Skip to main content
SpringerLink
Log in

Generalizing Statistical Ineffective Fault Attacks in the Spirit of Side-Channel Attacks

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12910))

Abstract

At CHES 2018, Statistical Ineffective Fault Attacks were introduced to apply Differential Fault Analysis techniques on AES implementations protected against faults by detective or infective countermeasures. Soon after, other works have adapted SIFA to a couple of authenticated encryptions and a lightweight cipher. In this paper, we introduce the idea that SIFA is actually closer to Side-Channel Attacks than it is to DFA. We show how SIFA can actually target all selection functions known to be sensitive to SCA for any kind of algorithm. In particular, we apply for the first time SIFA in the context of asymmetric cryptography, reviving the threat of fault attacks on RSA even when faulty ciphertexts are not released to the adversary. Besides, with the results obtained by SIFA against proven side-channel countermeasures, this work opens new questions regarding established masking schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For a laser pulse for instance, one should consider multiple parameters such as the spot location and width, the delay, as well as the pulse power and duration.

  2. 2.

    This is equivalent to the filter we would have if a detection countermeasure were implemented.

  3. 3.

    Note that this number could be halved since only half of the secret exponent should be sufficient to break the RSA modulus [5].

References

  1. Amiel, F., Feix, B., Villegas, K.: Power analysis for secret recovering and reverse engineering of public key algorithms. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 110–125. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_8

    Chapter  Google Scholar 

  2. Amiel, F., Villegas, K., Feix, B., Marcel, L.: Passive and active combined attacks: combining fault attacks and side channel analysis. In: International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2007. IEEE Computer Society (2007)

    Google Scholar 

  3. Barbu, G., et al.: Combined attack on CRT-RSA. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 198–215. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36362-7_13

    Chapter  Google Scholar 

  4. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of checking cryptographic protocols for faults (extended abstract). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_4

    Chapter  Google Scholar 

  5. Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-49649-1_3

    Chapter  Google Scholar 

  6. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  7. Ciet, M., Joye, M.: (Virtually) free randomization techniques for elliptic curve cryptography. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 348–359. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39927-8_32

    Chapter  Google Scholar 

  8. Clavier, C.: Secret external encodings do not prevent transient fault analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 181–194. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_13

    Chapter  Google Scholar 

  9. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M.: Passive and active combined attacks on AES combining fault attacks and side channel analysis. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2010. IEEE Computer Society (2010)

    Google Scholar 

  10. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17650-0_5

    Chapter  Google Scholar 

  11. Clavier, C., Joye, M.: Universal exponentiation algorithm a first step towards provable SPA-resistance. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 300–308. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_25

    Chapter  Google Scholar 

  12. Coron, J.S.: Higher-Order Countermeasures for AES and DES (2017). https://github.com/coron/htable

  13. Couvreur, C., Quisquater, J.J.: Fast decipherment algorithm for RSA public-key cryptosystem. Electron. Lett. 18(21), 905–907 (1982)

    Article  Google Scholar 

  14. Dobraunig, C., Eichlseder, M., Gross, H., Mangard, S., Mendel, F., Primas, R.: Statistical ineffective fault attacks on masked AES with fault countermeasures. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 315–342. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_11

    Chapter  Google Scholar 

  15. Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3) (2018)

    Google Scholar 

  16. Dobraunig, C., Mangard, S., Mendel, F., Primas, R.: Fault attacks on nonce-based authenticated encryption: application to Keyak and Ketje. In: Cid, C., Jacobson Jr., M. (eds.) SAC 2018. LNCS, vol. 11349, pp. 257–277. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-10970-7_12

  17. Fan, J., Gierlichs, B., Vercauteren, F.: To infinity and beyond: combined attack on ECC using points of low order. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 143–159. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_10

    Chapter  MATH  Google Scholar 

  18. Fuhr, T., Jaulmes, É., Lomné, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: Fischer, W., Schmidt, J. (eds.) 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2013. IEEE Computer Society (2013)

