Fault Tolerant Infective Countermeasure for AES

  • Sikhar PatranabisEmail author
  • Abhishek Chakraborty
  • Debdeep Mukhopadhyay


Infective countermeasures have been a promising class of fault attack countermeasures. However, they have been subjected to several attacks owing to lack of formal proofs of security and improper implementations. In this paper, we first provide a formal information theoretic proof of security for one of the most recently proposed state of the art infective countermeasures against DFA, under the assumption that the adversary does not change the flow sequence or skip any instruction. Subsequently, we identify weaknesses in the infection mechanism of the countermeasure that could be exploited by attacks which change the flow sequence. Furthermore, we propose an augmented infective countermeasure scheme obtained by introducing suitable randomizations that reduce the success probabilities of such attacks. Finally, we develop a fault tolerant implementation of the countermeasure using the x86 instruction set to make any attacks which attempt to change the control flow of the algorithm via instruction skips practically infeasible. All the claims have been validated by supporting simulations and real-life experiments on a SASEBO-W platform. We also compare the fault tolerance provided by our proposed countermeasure scheme against that provided by the existing scheme.


Infective countermeasure AES Randomization Instruction skip Fault attack 


  1. 1.
    Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Kaliski BS Jr (ed) Advances in cryptology – CRYPTO 1997, volume 1294 of lecture notes in computer science, pp 513–525. SpringerGoogle Scholar
  2. 2.
    Boneh D, DeMillo RA, Lipton RJ (1997) On the importance of checking cryptographic protocols for faults. In: Fumy W (ed) Advances in cryptology – EUROCRYPT 1997, volume 1233 of lecture notes in computer science, pp 37–51. SpringerGoogle Scholar
  3. 3.
    Ghalaty N, Yuce B, Taha M, Schaumont P (2014) Differential fault intensity analysis 2014 workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEEGoogle Scholar
  4. 4.
    Blömer J, Seifert J-P (2003) Fault based cryptanalysis of the advanced encryption standard (AES). In: Wright R N (ed) Financial cryptography, volume 2742 of lecture notes in computer science, pp 162–181. SpringerGoogle Scholar
  5. 5.
    Malkin TG, Standaert F-X, Yung M (2006) A comparative cost/security analysis of fault attack countermeasures Fault diagnosis and tolerance in cryptography, pp 159–172. SpringerGoogle Scholar
  6. 6.
    Maistri P, Leveugle R (2008) Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans Comput 57(11):1528–1539MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Patranabis S, Chakraborty A, Nguyen PH, Mukhopadhyay D (2015) A biased fault attack on the time redundancy countermeasure for AES Constructive side-channel analysis and secure design. SpringerGoogle Scholar
  8. 8.
    Lomné V, Roche T, Thillard A (2012) On the need of randomness in fault attack countermeasures—application to AES. In: Bertoni G, Gierlichs B (eds) Fault diagnosis and tolerance in cryptography – FDTC 2012, pp 85–94. IEEE Computer SocietyGoogle Scholar
  9. 9.
    Gierlichs B, Schmidt J-M, Tunstall M (2012) Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. In: Hevia A, Neven G (eds) Progress in cryptology – LATINCRYPT 2012, volume 7533 of lecture notes in computer science, pp 305–321. SpringerGoogle Scholar
  10. 10.
    Battistello A, Giraud C (2013) Fault analysis of infective AES computations. In: Fischer W, Schmidt J-M (eds) Fault diagnosis and tolerance in cryptography – FDTC 2013, pp 101–107. IEEE Computer SocietyGoogle Scholar
  11. 11.
    Tupsamudre H, Bisht S, Mukhopadhyay D (2014) Destroying fault invariant with randomization Cryptographic hardware and embedded systems–CHES 2014, pp 93–111. SpringerGoogle Scholar
  12. 12.
    Schmidt J, Herbst C (2008) A practical fault attack on square and multiply 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, 2008. FDTC’08, pp 53–58. IEEEGoogle Scholar
  13. 13.
    Barenghi A, Bertoni GM, Breveglieri L, Pelosi G (2013) A fault induction technique based on voltage underfeeding with application to attacks against aes and rsa. J Syst Softw 86(7):1864–1878CrossRefGoogle Scholar
  14. 14.
    Balasch J, Gierlichs B (2011) Ingrid Verbauwhede. An in-depth and black-box characterization of the effects of clock glitches on 8-bit mcus 2011 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 105–114. IEEEGoogle Scholar
  15. 15.
    Dehbaoui Ax, Dutertre J-M, Robisson B, Tria A (2012) Electromagnetic transient faults injection on a hardware and a software implementations of aes 2012 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 7–15. IEEEGoogle Scholar
  16. 16.
    Trichina E, Korkikyan R (2010) Multi fault laser attacks on protected crt-rsa 2010 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 75–86. IEEEGoogle Scholar
  17. 17.
    Piret G, Quisquater J-J (2003) A Differential fault attack technique against SPN structures, with application to the AES and KHAZAD Cryptographic hardware and embedded systems, CHES 2003, pp 77–88. SpringerGoogle Scholar
  18. 18.
    Mukhopadhyay D (2009) An improved fault based attack of the advanced encryption standard. In: Preneel B (ed) Progress in cryptology – AFRICACRYPT 2009, volume 5580 of lecture notes in computer science, pp 421–434. SpringerGoogle Scholar
  19. 19.
    Tunstall M, Mukhopadhyay D, Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault Information security theory and practice. Security and privacy of mobile devices in wireless communication, pp 224–233. SpringerGoogle Scholar
  20. 20.
    Fuhr T, Jaulmes E, Lomne V, Thillard A (2013) Fault attacks on AES with faulty ciphertexts only 2013 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 108–118. IEEEGoogle Scholar
  21. 21.
    Robisson B, Manet P (2007) Differential behavioral analysis Proceedings of the 9th international workshop on cryptographic hardware and embedded systems, 2007. CHES 2007, pp 413–426. Vienna, AustriaGoogle Scholar
  22. 22.
    Li Y, Sakiyama K, Gomisawa S, Fukunaga T, Takahashi J, Ohta K (2010) Fault sensitivity analysis. Cryptographic hardware and embedded systems, CHES 2010, pp 320–334. SpringerGoogle Scholar
  23. 23.
    Mischke O, Moradi A, Güneysu T (2014) Fault sensitivity analysis meets zero-value attack 2014 Workshop on fault diagnosis and tolerance in cryptography FDTC 2014, Busan, South Korea, September 23, 2014, pp 59–67Google Scholar
  24. 24.
    Joye M, Manet P, Rigaud J-B (2007) Strengthening hardware aes implementations against fault attacks. IET Inf Secur 1(3):106– 110CrossRefGoogle Scholar
  25. 25.
    Guo X, Karri R (2013) Recomputing with permuted operands: a concurrent error detection approach. IEEE Trans Comput Aided Des Integr Circuits Syst 32(10):1595–1608CrossRefGoogle Scholar
  26. 26.
    Bringer J, Carlet C, Chabanne H, Guilley S, Maghrebi H (2014) Orthogonal direct sum masking Information security theory and practice. Securing the internet of things, pp 40–56. SpringerGoogle Scholar
  27. 27.
    Heydemann K, Moro N, Encrenaz E, Robisson B (2013) Formal verification of a software countermeasure against instruction skip attacks PROOFSGoogle Scholar
  28. 28.
    Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices Theory, practice, and countermeasures. Proc IEEE 100(11):3056–3076CrossRefGoogle Scholar

Copyright information

© Springer 2017

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringIIT KharagpurKharagpurIndia

Personalised recommendations