Abstract
Malicious exploitation of faults for extracting secrets is one of the most practical and potent threats to modern cryptographic primitives. Interestingly, not every possible fault for a cryptosystem is maliciously exploitable, and evaluation of the exploitability of a fault is nontrivial. In order to devise precise defense mechanisms against such rogue faults, a comprehensive knowledge is required about the exploitable part of the fault space of a cryptosystem. Unfortunately, the fault space is diversified and of formidable size even while a single cryptoprimitive is considered and traditional manual fault analysis techniques may often fall short to practically cover such a fault space within reasonable time. An automation for analyzing individual fault instances for their exploitability is thus inevitable. Such an automation is supposed to work as the core engine for analyzing the fault spaces of cryptographic primitives. In this paper, we propose an automation for evaluating the exploitability status of fault instances from block ciphers, mainly in the context of Differential Fault Analysis (DFA) attacks. The proposed framework is generic and scalable, which are perhaps the two most important features for covering diversified fault spaces of formidable size originating from different ciphers. As a proof-of-concept, we reconstruct some known attack examples on AES and PRESENT using the framework and finally analyze a recently proposed cipher GIFT [BPP+17] for the first time. It is found that the secret key of GIFT can be uniquely determined with 1 nibble fault instance injected at the beginning of the 25th round with a reasonable computational complexity of 214.
Highlights
Almost every modern computing device provides support for cryptographic computation – both in the form of hardware extensions and software libraries
With help of the framework, we were able to figure out several interesting attack instances, which establishes the effectiveness of the proposed framework in the context of exploitable fault characterization
We have proposed an automated framework for exploitable fault identification in modern block ciphers
Summary
Almost every modern computing device provides support for cryptographic computation – both in the form of hardware extensions and software libraries. Block ciphers, being one of the most prominent constituents of modern cryptographic protocols, are deployed with most of the computing platforms. Resource constraint of a platform is one of the determining factors for the nature of cryptographic supports provided. There is an increasing trend of developing new ciphers engineered for specific applications, so that optimal performance-resource trade-offs can be achieved. The common trend in cipher design is to evaluate the security of the cipher against classical attacks like differential, and linear cryptanalysis before it is deployed. Security evaluation against implementation based side channel and fault attacks has become essential, given the practicality and potency of such attacks. Cipher-specific countermeasures are designed to defend against such implementation based attacks. Countermeasures do incur overheads which have to be optimised carefully in order to provide proper security bounds within specified
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
