Differential Behavioral Analysis

  • Bruno Robisson
  • Pascal Manet
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4727)


This paper describes an attack on cryptographic devices called Differential Behavioral Analysis (or DBA). This is an hybrid attack between two already powerful attacks: differential power analysis (DPA) for the statistical treatment and safe-error attack for the fault type. DBA, simulated on an algorithmic model of AES appears to be very efficient. The attacker is able to recover the entire secret key with byte-wise “stuck-at” faults injected repetitively. A theorical as well as a more realistic approach are presented.


Differential Behavioral Analysis Differential Power Analysis Fault Attacks Safe-Error Block Ciphers AES 


  1. [ADI]
  2. [BBKP02]
    Bertoni, G., Breveglieri, L., Koren, I., Piuri, V.: Fault detection in the Advanced Encryption Standard. In: Proceedings of MPCS 2002, Ischia, Italy (2002)Google Scholar
  3. [BCO04]
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: CHES, pp. 16–29 (2004)Google Scholar
  4. [BDL97]
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  5. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. In: First Workshop on Fault Detection and Tolerance in Cryptography, Florence, Italy (June 1, 2004)Google Scholar
  6. [BK06]
    Blömer, J., Krummel, V.: Fault based collision attacks on aes. In: FDTC, pp. 106–120 (2006)Google Scholar
  7. [BS97]
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  8. [BS03]
    Blömer, J., Seifert, J.-P.: Fault based cryptanalysis of the Advanced Encryption Standard (AES). In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 162–181. Springer, Heidelberg (2003)Google Scholar
  9. [CIM]
  10. [CT05]
    Choukri, H., Tunstall, M.: Round reduction using faults. In: FDTC 2005: Proceedings of the second Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 13–24 (2005)Google Scholar
  11. [DR02]
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  12. [Gir05]
    Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) Advanced Encryption Standard – AES. LNCS, vol. 3373, pp. 27–41. Springer, Heidelberg (2005)Google Scholar
  13. [KJJ99]
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  14. [KK99]
    Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: Proceedings of the USENIX Workshop on Smartcard Technology, Chicago, May 10-11, 1999, pp. 9–20 (1999)Google Scholar
  15. [KKT04]
    Karpovsky, M.G., Kulikowski, K.J., Taubin, A.: Robust protection against fault injection attacks on smart cards implementing the Advanced Encryption Standard. In: 2004 International Conference on Dependable Systems and Networks (DSN 2004), pp. 93–101. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  16. [KWMK02]
    Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent error detection scheme for fault-based side-channel cryptanalysis of symmetric block ciphers. IEEE Transactions on Computer-Aided Design 21(12), 1509–1517 (2002)CrossRefGoogle Scholar
  17. [MR06]
    Monnet, Y., Renaudin, M.: Designing resistant circuits against malicious faults injection using asynchronous logic. IEEE Trans. Comput. 55(9), 1104–1115 (2006)CrossRefGoogle Scholar
  18. Monnet, Y., Renaudin, M., Leveugle, R., Clavier, C., Moitrel, P.: Case study of a fault attack on asynchronous des crypto-processors. In: FDTC, pp. 88–97 (2006)Google Scholar
  19. [MSY05]
    Malkin, T.G., Standaert, F.-X., Yung, M.: A comparative cost/security analysis of fault attack countermeasures. In: Second Workshop on Fault Detection and Tolerance in Cryptography, Edinburgh, UK, September 2, pp. 109–123 (2005)Google Scholar
  20. [NIS01]
    NIST: Announcing the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication, n. 197 (November 26, 2001)Google Scholar
  21. [PQ03]
    Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: D.Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)Google Scholar
  22. [YJ00]
    Yen, S.-M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Bruno Robisson
    • 1
  • Pascal Manet
    • 1
  1. 1.CEA-LETI, SESAM Laboratory, Centre Microélectronique de Provence., Avenue des Anémones, 13541 GardanneFrance

Personalised recommendations