-4_6CrossRefGoogle Scholar
  8. 8.
    Guo, X., Mukhopadhyay, D., Jin, C., Karri, R.: Security analysis of concurrent error detection against differential fault analysis. J. Cryptogr. Eng. 5(3), 153–169 (2014).  https://doi.org/10.1007/s13389-014-0092-8CrossRefGoogle Scholar
  9. 9.
    Kulikowski, K., Karpovsky, M., Taubin, A.: Robust codes for fault attack resistant cryptographic hardware. In: FDTC, pp. 1–12 (2005)Google Scholar
  10. 10.
    Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 93–111. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44709-3_6CrossRefGoogle Scholar
  11. 11.
    Schneider, T., Moradi, A., Güneysu, T.: ParTI – towards combined hardware countermeasures against side-channel and fault-injection attacks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 302–332. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53008-5_11CrossRefGoogle Scholar
  12. 12.
    Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. In: TCHES, pp. 547–572 (2018)Google Scholar
  13. 13.
    Dobraunig, C., Eichlseder, M., Gross, H., Mangard, S., Mendel, F., Primas, R.: Statistical ineffective fault attacks on masked AES with fault countermeasures. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 315–342. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-03329-3_11CrossRefGoogle Scholar
  14. 14.
    Zhang, F., et al.: Persistent fault analysis on block ciphers. In: TCHES, pp. 150–172 (2018)Google Scholar
  15. 15.
    Pan, J., Zhang, F., Ren, K., Bhasin, S.: One fault is all it needs: breaking higher-order masking with persistent fault analysis. In: 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1–6. IEEE (2019)Google Scholar
  16. 16.
    Niemi, V., Nyberg, K.: UMTS Security. Wiley, Hoboken (2006)Google Scholar
  17. 17.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C.W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24(2), 322–345 (2011).  https://doi.org/10.1007/s00145-010-9086-6MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Korkikian, R., Pelissier, S., Naccache, D.: Blind fault attack against SPN ciphers. In: FDTC, pp. 94–103. IEEE (2014)Google Scholar
  19. 19.
    Yen, S.M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)CrossRefGoogle Scholar
  20. 20.
    Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 320–334. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15031-9_22CrossRefGoogle Scholar
  21. 21.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74735-2_31CrossRefGoogle Scholar
  22. 22.
    ISO/IEC 29192–2:2012: information technology-security techniques-lightweight cryptography-part 2: block ciphers. https://www.iso.org/standard/56552.html
  23. 23.
    Ullrich, M., De Canniere, C., Indesteege, S., Küçük, Ö., Mouha, N., Preneel, B.: Finding optimal bitsliced implementations of 4\(\times \) 4-bit S-boxes. In: SKEW 2011 Symmetric Key Encryption Workshop, Copenhagen, Denmark, pp. 16–17 (2011)Google Scholar
  24. 24.
    Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_16CrossRefGoogle Scholar
  25. 25.
    Jati, A., Gupta, N., Chattopadhyay, A., Sanadhya, S.K., Chang, D.: Threshold implementations of \(\mathtt GIFT\) : a trade-off analysis. IEEE Trans. Inf. Forensics Secur. 15, 2110–2120 (2020)Google Scholar
  26. 26.
  27. 27.
    Trichina, E.: Combinational logic design for AES subbyte transformation on masked data. IACR Cryptology ePrint Archive 2003/236 (2003)Google Scholar
  28. 28.
    Saha, S., Jap, D., Basu Roy, D., Chakraborty, A., Bhasin, S., Mukhopadhyay, D.: A framework to counter statistical ineffective fault analysis of block ciphers using domain transformation and error correction. IEEE Trans. Inf. Forensics Secur. 15, 1905–1919 (2020)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2020

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringIndian Institute of Technology, KharagpurKharagpurIndia
  2. 2.Department of Computer ScienceETH ZurichZürichSwitzerland
  3. 3.Technische Universität MünchenMunichGermany

Personalised recommendations