Advertisement

Yet Another Fault-Based Leakage in Non-uniform Faulty Ciphertexts

  • Yang Li
  • Yu-ichi Hayashi
  • Arisa Matsubara
  • Naofumi Homma
  • Takafumi Aoki
  • Kazuo Ohta
  • Kazuo Sakiyama
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8352)

Abstract

This paper discusses the information leakage that comes from the non-uniform distribution of the faulty calculation results for hardware AES implementations under setup-time violations. For the setup-time violation, it is more difficult to predict the faulty value than the introduced difference itself. Therefore, the faulty calculation results have been always paired with the fault-free calculations as the information leakage. However, the faulty calculation results under statistical analyses can directly leak the secret. This leakage is mainly caused by the circuit structure rather than the transition differences for variant input data. Generally, this work explains the mechanism of the non-uniform distribution of faulty calculation results. For the widely used composite field based AES S-box, we explain and demonstrate that the probability of the emergence of a particular faulty value is much higher than other values. We use the key recovery method proposed by Fuhr et al., and show the successful key recovery using only the faulty calculation results. In addition, against the attack target that encrypts random plaintexts, we extend the attack in case the faults are injected remotely using electromagnetic interference without any injection timing trigger.

Keywords

Fault analysis Non-uniform mapping Setup-time violation 

Notes

Acknowledgement

The authors would like to thank the anonymous reviewers of FPS 2013 for their insightful comments. This research was partially supported by SPACES project and Strategic International Cooperative Program (Joint Research Type), Japan Science and Technology Agency.

References

  1. 1.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  2. 2.
    Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)Google Scholar
  3. 3.
    Yen, S.-M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)CrossRefGoogle Scholar
  4. 4.
    Robisson, B., Manet, P.: Differential behavioral analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 413–426. Springer, Heidelberg (2007)Google Scholar
  5. 5.
    Moradi, A., Mischke, O., Paar, C., Li, Y., Ohta, K., Sakiyama, K.: On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 292–311. Springer, Heidelberg (2011)Google Scholar
  6. 6.
    Fuhr, T., Jaulmes, E., Lomne, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: FDTC 2013, pp. 108–118. IEEE (2013)Google Scholar
  7. 7.
    Hayashi, Y., Homma, N., Mizuki, T., Aoki, T., Sone, H.: Transient IEMI threats for cryptographic devices. IEEE Trans. Electromagn. Compat. 55, 140–148 (2013)CrossRefGoogle Scholar
  8. 8.
    Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 320–334. Springer, Heidelberg (2010)Google Scholar
  9. 9.
    Li, Y., Ohta, K., Sakiyama, K.: New fault-based side-channel attack using fault sensitivity. IEEE Trans. Inf. Forensics Secur. 7(1), 88–97 (2012)CrossRefGoogle Scholar
  10. 10.
    Li, Y., Ohta, K., Sakiyama, K.: A new type of fault-based attack: fault behavior analysis. IEICE Trans. 96–A, 177–184 (2013)CrossRefGoogle Scholar
  11. 11.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A compact Rijndael hardware architecture with S-Box optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 239. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Cryptographic Hardware Project SASEBO. http://www.aoki.ecei.tohoku.ac.jp/crypto/
  13. 13.
    Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P.: Efficient Rijndael encryption implementation with composite field arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 171–184. Springer, Heidelberg (2001)Google Scholar
  14. 14.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  15. 15.
    Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010)Google Scholar
  16. 16.
    Lashermes, R., Reymond, G., Dutertre, J.-M., Fournier, J., Robisson, B., Tria, A.: A DFA on AES based on the entropy of error distributions. In: Bertoni, G., Gierlichs, B. (eds.) FDTC, pp. 34–43. IEEE (2012)Google Scholar
  17. 17.
    Hayashi, Y., Gomisawa, S., Li, Y., Homma, N., Sakiyama, K., Aoki, T., Ohta, K.: Intentional electromagnetic interference for fault analysis on AES block cipher IC. In: 2011 8th Workshop on Electromagnetic Compatibility of Integrated Circuits (EMC Compo), pp. 235–240, November 2011Google Scholar
  18. 18.
    Hayashi, Y., Homma, N., Sugawara, T., Mizuki, T., Aoki, T., Sone, H.: Non-invasive trigger-free fault injection method based on intentional electromagnetic interference. In: Non-Invasive Attack Testing Workshop (NIAT) (2011)Google Scholar
  19. 19.
    Radasky, W.A., Baum, C.E., Wik, M.W.: Introduction to the special issue on high-power electromagnetics (HPEM) and intentional electromagnetic interference (IEMI). IEEE Trans. Electromagn. Compat. 46, 314–321 (2004)CrossRefGoogle Scholar
  20. 20.
    Research Center for Information Security (RCIS). Side-channel Attack Standard Evaluation Board (SASEBO). http://www.rcis.aist.go.jp/special/SASEBO/CryptoLSI-en.html

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yang Li
    • 1
  • Yu-ichi Hayashi
    • 2
  • Arisa Matsubara
    • 1
  • Naofumi Homma
    • 2
  • Takafumi Aoki
    • 2
  • Kazuo Ohta
    • 1
  • Kazuo Sakiyama
    • 1
  1. 1.The University of Electro-CommunicationsChofu-ShiJapan
  2. 2.Tohoku UniversitySendaiJapan

Personalised recommendations