Advertisement

Fault Analysis Attack against an AES Prototype Chip Using RSL

  • Kazuo Sakiyama
  • Tatsuya Yagi
  • Kazuo Ohta
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5473)

Abstract

This paper reports a successful Fault Analysis (FA) attack against a prototype AES (Advanced Encryption Standard) hardware implementation using a logic-level countermeasure called Random Switching Logic (RSL). The idea of RSL was proposed as one of the most effective countermeasures for preventing Differential Power Analysis (DPA) attacks. The RSL technique was applied to AES and a prototype ASIC was implement with a 0.13-μm standard CMOS library. Although the main purpose of using RSL is to enhance the DPA resistance, our evaluation results for the ASIC reveal that the DPA countermeasure of RSL can negatively affect the resistance against FA attacks. We show that the circuits using RSL has a potential vulnerability against FA attacks by increasing the clock frequency.

Keywords

Fault Analysis Random Switching Logic AES Clock-based Attack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Brier, E., Clavier, C., Oliver, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Shamir, A., Tromer, E.: Acoustic cryptanalysis on noisy people and noisy machines. Preliminary proof-of-concept presentation, http://www.wisdom.weizmann.ac.il/~tromer/acoustic/
  5. 5.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    FIPS Pub. 197: Specification for the AES (November 2001), http://csrc.nist.gov/pub-lications/fips/fips197/fips-197.pdf
  7. 7.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Miller, V.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  9. 9.
    Koblitz, N.: Elliptic curve cryptosystem. Math. Comp. 48, 203–209 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of Design, Automation and Test in Europe Conference (DATE 2004), pp. 246–251 (2004)Google Scholar
  11. 11.
    Trichina, E.: Combinational logic design for AES subbyte transformation on masked data. Technical report, Cryptology ePrint Archive: Report 2003/236 (2003)Google Scholar
  12. 12.
    Mangard, S., Popp, T., Gammel, B.M.: Side-channle leakage of masked cmos gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Popp, T., Kirschbaum, M., Zefferer, T., Mangard, S.: Evaluation of the masked logic style MDPL on a prototype chip. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 81–94. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Tiri, K., Schaumont, P.: Changing the odds against masked logic. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 134–146. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Schaumont, P., Tiri, K.: Masking and dual-rail logic don’t add up. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 95–106. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Gierlichs, B.: DPA-resistance without routing constraints? In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 107–120. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Suzuki, D., Saeki, M., Ichikawa, T.: Random switching logic: A new countermeasure against DPA and second-order DPA at the logic level. IEICE Transaction on Fundamentals E90-A(1), 160–169 (2007)CrossRefGoogle Scholar
  19. 19.
    Suzuki, D., Saeki, M.: Satoh A. A design methodology for a DPA-resistant cryptographic LSI with RSL techniques (I). In: Symposium Record of Symposium on Cryptography and Information Security (SCIS 2008), 6 pages (2008)Google Scholar
  20. 20.
    Suzuki, D., Saeki, M., Ichikawa, T.: Random switching logic: A countermeasure against DPA based on transition probability. Technical report, Cryptology ePrint Archive: Report 2004/346 (2004)Google Scholar
  21. 21.
    Research Center for Information Security (RCIS). Side-channel attack standard evaluation board (SASEBO), http://www.rcis.aist.go.jp/special/SASEBO/index-en.html
  22. 22.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Research Center for Information Security (RCIS). Side-channel attack standard evaluation board (SASEBO), http://www.rcis.aist.go.jp/special/SASEBO/CryptoLSI-en.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Kazuo Sakiyama
    • 1
  • Tatsuya Yagi
    • 1
  • Kazuo Ohta
    • 1
  1. 1.Department of Information and Communication EngineeringThe University of Electro-CommunicationsTokyoJapan

Personalised recommendations