Abstract
Persistence is an intrinsic nature for many errors yet has not been caught enough attractions for years. In this paper, the feature of persistence is applied to fault attacks, and the persistent fault attack is proposed. Different from traditional fault attacks, adversaries can prepare the fault injection stage before the encryption stage, which relaxes the constraint of the tight-coupled time synchronization. The persistent fault analysis (PFA) is elaborated on different implementations of AES-128, specially fault hardened implementations based on Dual Modular Redundancy (DMR). Our experimental results show that PFA is quite simple and efficient in breaking these typical implementations. To show the feasibility and practicability of our attack, a case study is illustrated on the shared library Libgcrypt with rowhammer technique. Approximately 8200 ciphertexts are enough to extract the master key of AES-128 when PFA is applied to Libgcrypt1.6.3 with redundant encryption based DMR. This work puts forward a new direction of fault attacks and can be extended to attack other implementations under more interesting scenarios.
Highlights
Fault attack (FA) is a class of implementation level attacks on embedded systems [Joy12], which is usually used to attack different ciphers such as RSA, AES, PRESENT[BKL+07], LED[GPPR11], Piccolo[SIH+11]
Based on persistent fault, we develop a fault analysis technique called persistent fault analysis (PFA) and explain its working mechanism
We propose persistent fault analysis, a novel fault attack based on persistent fault model
Summary
Fault attack (FA) is a class of implementation level attacks on embedded systems [Joy12], which is usually used to attack different ciphers such as RSA, AES, PRESENT[BKL+07], LED[GPPR11], Piccolo[SIH+11]. Other analysis methods exploited statistical biases introduced due to fault injection [Riv, FJLT13] These biases could be either exploited in a differential setting or with faulty ciphertexts only. If not all, of the proposed fault analysis are developed with a transient fault assumption This means that the injected fault does not persist from one encryption to another. We propose a statistical technique to exploit such faults, called as Persistent Fault Analysis (PFA). The proposed PFA is developed to exploit such cases, where a fault is persistent and can affect multiple rounds. Unlike common fault analysis technique, PFA is not differential and it uses statistical means for key recovery. It is a faulty ciphertext only attack.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
