A Framework for Evaluation and Analysis on Infection Countermeasures Against Fault Attacks

Abstract

Infection is a fault attack countermeasure, which aims to destroy the dependency of the faulty ciphertexts on the secret key. However, current security evaluations on infection countermeasures are either tailored for the specific attack scenario or not general enough to apply to various infection instances. They cannot come to convincing results, let alone make comparisons between different countermeasures. Based on information theory, this paper presents a generic evaluation framework that is feasible for various infection countermeasures and attack scenarios. The framework is constructed with the idea to separate the infection function from the unprotected cipher yet consider the fault injection effect on the unprotected cipher in the infection function evaluation. First, the security judging criteria for the infection function under different attack scenarios are personalized according to the injection-caused security loss of the unprotected cipher. Then, a universal method of security quantitative analysis on infection function is proposed with two important steps: the prior knowledge collection and the infection operation decomposition analysis. Because the analysis results of the simple infection operation can be reused within the infection function under various attack scenarios, the security quantifications are efficient. Based on this framework, the paper also reviews some existing infection countermeasures for their fault attack resistances. The result shows that our analysis can expose more infection vulnerabilities than the previous works. Besides, the security quantification and judgment on these countermeasures give us a new insight into their security applicable scopes. They are instructive for the countermeasure selection when the implementation costs are very close. Furthermore, the framework provides an efficient way to evaluate future infection countermeasures.