Exploiting statistical effective fault attack in a blind setting

Abstract

AbstractIn order to obtain the secret key, the majority of physical attacks require knowledge of the plaintext or ciphertext, which may be unavailable or cannot be exploited. Blind attacks are introduced to do key recovery in circumstances where the adversary has no direct access to plaintext and ciphertext. A combination of fault and power attacks can circumvent typical countermeasures in this setting, for example, Fault Template Attack (FTA). However, FTA relies on bit fault injection, which is difficult to implement in practice. The SIFA‐blind, a framework for executing the Statistical Ineffective Fault Attack, is more flexible, but sensitivity to setup noise and missed faults is its main drawback. To address this deficiency, we suggest two ways to use Statistical Effective Fault Attack in a blind setting that are much less affected by missed faults and noise when measuring power traces, even though they do not use fault injection at the bit level. In order to demonstrate the viability and adaptability of our proposed attacks, we injected a fault via glitch frequency onto the ChipWhisperer board. While SEFA‐blind does not need a bit‐level fault, our results demonstrate that it is better than SIFA‐blind when the number of missed faults increases.