Abstract
Differential Fault Analysis (DFA) is considered as the most popular fault analysis method. While there are techniques that provide a fault analysis automation on the cipher level to some degree, it can be shown that when it comes to software implementations, there are new vulnerabilities, which cannot be found by observing the cipher design specification.This work bridges the gap by providing a fully automated way to carry out DFA on assembly implementations of symmetric block ciphers. We use a customized data flow graph to represent the program and develop a novel fault analysis methodology to capture the program behavior under faults. We establish an effective description of DFA as constraints that are passed to an SMT solver. We create a tool that takes assembly code as input, analyzes the dependencies among instructions, automatically attacks vulnerable instructions using SMT solver and outputs the attack details that recover the last round key (and possibly the earlier keys). We support our design with evaluations on lightweight ciphers SIMON, SPECK, and PRIDE, and a current NIST standard, AES. By automated assembly analysis, we were able to find new efficient DFA attacks on SPECK and PRIDE, exploiting implementation specific vulnerabilities, and previously published DFA on SIMON and AES. Moreover, we present a novel DFA on multiplication operation that has never been shown for symmetric block ciphers before. Our experimental evaluation also shows reasonable execution times that are scalable to current cipher designs and can easily outclass the manual analysis. Moreover, we present a method to check the countermeasure-protected implementations in a way that helps implementers to decide how many rounds should be protected. We note that this is the first work that automatically carries out DFA on cipher implementations without any plaintext or ciphertext information and therefore, can be generally applied to any input data to the cipher.
Highlights
Lightweight cryptography is one of the areas that became crucial with the emergence of Internet of Things
We present evaluation on implementations of four well-known block ciphers: SIMON and SPECK are ultra-lightweight algorithms published by NSA [BTCS+15], AES is the current NIST standard [DR02], and PRIDE [ADK+14] is a lightweight cipher optimized for 8-bit microcontrollers
We proposed a method for fully automated Differential Fault Analysis (DFA) attack on assembly implementations of symmetric key cryptographic algorithms
Summary
Unlike aforementioned automated analysis works, our tool does not require any cipher input, such as plaintext and key Instead, it gives a generic attacking method which can be used to recover any key used for encryption of any plaintext, it is aligned with the standard DFA assumptions. Thanks to non-linearity of multiplication, it opens a new attack vector that can be exploited by DFA Such vulnerability can be revealed with TADA analysis. To show the utility of our approach, we have designed an algorithm that follows up on results obtained by TADA, to optimize the implementation of DFA countermeasures It analyzes the cipher implementations and outputs the earliest rounds which can be attacked using the vulnerabilities found by TADA.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
