scholarly journals Towards Optimized DFA Attacks on AES under Multibyte Random Fault Model

2018 ◽  
Vol 2018 ◽  
pp. 1-9
Author(s):  
Ruyan Wang ◽  
Xiaohan Meng ◽  
Yang Li ◽  
Jian Wang
Keyword(s):  
Fault Model ◽  
Fault Analysis ◽  
Advanced Encryption Standard ◽  
Security Assessment ◽  
Secret Key ◽  
Key Recovery ◽  
Differential Fault Analysis ◽  
Recovery Strategies ◽  
Secret Keys ◽  
Fault Distribution

Differential Fault Analysis (DFA) is one of the most practical methods to recover the secret keys from real cryptographic devices. In particular, DFA on Advanced Encryption Standard (AES) has been massively researched for many years for both single-byte and multibyte fault model. For AES, the first proposed DFA attack requires 6 pairs of ciphertexts to identify the secret key under multibyte fault model. Until now, the most efficient DFA under multibyte fault model proposed in 2017 can complete most of the attacks within 3 pairs of ciphertexts. However, we note that the attack is not fully optimized since no clear optimization goal was set. In this work, we introduce two optimization goals as the fewest ciphertext pairs and the least computational complexity. For these goals, we manage to figure out the corresponding optimized key recovery strategies, which further increase the efficiency of DFA attacks on AES. A more accurate security assessment of AES can be completed based on our study of DFA attacks on AES. Considering the variations of fault distribution, the improvement to the attack has been analyzed and verified.

scholarly journals Breaking Trivium Stream Cipher Implemented in ASIC Using Experimental Attacks and DFA

Sensors ◽  
2020 ◽  
Vol 20 (23) ◽  
pp. 6909
Author(s):  
Francisco Eugenio Potestad-Ordóñez ◽  
Manuel Valencia-Barrero ◽  
Carmen Baena-Oliva ◽  
Pilar Parra-Fernández ◽  
Carlos Jesús Jiménez-Fernández
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Clock Cycle ◽  
Fault Analysis ◽  
Invasive Technique ◽  
Sensitive Information ◽  
Secret Key ◽  
Key Recovery ◽  
Differential Fault Analysis ◽  
Secret Keys

One of the best methods to improve the security of cryptographic systems used to exchange sensitive information is to attack them to find their vulnerabilities and to strengthen them in subsequent designs. Trivium stream cipher is one of the lightweight ciphers designed for security applications in the Internet of things (IoT). In this paper, we present a complete setup to attack ASIC implementations of Trivium which allows recovering the secret keys using the active non-invasive technique attack of clock manipulation, combined with Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject effective transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. Finally, a backward version of Trivium was also designed to go back and get the secret keys from the initial internal states. The key recovery has been verified with numerous simulations data attacks and used with the experimental data obtained from the Application Specific Integrated Circuit (ASIC) Trivium. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.

A novel differential fault analysis using two‐byte fault model on AES Key schedule

2019 ◽  
Vol 13 (5) ◽  
pp. 661-666 ◽  
Author(s):  
Jinbao Zhang ◽  
Ning Wu ◽  
Jianhua Li ◽  
Fang Zhou
Keyword(s):  
Fault Model ◽  
Fault Analysis ◽  
Key Schedule ◽  
Differential Fault Analysis

A Hybrid Countermeasure-Based Fault-Resistant AES Implementation

2019 ◽  
Vol 29 (03) ◽  
pp. 2050044
Author(s):  
Noura Benhadjyoussef ◽  
Mouna Karmani ◽  
Mohsen Machhout ◽  
Belgacem Hamdi
Keyword(s):  
Fault Detection ◽  
Fault Analysis ◽  
Advanced Encryption Standard ◽  
Implementation Cost ◽  
Additional Time ◽  
Area Overhead ◽  
Differential Fault Analysis ◽  
Detection Capabilities ◽  
Xilinx Fpga ◽  
Detection Schemes

A Fault-Resistant scheme has been proposed to secure the Advanced Encryption Standard (AES) against Differential Fault Analysis (DFA) attack. In this paper, a hybrid countermeasure has been presented in order to protect a 32-bits AES architecture proposed for resource-constrained embedded systems. A comparative study between the most well-known fault detection schemes in terms of fault detection capabilities and implementation cost has been proposed. Based on this study, we propose a hybrid fault resistant scheme to secure the AES using the parity detection for linear operations and the time redundancy for SubBytes operation. The proposed scheme is implemented on the Virtex-5 Xilinx FPGA board in order to evaluate the efficiency of the proposed fault-resistant scheme in terms of area, time costs and fault coverage (FC). Experimental results prove that the countermeasure achieves a FC with about 98,82% of the injected faults detected during the 32-bits AES process. The area overhead of the proposed countermeasure is about 14% and the additional time delay is about 13%.

scholarly journals A Novel Differential Fault Analysis on the Key Schedule of SIMON Family

Electronics ◽  
2019 ◽  
Vol 8 (1) ◽  
pp. 93 ◽  
Author(s):  
Jinbao Zhang ◽  
Ning Wu ◽  
Fang Zhou ◽  
Muhammad Yahya ◽  
Jianhua Li
Keyword(s):  
Block Ciphers ◽  
Fault Model ◽  
Fault Analysis ◽  
Research Attention ◽  
Key Schedule ◽  
Differential Fault Analysis ◽  
Detailed Simulation ◽  
Exact Position ◽  
Propagation Properties ◽  
Fourth Round

