Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks

Kitae Jeong,Changhoon Lee,Jong In Lim

doi:10.1186/1687-1499-2013-151

Abstract

Abstract LBlock is a 64-bit lightweight block cipher which can be implemented in both constrained hardware environments, such as wireless sensor network, and software platforms. In this paper, we study the security of LBlock against a differential fault analysis. Based on a random nibble fault model, we propose two versions of the attack on LBlock. In the first attack, we inject random nibble faults to the input register of round 29. As a result, it can recover the secret key of LBlock using an exhaustive search of 225 and five random nibble fault injections on average. This attack can be simulated on a general PC within a few seconds. In the case of second attack, random nibble faults are induced to the input register of round 30. This attack can recover the secret key of LBlock using an exhaustive search of 230 and seven random nibble fault injection on average. This attack can be simulated on a general PC within 1 h. These results are superior to known differential fault analytic result on LBlock.

Highlights

Differential fault analysis (DFA), one of the side channel attacks, was first proposed by Biham and Shamir on DES in 1997 [1]
LBlock [8] proposed in ACNS 2011 is a 64-bit lightweight block cipher suitable for both constrained hardware environments such as wireless sensor network and software platforms
Recovery of the secret key from candidates of round keys In the previous subsection, we presented the method to obtain the candidates of round keys by injecting random nibble faults to the input register of round 29

Summary

Introduction

Differential fault analysis (DFA), one of the side channel attacks, was first proposed by Biham and Shamir on DES in 1997 [1]. Based on the simulation results, this attack requires an exhaustive search of 225 and five random nibble faults on average, and can recover the 80bit secret key of LBlock within a few seconds on a general PC. In the case of second attack (Attack 2), to recover the 80-bit secret key of LBlock, we inject several random nibble faults to the input register of round 30.

Results

Conclusion