Advertisement

A Survey on Fault Attacks

  • Christophe Giraud
  • Hugues Thiebeauld
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 153)

Abstract

Fault attacks described in cryptographic papers mostly apply to cryptographic algorithms, yet such attacks may have an impact on the whole system in a smart card. In this paper, we describe what can be achieved nowadays by using fault attacks in a smart card environment. After studying several ways of inducing faults, we describe attacks on the most popular cryptosystems and we discuss the problem of induced perturbations in the smart card environment. Finally we discuss how to find appropriate software countermeasures.

Keywords

Fault Attack Differential Fault Attack Side-Channel Attack Tamper Resistance Smart Card 

References

  1. [1]
    R. Anderson and M. Kuhn. Tamper Resistance-a Cautionary Note. In Proceedings of the 2 nd USENIX Workshop on Electronic Commerce, pages 1–11, 1996.Google Scholar
  2. [2]
    R. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In B. Christianson, B. Crispo, T. Mark, A. Lomas, and M. Roe, editors, 5 th Security Protocols Workshop, volume 1361 of LNCS, pages 125–136. Springer, 1997.Google Scholar
  3. [3]
    C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, and J.-P. Seifert. Fault attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In B. Kaliski Jr., Ç.K. Koç, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2002, volume 2523 of LNCS, pages 260–275. Springer, 2002.Google Scholar
  4. [4]
    F. Bao, R. Deng, Y. Han, A. Jeng, A. D. Narasimhalu, and T.-H. Ngair. Breaking Public Key Cryptosystems an Tamper Resistance Devices in the Presence of Transient Fault. In 5 th Security Protocols Workshop, volume 1361 of LNCS, pages 115–124. Springer-Verlag, 1997.Google Scholar
  5. [5]
    F. Beck. Integrated Circuit Failure Analysis-A Guide to Preparation Techniques. Wiley, 1998.Google Scholar
  6. [6]
    I. Biehl, B. Meyer, and V. Müller. Differential Fault Analysis on Elliptic Curve Cryptosystems. In M. Bellare, editor, Advances in Cryptology-CRYPTO 2000, volume 1880 of LNCS, pages 131–146. Springer-Verlag, 2000.Google Scholar
  7. [7]
    E. Biham and A. Shamir. Differential Fault Analysis of Secret Key Cryptosystem. In B.S. Kalisky Jr., editor, Advances in Cryptology-CRYPTO’ 97, volume 1294 of LNCS, pages 513–525. Springer-Verlag, 1997.Google Scholar
  8. [8]
    J. Blömer, M. Otto, and J.-P. Seifert. A New RSA-CRT Algorithm Secure Against Bellcore Attacks. In ACM-CCS’03. ACM Press, 2003.Google Scholar
  9. [9]
    J. Blömer and J.-P. Seifert. Fault based cryptanalysis of the Advanced Encryption Standard. In R.N. Wright, editor, Financial Cryptography-FC 2003, volume 2742 of LNCS. Springer-Verlag, 2003.Google Scholar
  10. [10]
    D. Boneh, R.A. DeMillo, and R.J. Lipton. On the Importance of Checking Cryptographic Protocols for Faults. In W. Fumy, editor, Advances in Cryptology-EUROCRYPT’ 97, volume 1233 of LNCS, pages 37–51. Springer-Verlag, 1997.Google Scholar
  11. [11]
    D. Boneh, R.A. DeMillo, and R.J. Lipton. On the Importance of Eliminating Errors in Cryptographic Computations. Journal of Cryptology, 14(2):101–119, 2001. An earlier version was published at EUROCRYPT’97 [10].CrossRefMathSciNetGoogle Scholar
  12. [12]
    C.-N. Chen and S.-M. Yen. Differential Fault Analysis on AES Key Schedule and Some Countermeasures. In R. Safavi-Naini and J. Seberry, editors, Information Security and Privacy-8th Australasian Conference-ACISP 2003, volume 2727 of LNCS, pages 118–129. Springer-Verlag, 2003.Google Scholar
  13. [13]
    M. Ciet and M. Joye. Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults. In Designs, Codes and Cryptography, 2004. To appear.Google Scholar
  14. [14]
    E. Dottax. Fault Attacks on NESSIE Signature and Identification Schemes. Technical report, NESSIE, Available from https://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase2/SideChan\_1.pdf, October 2002.Google Scholar
  15. [15]
    E. Dottax. Fault and chosen modulus attacks on some NESSIE asymetrique Primitives. Technical report, NESSIE, Available from https://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase2/ChosenModAtt2.pdf, February 2003.Google Scholar
  16. [16]
    P. Dusart, G. Letourneux, and O. Vivolo. Differential Fault Analysis on A.E.S. Cryptology ePrint Archive, Report 2003/010, 2003. http://eprint.iacr.org/.
  17. [17]
    C. Giraud. DFA on AES. Cryptology ePtint Archive, Report 2003/008, 2003. http://eprint.iacr.org/.
  18. [18]
    M. Joye, A.K. Lenstra, and J.-J. Quisquater. Chinese Remaindering Based Cryptosystems in the Presence of Faults. Journal of Cryptology, 12(4):241–246, 1999.CrossRefGoogle Scholar
  19. [19]
    M. Joye, J.-J. Quisquater, F. Bao, and R.H. Deng. RSA-type Signatures in the Presence of Transient Faults. In M. Darnell, editor, Cryptography and Coding, volume 1355 of LNCS, pages 155–160. Springer-Verlag, 1997.Google Scholar
  20. [20]
    M. Joye, J.-J. Quisquater, S.-M. Yen, and M. Yung. Observability Analysis-Detecting When Improved Cryptosystems Fail. In B. Preneel, editor, Topics in Cryptology-CT-RSA 2002, volume 2271 of LNCS, pages 17–29. Springer-Verlag, 2002.Google Scholar
  21. [21]
    V. Klíma and T. Rosa. Further Results and Considerations on Side Channel Attacks on RSA. In B. Kaliski Jr., Ç.K. Koç, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2002, volume 2523 of LNCS, pages 244–259. Springer-Verlag, 2002.Google Scholar
  22. [22]
    A.K. Lenstra. Memo on RSA Signature Generation in the Presence of Faults. Manuscript, 1996. Available from the author at arjen.lenstra@citicorp.com.Google Scholar
  23. [23]
    F. Koeune M. Joye and J.-J. Quisquater. Further results on Chinese remaindering. Technical Report CG-1997/1, UCL, 1997. Available from http://www.dice.ucl.ac.be/crypto/techreports.html.
  24. [24]
    D.P. Maher. Fault Induction Attacks, Tamper Resistance, and Hostile Reverse Engineering in Perspective. In R. Hirschfeld, editor, Financial Cryptography-FC’ 97, volume 1318 of LNCS, pages 109–121. Springer-Verlag, 1997.Google Scholar
  25. [25]
    G. Piret and J.-J. Quisquater. A Differential Fault Attack Technique Against SPN Structures, with Application to the AES and KHAZAD. In C.D. Walter, Ç.K. Koç, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2003, volume 2779 of LNCS, pages 77–88. Springer-Verlag, 2003.Google Scholar
  26. [26]
    D. Samyde, S. Skorobogatov, R. Anderson, and J.-J. Quisquater. On a New Way to Read Data from Memory. In First International IEEE Security in Storage Workshop, pages 65–69. IEEE Computer Society, 2002.Google Scholar
  27. [27]
    S. Skorobogatov and R. Anderson. Optical Fault Induction Attack. In B. Kaliski Jr., Ç.K. Koç, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2002, volume 2523 of LNCS, pages 2–12. Springer, 2002.Google Scholar
  28. [28]
    S.-M. Yen and J.Z. Chen. A DFA on Rijndael. In A.H. Chan and V. Gligor, editors, Information Security-ISC 2002, volume 2433 of LNCS. Springer, 2002.Google Scholar
  29. [29]
    S.-M. Yen and M. Joye. Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. on Computers, 49(9):967–970, 2000.Google Scholar
  30. [30]
    S.-M. Yen, S.-J. Kim, S.-G. Lim, and S.-J. Moon. A Countermeasure against one Physical Cryptanalysis May Benefit Another Attack. In K. Kim, editor, Information Security and Cryptology-ICISC 2001, volume 2288 of LNCS, pages 414–427. Springer-Verlag, 2001.Google Scholar
  31. [31]
    S.-M. Yen, S.J. Moon, and J.-C. Ha. Permanent Fault Attack on RSA with CRT. In R. Safavi-Naini and J. Seberry, editors, Information Security and Privacy-8th Australasian Conference-ACISP 2003, volume 2727 of LNCS, pages 285–296. Springer-Verlag, 2003.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Christophe Giraud
    • 1
  • Hugues Thiebeauld
    • 2
  1. 1.Oberthur Card SystemsPuteauxFrance
  2. 2.Thales MicroelectronicsCNES LAB.Toulouse Cedex 9France

Personalised recommendations