Skip to main content
SpringerLink
Log in

Fault Based Cryptanalysis of the Advanced Encryption Standard (AES)

  • Conference paper
Book cover Financial Cryptography (FC 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2742))

Included in the following conference series:

Abstract

In this paper we describe several fault attacks on the Advanced Encryption Standard (AES). First, using optical/eddy current fault induction attacks as recently publicly presented by Skorobogatov, Anderson and Quisquater, Samyde [SA, QS], we present an implementation independent fault attack on AES. This attack is able to determine the complete 128-bit secret key of a sealed tamper-proof smartcard by generating 128 faulty cipher texts. Second, we present several implementation-dependent fault attacks on AES. These attacks rely on the observation that due to the AES’s known timing analysis vulnerability (as pointed out by Koeune and Quisquater [KQ]), any implementation of the AES must ensure a data independent timing behavior for the so called AES’s xtime operation. We present fault attacks on AES based on various timing analysis resistant implementations of the xtime-operation. Our strongest attack in this direction uses a very liberal fault model and requires only 256 faulty encryptions to determine a 128-bit key.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R.: Security Engineering. John Wiley & Sons, New York (2001)

    Google Scholar 

  2. Aumüller, C., Bier, B., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA: Concrete results and practical countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 261–276. Springer, Heidelberg (2003)

    Google Scholar 

  3. Akkar, M.L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 315–324. Springer, Heidelberg (2001)

    Google Scholar 

  4. Anderson, R., Kuhn, M.: Tamper Resistance – a cautionary note. In: Proc. of 2nd USENIX Workshop on Electronic Commerce, pp. 1–11 (1996)

    Google Scholar 

  5. Anderson, R., Kuhn, M.: Low cost attacks attacks on tamper resistant devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  6. Boneh, D., DeMillo, R.A., Lipton, R.: On the Importance of Eliminating Errors in Cryptographic Computations. Journal of Cryptology 14(2), 101–120 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  7. Bao, F., Deng, R.H., Han, Y., Jeng, A., Narasimbalu, A.D., Ngair, T.: Breaking public key cryptosystems on tamper resistant dives in the presence of transient faults. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  9. Biham, E., Shamir, A.: Power analysis of the key scheduling of the AES candidates. In: Proc. of the second AES conference, pp. 115–121 (1999)

    Google Scholar 

  10. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  11. Clavier, C., Coron, J.-S., Dabbous, N.: Differential Power Analysis in the presence of Hardware Countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  12. Chari, S., Jutla, C., Rao, J.R., Rohatgi, P.J.: A cautionary note regarding evaluation of AES candidates on smartcards. In: Proc. of the second AES conference, pp. 135–150 (1999)

    Google Scholar 

  13. Coron, J.-S., Kocher, P., Naccache, D.: Statistics and Secret Leakage. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, p. 157. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Daemen, J., Rijmen, V.: Resistance against implementation attacks: a comparative study. In: Proc. of the second AES conference, pp. 122–132 (1999)

    Google Scholar 

  15. Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Berlin (2002)

    Book  MATH  Google Scholar 

  16. Grimmett, G.R., Stirzaker, D.R.: Probability and random processes. Oxford Science Publications, Oxford (1992)

    Google Scholar 

  17. Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: Proc. of 6th USENIX Security Symposium, pp. 77–89 (1997)

    Google Scholar 

  18. Gutmann, P.: Data Remanence in Semiconductor Devices. In: Proc. of 7th USENIX Security Symposium (1998)

    Google Scholar 

  19. International Organization for Standardization, ISO/IEC 7816-3: Electronic signals and transmission protocols (2002), http://www.iso.ch

  20. Kaliski, B., Robshaw, M.J.B.: Comments on some new attacks on cryptographic devices. RSA Laboratories Bulletin 5 (July 1997)

    Google Scholar 

  21. Kömmerling, O., Kuhn, M.: Design Principles for Tamper-Resistant Smartcard Processors. In: Proc. of the USENIX Workshop on Smartcard Technologies, pp. 9–20 (1999)

    Google Scholar 

  22. Koeune, F., Quisquater, J.-J.: A timing attack against Rijndael, Université catholique de Louvain, TR CG-1999/1, 6 pages (1999)

    Google Scholar 

  23. Kocar, O.: Hardwaresicherheit von Mikrochips in Chipkarten. Datenschutz und Datensicherheit 20(7), 421–424 (1996)

    Google Scholar 

  24. Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent error detection of faultbased side-channel cryptanalysis of 128-bit symmetric block ciphers. In: Proc. of IEEE Design Automation Conference, pp. 579–585 (2001)

    Google Scholar 

  25. Maher, D.P.: Fault induction attacks, tamper resistance, and hostile reverse engineering in perspective. In: Luby, M., Rolim, J.D.P., Serna, M. (eds.) FC 1997. LNCS, vol. 1318, pp. 109–121. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  26. Messerges, T.: Securing the AES finalists against power analysis attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 150–164. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  27. Moore, S.W., Anderson, R.J., Kuhn, M.G.: Improving Smartcard Security using Self-Timed Circuit Technology. In: Fourth AciD-WG Workshop, Grenoble (2000) ISBN 2-913329-44-6

    Google Scholar 

  28. Moore, S.W., Anderson, R.J., Cunningham, P., Mullins, R., Taylor, G.: Improving Smartcard Security using Self-Timed Circuit Technology. In: Proc. of Asynch 2002. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  29. Naccache, D., M’Raihi, D.: Cryptographic smart cards. IEEE Micro, 14–24 (1996)

    Google Scholar 

  30. Pailler, P.: Evaluating differential fault analysis of unknown cryptosystems. Gemplus Corporate Product R&D Division, TR AP05-1998, 8 pages (1999)

    Google Scholar 

  31. Petersen, I.: Chinks in digital armor — Exploiting faults to break smartcard cryptosystems. Science News 151(5), 78–79 (1997)

    Article  Google Scholar 

  32. Quisquater, J.-J., Samyde, D.: Eddy Current for Magnetic Analysis with Active Sensor. In: Proc. of Int. Conf. on Research in SmartCards (E-Smart 2002), Novamedia, pp. 185–194 (2002)

    Google Scholar 

  33. Samyde, D., Quisquater, J.-J.: ElectroMagnetic Analysis (EMA): Measures and Countermeasures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)

    Google Scholar 

  34. Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A compact Rijndael hardware architecture with S-Box optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 241–256. Springer, Heidelberg (2001)

    Google Scholar 

  35. Skorobogatov, S., Anderson, R.: Optical Fault Induction Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  36. Weste, N.H.E., Eshraghian, K.: Principles of CMOS VLSI Design, 2nd edn. Addison-Wesley, Reading (1994)

    Google Scholar 

  37. Wolkerstorfer, J.: An ASIC implementation of the AES MixColumnoperation. Graz University of Technology, Institute for Applied Information Processing and Communications, Manuscript, 4 pages (2001)

    Google Scholar 

  38. Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC implementation of the AES S-Boxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, p. 67. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  39. Yen, S.-M., Joye, M.: Checking before output not be enough against fault-based cryptanalysis. IEEE Trans. on Computer 49, 967–970 (2000)

    Article  Google Scholar 

  40. Yen, S.-M., Kim, S.-J., Lim, S.-G., Moon, S.-J.: RSA Speedup with Residue Number System immune from Hardware fault cryptanalysis. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, p. 397. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  41. Yen, S.-M., Kim, S.-J., Lim, S.-G., Moon, S.-J.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, p. 414. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  42. Yen, S.-M., Tseng, S.Y.: Differential power cryptanalysis of a Rijndael implementation. LCIS Technical Report TR-2K1-9, Dept. of Computer Science and Information Engineering, National Central University, Taiwan (2001)

    Google Scholar 

  43. Zheng, Y., Matsumoto, T.: Breaking real-world implementations of cryptosystems by manipulating their random number generation. In: Proc. of the 1997 Symposium on Cryptography and Information Security. LNCS. Springer, Heidelberg (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Paderborn, D-33095, Paderborn, Germany

    Johannes Blömer

  2. Infineon Technologies, Secure Mobile Solutions, D-81609, Munich, Germany

    Jean-Pierre Seifert

Authors
  1. Johannes Blömer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Pierre Seifert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and DIMACS, Rutgers University, 08854, Piscataway, NJ, USA

    Rebecca N. Wright

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Blömer, J., Seifert, JP. (2003). Fault Based Cryptanalysis of the Advanced Encryption Standard (AES). In: Wright, R.N. (eds) Financial Cryptography. FC 2003. Lecture Notes in Computer Science, vol 2742. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45126-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-45126-6_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40663-1

  • Online ISBN: 978-3-540-45126-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation