Optimizing Electromagnetic Fault Injection with Genetic Algorithms
Fault injection is a serious threat for implementations of cryptography, especially on small embedded devices. In particular, electromagnetic fault injection (EMFI) is a powerful active attack, requiring minimal modifications on the device under attack while having excellent penetration capabilities. The challenge is in finding the right combination of the attack parameters and their values. Namely, the number of possible combinations (for all the values of relevant parameters) is typically huge and rendering exhaustive search impossible.
In this chapter, we introduce this problem and we survey some previous attempts for solving it. We also present a novel evolutionary algorithm for optimizing the parameters search for EM fault injection that outperforms all known search methods for EMFI. The results are widely applicable as the cryptographic device under attack is considered a black box, with only a few very general assumptions on its inner workings.
We test our novel evolutionary algorithm by attacking the SHA-3 algorithm. Our results leverage 40 times more faulty measurements and 20 times more distinct fault measurements than one could obtain with a random search. When this methodology is coupled with the algebraic fault attack, we get 25% more exploitable faults per individual measurement.
This work has been supported in part by Croatian Science Foundation under the project IP-2014-09-4882 and by the Technology Foundation TTW (Project 13499 TYPHOON), from the Dutch government.
- 1.A. Aghaie, A. Moradi, S. Rasoolzadeh, F. Schellenberg, T. Schneider, Impeccable circuits, Cryptology ePrint Archive, Report 2018/203, 2018. https://eprint.iacr.org/2018/203
- 2.C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, J.-P. Seifert, Fault attacks on RSA with CRT: concrete results and practical countermeasures, in CHES, pp. 260–275 (2002)Google Scholar
- 4.N. Bagheri, N. Ghaedi, S.K. Sanadhya, Differential fault analysis of SHA-3, in Progress in Cryptology–INDOCRYPT 2015 (Springer, Cham, 2015), pp. 253–269Google Scholar
- 5.G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, The Keccak reference, January 2011. http://keccak.noekeon.org/
- 6.D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of checking cryptographic protocols for faults (extended abstract), in Advances in Cryptology - Proceeding of the EUROCRYPT ‘97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, May 11–15 (1997), pp. 37–51Google Scholar
- 7.E. Cagli, C. Dumas, E. Prouff, Convolutional neural networks with data augmentation against jitter-based countermeasures - profiling attacks without pre-processing, in Cryptographic Hardware and Embedded Systems - CHES 2017 - Proceedings of the 19th International Conference, 2017, Taipei, September 25–28 (2017), pp. 45–68Google Scholar
- 8.R.B. Carpi, S. Picek, L. Batina, F. Menarini, D. Jakobovic, M. Golub, Glitch it if you can: parameter search strategies for successful fault injection, in Smart Card Research and Advanced Applications, ed. by A. Francillon, P. Rohatgi (Springer, Cham, 2014), pp. 236–252Google Scholar
- 13.O. Kömmerling, M.G. Kuhn, Design principles for tamper-resistant smartcard processors, in Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology (USENIX Association, Berkeley, 1999), pp. 2–2Google Scholar
- 14.L. Lerman, G. Bontempi, O. Markowitch, Side channel attack: an approach based on machine learning, in Second International Workshop on Constructive SideChannel Analysis and Secure Design, pp. 29–41 (Center for Advanced Security Research, Darmstadt, 2011)Google Scholar
- 15.P. Luo, Y. Fei, L. Zhang, A.A. Ding, Differential fault analysis of SHA3-224 and SHA3-256, in 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 4–15 (2016)Google Scholar
- 18.M. Madau, M. Agoyan, P. Maurine, An EM fault injection susceptibility criterion and its application to the localization of hotspots, in International Conference on Smart Card Research and Advanced Applications (Springer, Cham, 2017), pp. 180–195Google Scholar
- 20.C. O’Flynn, Fault injection using crowbars on embedded systems, Cryptology ePrint Archive, Report 2016/810 (2016). https://eprint.iacr.org/2016/810
- 21.S. Ordas, L. Guillaume-Sage, P. Maurine, EM injection: fault model and locality, in Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2015 (IEEE, Piscataway, 2015), pp. 3–13Google Scholar
- 22.S. Picek, L. Batina, D. Jakobovic, R.B. Carpi, Evolving genetic algorithms for fault injection attacks, in 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), May (2014), pp. 1106–1111Google Scholar
- 24.S. Picek, A. Heuser, A. Jovic, S.A. Ludwig, S. Guilley, D. Jakobovic, N. Mentens, Side-channel analysis and machine learning: a practical perspective, in 2017 International Joint Conference on Neural Networks, IJCNN 2017, Anchorage, AK, May 14–19 (2017), pp. 4095–4102Google Scholar