International Workshop on Cryptographic Hardware and Embedded Systems

CHES 2010: Cryptographic Hardware and Embedded Systems, CHES 2010 pp 320-334

Fault Sensitivity Analysis

  • Yang Li
  • Kazuo Sakiyama
  • Shigeto Gomisawa
  • Toshinori Fukunaga
  • Junko Takahashi
  • Kazuo Ohta
Conference paper

DOI: 10.1007/978-3-642-15031-9_22

Volume 6225 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

This paper proposes a new fault-based attack called the Fault Sensitivity Analysis (FSA) attack, which unlike most existing fault-based analyses including Differential Fault Analysis (DFA) does not use values of faulty ciphertexts. Fault sensitivity means the critical condition when a faulty output begins to exhibit some detectable characteristics, e.g., the clock frequency when fault operation begins to occur. We explain that the fault sensitivity exhibits sensitive-data dependency and can be used to retrieve the secret key. This paper presents two practical FSA attacks against two AES hardware implementations on SASEBO-R, PPRM1-AES and WDDL-AES. Different from previous work, we show that WDDL-AES is not perfectly secure against setup-time violation attacks.

We also discuss a masking technique as a potential countermeasure against the proposed fault-based attack.

Keywords

Side-channel attacksFault Sensitivity AnalysisAESWDDL
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Yang Li
    • 1
  • Kazuo Sakiyama
    • 1
  • Shigeto Gomisawa
    • 1
  • Toshinori Fukunaga
    • 2
  • Junko Takahashi
    • 1
    • 2
  • Kazuo Ohta
    • 1
  1. 1.Department of InformaticsThe University of Electro-CommunicationsTokyoJapan
  2. 2.NTT Information Sharing Platform LaboratoriesNTT CorporationTokyoJapan