Abstract
Fault injection attacks have proven to be a powerful tool to exploit the implementation weaknesses of cryptographic algorithms. Several techniques perturbing the computation of a cipher have been devised and successfully employed to leak secret information from erroneous results. We present a low-cost, non-invasive and effective technique to inject transient faults into a general purpose processor through lowering its feeding voltage, and to characterize the effects on the computing system. This technique is effective enough to lead attacks against a software implementation of a cryptosystem running on a full fledged ARM9 CPU with a complete operating system. We validate the effectiveness of the fault model through attacking OpenSSL implementations of the RSA and AES cryptosystems. A new attack against AES, able to retrieve the full 256-bit key, is described, and the number of faults to be collected is delineated. In addition, we propose a generalization of the attack against the RSA encryption presented in Barenghi et al. (2009), to a multi-bit fault model, and the analysis of its computational complexity. The attacks against AES retrieve all the round keys regardless of their derivation strategy, the number of cipher rounds and the diffusion layer, while the attacks against RSA retrieve either the message or the secret key.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