As a family of lightweight block ciphers, SIMON has attracted lots of research attention since its publication in 2013. Recent works show that SIMON is vulnerable to differential fault analysis (DFA) and existing DFAs on SIMON assume the location of induced faults are on the cipher states. In this paper, a novel DFA on SIMON is proposed where the key schedule is selected as the location of induced faults. Firstly, we assume a random one-bit fault is induced in the fourth round key KT−4 to the last. Then, by utilizing the key schedule propagation properties of SIMON, we determine the exact position of induced fault and demonstrate that the proposed DFA can retrieve 4 bits of the last round key KT−1 on average using one-bit fault. Till now this is the largest number of bits that can be cracked as compared to DFAs based on random bit fault model. Furthermore, by reusing the induced fault, we prove that 2 bits of the penultimate round key KT−2 could be retrieved. To the best of our knowledge, the proposed attack is the first one which extracts a key from SIMON based upon DFA on the key schedule. Finally, correctness and validity of our proposed attack is verified through detailed simulation and analysis.

scholarly journals ExpFault: An Automated Framework for Exploitable Fault Characterization in Block Ciphers

2018 ◽  
pp. 242-276 ◽  
Author(s):  
Sayandeep Saha ◽  
Debdeep Mukhopadhyay ◽  
Pallab Dasgupta
Keyword(s):  
Defense Mechanisms ◽  
Block Ciphers ◽  
Fault Analysis ◽  
Proof Of Concept ◽  
Secret Key ◽  
Cryptographic Primitives ◽  
Differential Fault Analysis ◽  
Comprehensive Knowledge ◽  
Fault Characterization ◽  
First Time

Malicious exploitation of faults for extracting secrets is one of the most practical and potent threats to modern cryptographic primitives. Interestingly, not every possible fault for a cryptosystem is maliciously exploitable, and evaluation of the exploitability of a fault is nontrivial. In order to devise precise defense mechanisms against such rogue faults, a comprehensive knowledge is required about the exploitable part of the fault space of a cryptosystem. Unfortunately, the fault space is diversified and of formidable size even while a single cryptoprimitive is considered and traditional manual fault analysis techniques may often fall short to practically cover such a fault space within reasonable time. An automation for analyzing individual fault instances for their exploitability is thus inevitable. Such an automation is supposed to work as the core engine for analyzing the fault spaces of cryptographic primitives. In this paper, we propose an automation for evaluating the exploitability status of fault instances from block ciphers, mainly in the context of Differential Fault Analysis (DFA) attacks. The proposed framework is generic and scalable, which are perhaps the two most important features for covering diversified fault spaces of formidable size originating from different ciphers. As a proof-of-concept, we reconstruct some known attack examples on AES and PRESENT using the framework and finally analyze a recently proposed cipher GIFT [BPP+17] for the first time. It is found that the secret key of GIFT can be uniquely determined with 1 nibble fault instance injected at the beginning of the 25th round with a reasonable computational complexity of 214.

scholarly journals Hybrid Pipeline Hardware Architecture Based on Error Detection and Correction for AES

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5655
Author(s):  
Ignacio Algredo-Badillo ◽  
Kelsey A. Ramírez-Gutiérrez ◽  
Luis Alberto Morales-Rosales ◽  
Daniel Pacheco Bautista ◽  
Claudia Feregrino-Uribe
Keyword(s):  
Fault Detection ◽  
Error Detection ◽  
Secure Communication ◽  
Critical Path ◽  
Fault Analysis ◽  
Hardware Architecture ◽  
Secret Key ◽  
Cryptographic Algorithm ◽  
Differential Fault Analysis ◽  
Error Detection And Correction

Currently, cryptographic algorithms are widely applied to communications systems to guarantee data security. For instance, in an emerging automotive environment where connectivity is a core part of autonomous and connected cars, it is essential to guarantee secure communications both inside and outside the vehicle. The AES algorithm has been widely applied to protect communications in onboard networks and outside the vehicle. Hardware implementations use techniques such as iterative, parallel, unrolled, and pipeline architectures. Nevertheless, the use of AES does not guarantee secure communication, because previous works have proved that implementations of secret key cryptosystems, such as AES, in hardware are sensitive to differential fault analysis. Moreover, it has been demonstrated that even a single fault during encryption or decryption could cause a large number of errors in encrypted or decrypted data. Although techniques such as iterative and parallel architectures have been explored for fault detection to protect AES encryption and decryption, it is necessary to explore other techniques such as pipelining. Furthermore, balancing a high throughput, reducing low power consumption, and using fewer hardware resources in the pipeline design are great challenges, and they are more difficult when considering fault detection and correction. In this research, we propose a novel hybrid pipeline hardware architecture focusing on error and fault detection for the AES cryptographic algorithm. The architecture is hybrid because it combines hardware and time redundancy through a pipeline structure, analyzing and balancing the critical path and distributing the processing elements within each stage. The main contribution is to present a pipeline structure for ciphering five times on the same data blocks, implementing a voting module to verify when an error occurs or when output has correct cipher data, optimizing the process, and using a decision tree to reduce the complexity of all combinations required for evaluating. The architecture is analyzed and implemented on several FPGA technologies, and it reports a throughput of 0.479 Gbps and an efficiency of 0.336 Mbps/LUT when a Virtex-7 is used.

Sign in / Sign up

Export Citation Format

Share Document