Advertisement

Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

Right or wrong collision rate analysis without profiling: full-automatic collision fault attack

Abstract

In CHES 2010, Fault Sensitivity Analysis (FSA) on Advanced Encryption Standard (AES) hardware circuit based on S-box setup-time acquired by injecting clock glitches is proposed. Soon after, some improvements of FSA were presented such as colliding timing characteristics from Moradi et al. However, the acquisition of timing characteristics requires complex procedure due to the very gradual decrease of clock glitch cycle and the heavy requirements of setup-time samples. In HOST 2015, Wang et al. presented template-based right or wrong collision rate attack to improve the efficiency of FSA, but its profiling and plaintexts-choice procedures required too many encryptions. In this paper, we fix only one specific clock glitch cycle, and take the right or wrong collision rate as a collision distinguisher. So, the whole process is a non-profiling collision attack which can be executed automatically without massive pre-computations and interactions between PC and signal generator. According to the experiments, 256 encryptions are enough for exactly deciding whether two plaintext bytes can induce an S-box collision. Compared with the existing power analysis and FSA-based attacks on AES hardware, it costs negligible time (about 6.65 s) and storage space (only one byte), and no offline computations for finding the collision between two masked S-boxes. Furthermore, our study shows that the signal-to-noise ratio in FSA-based attacks is much higher than power-based attacks.

This is a preview of subscription content, log in to check access.

References

  1. 1

    Kocher P. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Advances in Cryptology—CRYPTO’96. Berlin: Springer, 1996. 104–113

  2. 2

    Bogdanov A. Improved side-channel collision attacks on AES. In: Selected Areas in Cryptography. Berlin: Springer, 2007. 84–95

  3. 3

    Bogdanov A. Multiple-differential side-channel collision attacks on AES. In: Cryptographic Hardware and Embedded Systems—CHES 2008. Berlin: Springer, 2008. 30–44

  4. 4

    Schramm K, Leander G, Felke P, et al. A collision-attack on AES combining side channel- and differential-attack. In: Cryptographic Hardware and Embedded Systems—CHES 2004. Berlin: Springer, 2004. 163–175

  5. 5

    Schramm K, Wollinger T J, Paar C. A new class of collision attacks and its application to DES. In: Fast Software Encryption. Berlin: Springer, 2003. 206–222

  6. 6

    Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems—CHES 2004. Berlin: Springer, 2004. 16–29

  7. 7

    Bogdanov A, Kizhvatov I. Beyond the limits of DPA: combined side-channel collision attacks. IEEE Trans Comput, 2012, 61: 1153–1164

  8. 8

    Clavier C, Feix B, Gagnerot G, et al. Improved collision-correlation power analysis on first order protected AES. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 49–62

  9. 9

    Oswald E, Mangard S, Herbst C, et al. Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Topics in Cryptology—CT-RSA 2006. Berlin: Springer, 2006. 192–207

  10. 10

    Chair S, Rao J R, Rohatgi P. Template attacks. In: Cryptographic Hardware and Embedded Systems—CHES 2002. Berlin: Springer, 2003. 13–28

  11. 11

    Biham E, Shamir A. Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology—CRYPTO’97. Berlin: Springer, 1997. 513–525

  12. 12

    Ege B, Eisenbarth T, Batina L. Near collision side channel attacks. In: Selected Areas in Cryptography—SAC 2015 Cryptology. Berlin: Springer. 2015. 277–292

  13. 13

    Ye X, Chen C, Eisenbarth T. Non-linear collision analysis. In: Radio Frequency Identification: Security and Privacy Issues. Berlin: Springer, 2014. 198–214

  14. 14

    Li Y, Sakiyama K, Gomisawa S, et al. Fault sensitivity analysis. In: Cryptographic Hardware and Embedded Systems, CHES 2010. Berlin: Springer, 2010. 320–334

  15. 15

    Moradi A, Mischke O, Eisenbarth T. Correlation-enhanced power analysis collision attack. In: Cryptographic Hardware and Embedded Systems, CHES 2010. Berlin: Springer, 2010. 125–139

  16. 16

    Moradi A, Mischke O, Paar C, et al. On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 292–311

  17. 17

    Wang A, Chen M, Wang Z Y, et al. Fault rate analysis: breaking masked AES hardware implementations efficiently. IEEE Trans Circ Syst, 2013, 60: 517–521

  18. 18

    Ren Y T,Wang A, Wu L J. Transient-steady effect attack on block ciphers. In: Cryptographic Hardware and Embedded Systems—CHES 2015. Berlin: Springer, 2015. 433–450

  19. 19

    Wang Q, Wang A, Wu L J, et al. Template attack on masking AES based on fault sensitivity analysis. In: Proceedings of IEEE International Symposium on Hardware Oriented Security and Trust (HOST 2015), Washington, 2015. 96–99

  20. 20

    Mangard S, Aigner M, Dominikus S. A highly regular and scalable AES hardware architecture. IEEE Trans Comput, 2003, 52: 483–491

  21. 21

    Canright D. A very compact S-box for AES. In: Cryptographic Hardware and Embedded Systems—CHES 2005. Berlin: Springer, 2005. 441–455

  22. 22

    Paar C. Efficient VLSI architectures for bit-parallel computation in Galois fields. Dissertation for Ph.D. Degree. Essen: University of Essen, 1994

  23. 23

    Rudra A, Dubey P K, Jutla C S, et al. Efficient Rijdael encryption implementation with composite field arithmetic. In: Cryptographic Hardware and Embedded Systems—CHES 2001. Berlin: Springer, 2001. 171–184

  24. 24

    Morioka S, Satoh A. An optimized S-box circuit architecture for low power AES design. In: Cryptographic Hardware and Embedded Systems—CHES 2002. Berlin: Springer, 2003. 172–186

  25. 25

    Canright D, Batina L. A very compact “perfectly masked” S-box for AES. In: Applied Cryptography and Network Security. Berlin: Springer, 2008. 446–459

  26. 26

    Genelle L, Prouff E, Quisquater M. Thwarting higher-order side channel analysis with additive and multiplicative maskings. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 240–255

  27. 27

    Kim H, Hong S, Lim J. A fast and provably secure higher-order masking of AES S-box. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Berlin: Springer, 2011. 95–107

  28. 28

    Endo S, Sugawara T, Homma N, et al. An on-chip glitchy-clock generator for testing fault injection attacks. J Cryptogr Eng, 2011, 1: 265–270

Download references

Acknowledgments

This work was supported by National Natural Science Foundation of China (Grant Nos. 61402252, 61402536), Beijing Natural Science Foundation (Grant No. 4162053), Foundation of Science and Technology on Information Assurance Laboratory (Grant No. KJ-15-005), and Beijing Institute of Technology Research Fund Program for Young Scholars.

Author information

Correspondence to Liehuang Zhu.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wang, A., Zhang, Y., Tian, W. et al. Right or wrong collision rate analysis without profiling: full-automatic collision fault attack. Sci. China Inf. Sci. 61, 032101 (2018). https://doi.org/10.1007/s11432-016-0616-4

Download citation

Keywords

  • fault sensitivity analysis
  • right or wrong collision rate analysis
  • masking
  • collision attack