Abstract
In this work, we introduce fault attacks on PRESENT with faulty ciphertexts-only. In contrast to current differential fault attacks on PRESENT, which are mostly chosen-plaintext attacks, our fault attacks do not require the knowledge of the plaintexts to recover the secret key. This is a typical scenario when plaintexts are not easily accessible for the attacker, like in the case of smart devices for the upcoming Internet-of-Things (IoT) era where input data are mostly assembled within the cryptographic device, or when protocol-level countermeasures are deployed to prevent chosen-plaintext attacks explicitly. Our attacks work under the assumption that the attacker is able to bias the (nibble-wise) distribution of intermediate states in the final rounds of PRESENT by careful fault injections. To support our statements, we provide a detailed simulation analysis to estimate the practical attack complexities of (faulty) ciphertext-only fault attacks on PRESENT-80 discussing different fault injection scenarios. In the best case analysis (worst-case security scenario), only two faulty ciphertexts and negligible computational time are required to recover the entire secret key.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The attacker can (possibly) exploit faulty intermediate states in different rounds obtained by injecting faults across different cryptographic computations and it is not required to inject multiple faults during the same cryptographic operation.
References
Akyildiz, I., Su, W., Sankarasubramaniam, Y., Cayirci, E.: A survey on sensor networks. IEEE Commun. Mag. 40(8), 102–114 (2002)
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
Avoine, G., Kara, O. (eds.): LightSec 2013. LNCS, vol. 8162. Springer, Heidelberg (2013)
Bagheri, N., Ebrahimpour, R., Ghaedi, N.: New differential fault analysis on present. EURASIP J. Adv. Signal Process. 2013(1), 1–10 (2013). http://dx.doi.org/10.1186/1687-6180-2013-145
Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 105–114, September 2011
Barenghi, A., Bertoni, G., Breveglieri, L., Pellicioli, M., Pelosi, G.: Low voltage fault attacks to aes. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 7–12, June 2010
Barenghi, A., Hocquet, C., Bol, D., Standaert, F.-X., Regazzoni, F., Koren, I.: Exploring the feasibility of low cost fault injection attacks on sub-threshold devices through an example of a 65nm AES implementation. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 48–60. Springer, Heidelberg (2012). http://dx.doi.org/10.1007/978-3-642-25286-0_4
Bassi, A., Horn, G.: Internet of things in 2020: A roadmap for the future. European Commission: Information Society and Media (2008)
Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). http://dx.doi.org/10.1007/3-540-44598-6_8
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). http://dx.doi.org/10.1007/BFb0052259
Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). http://dx.doi.org/10.1007/978-3-540-74735-2_31
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). http://dx.doi.org/10.1007/3-540-69053-0_4
Fischer, W., Schmidt, J.M. (eds.): 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, 20 August 2013. IEEE (2013)
Fuhr, T., Jaulmes, E., Lomne, V., Thillard, A.: Fault attacks on aes with faulty ciphertexts only. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 108–118, August 2013
Gu, D., Li, J., Li, S., Ma, Z., Guo, Z., Liu, J.: Differential fault analysis on lightweight blockciphers with statistical cryptanalysis techniques. In: Bertoni, G., Gierlichs, B. (eds.) 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, Leuven, Belgium, 9 September 2012, pp. 27–33. IEEE (2012)
Guilley, S., Sauvage, L., Danger, J.L., Selmane, N.: Fault injection resilience. In: 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 51–65, August 2010
Harpes, C., Kramer, G.G., Massey, J.L.: A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 24–38. Springer, Heidelberg (1995)
Hutter, M., Schmidt, J.M.: The temperature side channel and heating fault attacks. Cryptology ePrint Archive, Report 2014/190 (2014). http://eprint.iacr.org/
ISO: Information technology – security techniques – lightweight cryptography – part 2: Block ciphers. ISO/IEC 29192–2:2012, International Organization for Standardization, Geneva, Switzerland (2012)
Junod, P.: Statistical cryptanalysis of block ciphers. Ph.D. thesis, IC, Lausanne (2005)
Li, J., Gu, D.: Differential fault analysis on present. In: CHINACRYPT 2009, pp. 3–13 (2009)
Maistri, P.: Countermeasures against fault attacks: the good, the bad, and the ugly. In: Proceedings of the 2011 IEEE 17th International On-Line Testing Symposium, IOLTS 2011, p. 134137. IEEE Computer Society, Washington, DC (2011). http://dx.doi.org/10.1109/IOLTS.2011.5993825
Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., Encrenaz, E.: Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 77–88. IEEE (2013)
Mukhopadhyay, D.: An improved fault based attack of the advanced encryption standard. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 421–434. Springer, Heidelberg (2009). http://dx.doi.org/10.1007/978-3-642-02384-2_26
Neve, M., Peeters, E., Samyde, D., Quisquater, J.J.: Memories: a survey of their secure uses in smart cards. In: Proceedings of the Second IEEE International Security in Storage Workshop, 2003, SISW 2003, pp. 62–62. IEEE (2003)
Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003). http://dx.doi.org/10.1007/978-3-540-45238-6_7
Rivain, M.: Differential fault analysis on DES middle rounds. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 457–469. Springer, Heidelberg (2009). http://dx.doi.org/10.1007/978-3-642-04138-9_32
Schmidt, J.M., Hutter, M.: Optical and em fault-attacks on crt-based rsa: concrete results. In: Karl C. Posch, J.W. (ed.) Austrochip 2007, 15th Austrian Workhop on Microelectronics, Proceedings, Graz, Austria, 11 October 2007, pp. 61–67. Verlag der Technischen Universität Graz (2007)
Schmidt, J.M., Hutter, M., Plos, T.: Optical fault attacks on aes: a threat in violet. In: Naccache, D., Oswald, E. (eds.) 6th Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC 2009, pp. 13–22. IEEE-CS Press (2009)
Skorobogatov, S.: Flash memory ‘bumping’ attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 158–172. Springer, Heidelberg (2010). http://dx.doi.org/10.1007/978-3-642-15031-9_11
Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). http://dx.doi.org/10.1007/978-3-642-01001-9_26
Wang, G., Wang, S.: Differential fault analysis on present key schedule. In: Proceedings of the 2010 International Conference on Computational Intelligence and Security, CIS 2010, pp. 362–366. IEEE Computer Society, Washington, DC (2010). http://dx.doi.org/10.1109/CIS.2010.84
Zhao, X., Guo, S., Wang, T., Zhang, F., Shi, Z.: Fault-propagate pattern based dfa on present and printcipher. Wuhan Univ. J. Nat. Sci. 17(6), 485–493 (2012). http://dx.doi.org/10.1007/s11859-012-0875-7
Acknowledgements
The authors would like to thank the anonymous reviewers for their valuable comments and suggestions. This work has been funded in part by the German Federal Ministry of Education and Research 163Y1200D (HIVE).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Fault Propagation in the Datapath of PRESENT
B Probability Distributions of Faulty Intermediate Nibbles
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
De Santis, F., Guillen, O.M., Sakic, E., Sigl, G. (2015). Ciphertext-Only Fault Attacks on PRESENT. In: Eisenbarth, T., Öztürk, E. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2014. Lecture Notes in Computer Science(), vol 8898. Springer, Cham. https://doi.org/10.1007/978-3-319-16363-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-16363-5_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16362-8
Online ISBN: 978-3-319-16363-5
eBook Packages: Computer ScienceComputer Science (R0)