Advertisement

FIMA: Fault Intensity Map Analysis

  • Keyvan RamezanpourEmail author
  • Paul Ampadu
  • William DiehlEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11421)

Abstract

We present a new statistical fault analysis technique called fault intensity map analysis (FIMA) that evaluates the responses of cryptographic implementations to biased-fault injections with varying intensities. FIMA exploits information from fault bias, as well as the correlation between fault distribution and intensity, to retrieve the secret key with fewer fault injections than existing techniques. FIMA generalizes several existing statistical fault analysis techniques, such as fault sensitivity analysis (FSA), differential fault intensity analysis (DFIA), ciphertext-only fault analysis (CFA), and statistical ineffective fault analysis (SIFA). FIMA has the flexibility of using different observables, e.g., faulty ciphertexts, correct ciphertexts under ineffective fault inductions, and data-dependent intensity profiles, and is successful against a wide range of countermeasures. In this paper, we use FIMA to retrieve the entire 128-bit secret key of the Ascon authenticated cipher, a CAESAR finalist for lightweight applications. On a software implementation of Ascon, simulations show that FIMA recovers the secret key with fewer than 50% of the fault injections required by previous techniques that rely on fault bias alone; furthermore, in the presence of error-detection and infective countermeasures, FIMA is \(6\times \) more efficient than previous bias-based techniques.

Keywords

Authenticated encryption Fault bias Fault image Fault intensity FIMA SIFA Statistical fault analysis 

Notes

Acknowledgement

This work was supported by NIST award 70NANB18H219 for Lightweight Cryptography in Hardware and Embedded Systems.

References

  1. 1.
    Ali, S.S., Mukhopadhyay, D., Tunstall, M.: Differential fault analysis of AES: towards reaching its limits. J. Cryptogr. Eng. 3(2), 73–97 (2013)CrossRefGoogle Scholar
  2. 2.
    Banik, S., Maitra, S., Sarkar, S.: Improved differential fault attack on MICKEY 2.0. J. Cryptogr. Eng. 5(1), 13–29 (2015)CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.: Cryptographic competitions (2016). https://competitions.cr.yp.to/caesar.html
  4. 4.
    Blondeau, C., Gérard, B., Nyberg, K.: Multiple differential cryptanalysis using LLR and \(\chi ^2 \) statistics. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 343–360. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32928-9_19CrossRefzbMATHGoogle Scholar
  5. 5.
    Chakraborty, A., Mazumdar, B., Mukhopadhyay, D.: A combined power and fault analysis attack on protected grain family of stream ciphers. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 36(12), 1968–1977 (2017)CrossRefGoogle Scholar
  6. 6.
    Dobraunig, C., Eichlseder, M., Korak, T., Lomné, V., Mendel, F.: Statistical fault attacks on nonce-based authenticated encryption schemes. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 369–395. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_14CrossRefGoogle Scholar
  7. 7.
    Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. IACR Trans. Cryptogr. Hardw. Embedded Syst. 2018, 547–572 (2018)Google Scholar
  8. 8.
    Fuhr, T., Jaulmes, E., Lomné, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 108–118. IEEE (2013)Google Scholar
  9. 9.
    Ghalaty, N.F., Yuce, B., Schaumont, P.: Differential fault intensity analysis on PRESENT and LED block ciphers. In: Mangard, S., Poschmann, A.Y. (eds.) COSADE 2014. LNCS, vol. 9064, pp. 174–188. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-21476-4_12CrossRefGoogle Scholar
  10. 10.
    Ghalaty, N.F., Yuce, B., Schaumont, P.: Analyzing the efficiency of biased-fault based attacks. Embedded Syst. Lett. 8(2), 33–36 (2016)CrossRefGoogle Scholar
  11. 11.
    Ghalaty, N.F., Yuce, B., Taha, M., Schaumont, P.: Differential fault intensity analysis. In: 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 49–58. IEEE (2014)Google Scholar
  12. 12.
    Kermani, M.M., Jalali, A., Azarderakhsh, R., Xie, J., Choo, K.K.R.: Reliable inversion in GF(2 8) with redundant arithmetic for secure error detection of cryptographic architectures. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 37(3), 696–704 (2018)CrossRefGoogle Scholar
  13. 13.
    Lashermes, R., Reymond, G., Dutertre, J.M., Fournier, J., Robisson, B., Tria, A.: A DFA on AES based on the entropy of error distributions. In: 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 34–43. IEEE (2012)Google Scholar
  14. 14.
    Li, W., et al.: Ciphertext-only fault analysis on the led lightweight cryptosystem in the internet of things. IEEE Trans. Dependable Secure Comput. (2018)Google Scholar
  15. 15.
    Li, W., et al.: Impossible differential fault analysis on the LED lightweight cryptosystem in the vehicular ad-hoc networks. EEE Trans. Dependable Secure Comput. 13(1), 84–92 (2016)CrossRefGoogle Scholar
  16. 16.
    Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 320–334. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15031-9_22CrossRefGoogle Scholar
  17. 17.
    Maitra, S., Siddhanti, A., Sarkar, S.: A differential fault attack on plantlet. IEEE Trans. Comput. 66(10), 1804–1808 (2017)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Patranabis, S., Chakraborty, A., Mukhopadhyay, D.: Fault tolerant infective countermeasure for AES. J. Hardw. Syst. Secur. 1(1), 3–17 (2017)CrossRefGoogle Scholar
  19. 19.
    Patranabis, S., Chakraborty, A., Mukhopadhyay, D., Chakrabarti, P.P.: Fault space transformation: a generic approach to counter differential fault analysis and differential fault intensity analysis on AES-like block ciphers. IEEE Trans. Inf. Forensics Secur. 12(5), 1092–1102 (2017)CrossRefGoogle Scholar
  20. 20.
    Patranabis, S., et al.: Lightweight design-for-security strategies for combined countermeasures against side channel and fault analysis in IoT applications. J. Hardw. Syst. Secur., 1–29 (2018)Google Scholar
  21. 21.
    Potestad-Ordóñez, F., Jiménez-Fernández, C., Valencia-Barrero, M.: Experimental and timing analysis comparison of FPGA trivium implementations and their vulnerability to clock fault injection. In: 2016 Conference on Design of Circuits and Integrated Systems (DCIS), pp. 1–6. IEEE (2016)Google Scholar
  22. 22.
    Saarinen, M.-J.O.: Beyond modes: building a secure record protocol from a cryptographic sponge permutation. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 270–285. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-04852-9_14CrossRefGoogle Scholar
  23. 23.
    Song, L., Hu, L.: Differential fault attack on the PRINCE block cipher. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 43–54. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40392-7_4CrossRefGoogle Scholar
  24. 24.
    Van Erven, T., Harremos, P.: Rényi divergence and kullback-leibler divergence. IEEE Trans. Inf. Theory 60(7), 3797–3820 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Virginia TechBlacksburgUSA

Personalised recommendations