Abstract
One of the best methods to improve the security of cryptographic systems used to exchange sensitive information is to attack them to find their vulnerabilities and to strengthen them in subsequent designs. Trivium stream cipher is one of the lightweight ciphers designed for security applications in the Internet of things (IoT). In this paper, we present a complete setup to attack ASIC implementations of Trivium which allows recovering the secret keys using the active non-invasive technique attack of clock manipulation, combined with Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject effective transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. Finally, a backward version of Trivium was also designed to go back and get the secret keys from the initial internal states. The key recovery has been verified with numerous simulations data attacks and used with the experimental data obtained from the Application Specific Integrated Circuit (ASIC) Trivium. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.
Highlights
Electronic devices are nowadays characterized by the continuous exchange of information.The amount of information being exchanged is increasing day by day and even more with the development of the Internet of Things (IoT)
Of the different assumptions necessary to carry out Differential Fault Analysis (DFA) on the Trivium stream cipher, the most important one is that the attacker is able to inject a single effective fault into the ciphers internal state and capture both the correct key stream and the one originated by that fault
We present the results obtained from the attacks carried out on two Trivium cipher implemented in an Application Specific Integrated Circuit (ASIC)
Summary
Electronic devices are nowadays characterized by the continuous exchange of information. They assume that it is very difficult to inject faults since, considering the large number of variables involved, the attack must be very finely adjusted Another example is [43], where the authors retrieved the secret key of an AES using a complete experimental setup, taking into account the problems posed when theoretical assumptions are put into practice. As far as we know, this complete setup (falling within Group C) is the first work in which it is experimentally proven that ASIC implementations of Trivium stream ciphers are vulnerable to real fault attacks and DFA by breaking its security
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have