Abstract
We focus on the multiple persistent faults analysis in this paper to fill existing gaps in its application in a variety of scenarios. Our major contributions are twofold. First, we propose a novel technique to apply persistent fault apply in the multiple persistent faults setting that decreases the number of survived keys and the required data. We demonstrate that by utilizing 1509 and 1448 ciphertexts, the number of survived keys after performing persistent fault analysis on AES in the presence of eight and sixteen faults can be reduced to only 29 candidates, whereas the best known attacks need 2008 and 1643 ciphertexts, respectively, with a time complexity of 250. Second, we develop generalized frameworks for retrieving the key in the ciphertext-only model. Our methods for both performing persistent fault attacks and key-recovery processes are highly flexible and provide a general trade-off between the number of required ciphertexts and the time complexity. To break AES with 16 persistent faults in the Sbox, our experiments show that the number of required ciphertexts can be decreased to 477 while the attack is still practical with respect to the time complexity. To confirm the accuracy of our methods, we performed several simulations as well as experimental validations on the ARM Cortex-M4 microcontroller with electromagnetic fault injection on AES and LED, which are two well-known block ciphers to validate the types of faults and the distribution of the number of faults in practice.
Highlights
Fault attacks are a class of physical attacks that consists of two phases; (1) fault injection and (2) fault analysis
It can be seen that the number of non-observed values exponentially converges to the number of faults as the number of ciphertexts grows, such that for more than m · Hm available ciphertexts, the number of non-observed values is almost equal to the number of faults
While the feasibility of persistent fault analysis with a single-fault injected is demonstrated in the literature, there are some challenges in extending the known techniques to the multiple faults setting
Summary
Fault attacks are a class of physical attacks that consists of two phases; (1) fault injection and (2) fault analysis. The adversary tries to disturb the operation of the target device by using the available tools for injecting the desired fault. The adversary analyzes the response of the target device to the fault with the aim of retrieving some sensitive information like the secret key. Boneh et al were the first to introduce fault attacks with their application on RSA [BDL97]. After this seminal work, Biham and Shamir proposed the Differential Fault Analysis (DFA) on block cipher DES [BS97]. DFA is the most common fault analysis
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
