Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures

  • C. Aumüller
  • P. Bier
  • W. Fischer
  • P. Hofreiter
  • J.-P. Seifert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2523)

Abstract

This article describes concrete results and practically validated countermeasures concerning differential fault attacks on RSA using the CRT. We investigate smartcards with an RSA coprocessor where any hardware countermeasures to defeat fault attacks have been switched off. This scenario was chosen in order to analyze the reliability of software countermeasures. We start by describing our laboratory setting for the attacks. Hereafter, we describe the experiments and results of a straightforward implementation of a well-known countermeasure. This implementation turned out to be not sufficient. With the data obtained by these experiments we developed a practical error model. This enabled us to specify enhanced software countermeasures for which we were not able to produce any successful attacks on the investigated chips. Nevertheless, we are convinced that only sophisticated hardware countermeasures (sensors, filters, etc.) in combination with software countermeasures will be able to provide security.

Keywords

Bellcore attack Chinese Remainder Theorem Fault attacks Hardware security RSA Spike attacks Software countermeasures Transient fault model 

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • C. Aumüller
    • 1
  • P. Bier
    • 1
  • W. Fischer
    • 1
  • P. Hofreiter
    • 1
  • J.-P. Seifert
    • 1
  1. 1.Infineon Technologies Security & ChipCard ICsMunichGermany

Personalised recommendations