    Google Scholar 

  19. Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comput. 55(9) (2006)

    Google Scholar 

  20. Gravellier, J., Dutertre, J., Teglia, Y., Loubet-Moundi, P.: SideLine: How Delay-Lines (May) Leak Secrets from your SoC. CoRR abs/2009.07773 (2020)

    Google Scholar 

  21. Gruber, M., Probst, M., Tempelmeier, M.: Statistical ineffective fault analysis of GIMLI. In: 2020 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2020. IEEE (2020)

    Google Scholar 

  22. Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014. IEEE Computer Society (2014)

    Google Scholar 

  23. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9

    Chapter  Google Scholar 

  24. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  25. Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 320–334. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_22

    Chapter  Google Scholar 

  26. Lipp, M., et al.: PLATYPUS: software-based power side-channel attacks on x86. In: 2021 IEEE Symposium on Security and Privacy (SP) (2021)

    Google Scholar 

  27. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_14

    Chapter  Google Scholar 

  28. Murdock, K., Oswald, D.F., Garcia, F.D., Bulck, J.V., Piessens, F., Gruss, D.: Plundervolt: how a little bit of undervolting can create a lot of trouble. IEEE Secur. Priv. 18(5) (2020)

    Google Scholar 

  29. Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45238-6_7

    Chapter  MATH  Google Scholar 

  30. Qiu, P., Wang, D., Lyu, Y., Qu, G.: VoltJockey: breaking SGX by software-controlled voltage-induced hardware faults. In: Asian Hardware Oriented Security and Trust Symposium, AsianHOST 2019. IEEE (2019)

    Google Scholar 

  31. Ramezanpour, K., Ampadu, P., Diehl, W.: A statistical fault analysis methodology for the ascon authenticated cipher. In: IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2019. IEEE (2019)

    Google Scholar 

  32. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_28

    Chapter  Google Scholar 

  33. Roche, T., Lomné, V., Khalfallah, K.: Combined fault and side-channel attack on protected implementations of AES. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 65–83. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27257-8_5

    Chapter  Google Scholar 

  34. Saha, S., Bag, A., Basu Roy, D., Patranabis, S., Mukhopadhyay, D.: Fault template attacks on block ciphers exploiting fault propagation. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 612–643. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_22

    Chapter  Google Scholar 

  35. Saha, S., Jap, D., Breier, J., Bhasin, S., Mukhopadhyay, D., Dasgupta, P.: Breaking redundancy-based countermeasures with random faults and power side channel. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2018. IEEE Computer Society (2018)

    Google Scholar 

  36. Saha, S., Kumar, S.N., Patranabis, S., Mukhopadhyay, D., Dasgupta, P.: ALAFA: automatic leakage assessment for fault attack countermeasures. In: Design Automation Conference, DAC 2019. ACM (2019)

    Google Scholar 

  37. Spruyt, A., Milburn, A., Chmielewski, L.: Fault injection as an oscilloscope: fault correlation analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(1) (2021)

    Google Scholar 

  38. Sung-Ming, Y., Kim, S., Lim, S., Moon, S.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 414–427. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45861-1_31

    Chapter  Google Scholar 

Download references

Acknowledgements

We would like to thank Christophe Giraud for his help during the redaction process as well as the anonymous reviewers of COSADE for pointing out some possible improvements on the initial submission.

Author information

Authors and Affiliations

  1. IDEMIA, Cryptography and Security Labs, Pessac, France

    Guillaume Barbu, Laurent Castelnovi & Thomas Chabrier

Authors
  1. Guillaume Barbu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Laurent Castelnovi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Chabrier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guillaume Barbu .

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Shivam Bhasin

  2. Siemens AG, Munich, Germany

    Fabrizio De Santis

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Barbu, G., Castelnovi, L., Chabrier, T. (2021). Generalizing Statistical Ineffective Fault Attacks in the Spirit of Side-Channel Attacks. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89915-8_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89914-1

  • Online ISBN: 978-3-030-89915-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation