Physical Security Bounds Against Tampering

  • Kerstin Lemke
  • Christof Paar
  • Ahmad-Reza Sadeghi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3989)


We consider the problem of an active adversary physically manipulating computations of a cryptographic device that is implemented in circuitry. Which kind of circuit based security can ever be guaranteed if all computations are vulnerable towards fault injection? In this paper, we define physical security parameters against tampering adversaries. Therefore, we present an adversarial model with a strong focus on fault injection techniques based on radiation and particle impact. Physical implementation strategies to counteract tampering attempts are discussed.


Fault Analysis Tamper-Proof Hardware Physical Security Implementation Attack Adversarial Model Fault Prevention Error Detection Fault Detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ISO 13491-1:1998 Banking – Secure cryptographic devices (retail)– Part 1: Concepts, requirements and evaluation methodsGoogle Scholar
  2. 2.
    FIPS PUB 140-2, Security Requirements for Cryptographic Modules (2001)Google Scholar
  3. 3.
    Anderson, R., Kuhn, M.: Tamper Resistance — A Cautionary Note. In: The Second USENIX Workshop on Electronic Commerce Proocedings, pp. 1–11 (1996)Google Scholar
  4. 4.
    Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In: Jr. et al. [14], pp. 260–275Google Scholar
  5. 5.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprenctice’s Guide to Fault Attacks, Technical report (2004), available at:
  6. 6.
    Biham, E., Granboulan, L., Nguyễn, P.Q.: Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 359–367. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Biham, E., Shamir, A.: The Next Stage of Differential Fault Analysis: How to break completely unknown cryptosystems (1996), available at:
  8. 8.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  10. 10.
    Fournier, J.J.A., Moore, S.W., Li, H., Mullins, R.D., Taylor, G.S.: Security evaluation of asynchronous circuits. In: Walter, et al. (eds.) [27], pp. 137–151Google Scholar
  11. 11.
    Gennaro, R., Lysyanskaya, A., Malkin, T.G., Micali, S., Rabin, T.: Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 258–277. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Havener, W.N., Medlock, R.J., Mitchell, L.D., Walcott, R.J.: Derived Test Requirements for FIPS PUB 140-1, Security Requirements for Cryptographic Modules (1995)Google Scholar
  13. 13.
    Hoch, J.J., Shamir, A.: Fault Analysis of Stream Ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.): CHES 2002. LNCS, vol. 2523. Springer, Heidelberg (2003)Google Scholar
  15. 15.
    Karri, R., Kuznetsov, G., Goessel, M.: Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers. In: Walter, et al. (eds.) [27], pp. 113–124Google Scholar
  16. 16.
    Kömmerling, O., Kuhn, M.G.: Design Principles for Tamper-Resistant Smartcard Processors. In: Proceedings of the USENIX Workshop on Smartcard Technology (Smartcard 1999), pp. 9–20 (1999)Google Scholar
  17. 17.
    Lemke, K., Paar, C.: An Adversarial Model for Fault Analysis against Low-Cost Cryptographic Devices. In: Workshop on Fault Detection and Tolerance in Cryptography, pp. 82–94 (2005)Google Scholar
  18. 18.
    Leveugle, R.: Early Analysis of Fault Attack Effects for Cryptographic Hardware. In: Workshop on Fault Detection and Tolerance in Cryptography (2004)Google Scholar
  19. 19.
    Liardet, P.-Y., Teglia, Y.: From Reliability to Safety. In: Workshop on Fault Detection and Tolerance in Cryptography (2004)Google Scholar
  20. 20.
    Malkin, T.G., Standaert, F.-X., Yung, M.: A Comparative Cost/Security Analysis of Fault Attack Countermeasures. In: Workshop on Fault Detection and Tolerance in Cryptography, pp. 109–123 (2005)Google Scholar
  21. 21.
    National Institute of Standards and Technology (NIST). Physical Reference Data, available at:
  22. 22.
    Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In: Walter, et al. (eds.) [27], pp. 77–88Google Scholar
  23. 23.
    Samyde, D., Quisquater, J.-J.: Eddy Current for Magnetic Analysis with Active Sensor. In: Proceedings of ESmart 2002, pp. 185–194 (2002)Google Scholar
  24. 24.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Skorobogatov, S.S.: Semi-invasive attacks — A new approach to hardware security analysis Technical report (2005), available at:
  26. 26.
    Standaert, F.-X., Batina, L., de Mulder, E., Lemke, K., Oswald, E., Piret, G.: ECRYT D.VAM.4: Electromagnetic Analysis and Fault Attacks: State of the Art. Technical report (2005)Google Scholar
  27. 27.
    Walter, C.D., Koç, Ç.K., Paar, C. (eds.): CHES 2003. LNCS, vol. 2779. Springer, Heidelberg (2003)MATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Kerstin Lemke
    • 1
  • Christof Paar
    • 1
  • Ahmad-Reza Sadeghi
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumBochumGermany

Personalised recommendations