Abstract

Statistical Ineffective Fault Attacks (SIFA) pose a threat for many practical implementations of symmetric primitives. Countermeasures against both power analysis and fault attacks typically do not prevent straightforward SIFA attacks, which require only very limited knowledge about the concrete implementation. Therefore, the exploration of countermeasures against SIFA that do not rely on protocols or physical protection mechanisms is of great interest. In this paper, we describe different countermeasure strategies against SIFA. First, we introduce an abstraction layer between the algorithmic specification of a cipher and its implementation in hardware or software to study and describe resistance against SIFA. We then show that by basing the masked implementation on permutations as building blocks, we can build circuits that withstand single-fault SIFA and DPA attacks. We show how this approach can be applied to 3-bit, 4-bit, and 5-bit S-boxes and the AES S-box. Additionally, we present a strategy based on fine-grained fault detection suitable for protecting any circuit against SIFA attacks. Although this approach may lead to a higher implementation cost due to the fine-grained detection needed, it can be used to protect arbitrary circuits and can be generalized to cover multi-fault SIFA. For single-fault SIFA protection, our countermeasures only have a small computational overhead compared to a simple combination of masking and duplication.

Highlights

  • IntroductionFault attacks [BDL97, BS97] and passive side-channel attacks, like power or electromagnetic (EM) analysis [KJJ99, QS01], are real-world threats for implementations of cryptographic primitives

  • We evaluated the Statistical Ineffective Fault Attacks (SIFA) resistance of our designs by means of simulated fault injections and a practical evaluation on an AVR XMEGA128D4 microprocessor using clock glitches

  • According to our practical evaluation, where clock glitches cause effects like memory corruption or instruction skips, no instruction within our S-box implementation is susceptible to SIFA

Read more

Summary

Introduction

Fault attacks [BDL97, BS97] and passive side-channel attacks, like power or electromagnetic (EM) analysis [KJJ99, QS01], are real-world threats for implementations of cryptographic primitives. Devices like smart cards that may be physically accessible by an attacker typically implement countermeasures against these attacks. A common countermeasure at algorithmic level is the combination of masking against side-channel attacks and some kind of redundancy against fault attacks. In masking one splits input and intermediate variables of cryptographic computations into d + 1 random shares such that the observation of up to d shares does not reveal any information about their corresponding native value [ISW03, BBP+17, RBN+15, DRB+16, GIB18, GM17, GMK16,BDF+17]. On the other hand, is used to detect malicious or environmental influences that could lead to faulty cipher outputs. If a fault is detected, Licensed under Creative Commons License CC-BY 4.0

Objectives
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.