Advertisement

Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output

  • Benedikt Gierlichs
  • Jörn-Marc Schmidt
  • Michael Tunstall
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7533)

Abstract

Implementation attacks pose a serious threat for the security of cryptographic devices and there are a multitude of countermeasures that are used to prevent them. Two countermeasures used in implementations of block ciphers to increase the complexity of such attacks are the use of dummy rounds and redundant computation with consistency checks to prevent fault attacks. In this paper we present several countermeasures based on the idea of infective computation. Our countermeasures ensure that a fault injected into a cipher, dummy, or redundant round will infect the ciphertext such that an attacker cannot derive any information on the secret key being used. This has one clear advantage: the propagation of faults prevents an attacker from being able to conduct any fault analysis on any corrupted ciphertexts. As a consequence, there is no need for any test at the end of an implementation to determine if a fault has been injected and a ciphertext can always be returned.

Keywords

Implementation Attacks Dummy Rounds Infective Computation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Goubin, L., Patarin, J.: DES and Differential Power Analysis: the “Duplication” Method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Blömer, J., Seifert, J.-P.: Fault Based Cryptanalysis of the Advanced Encryption Standard (AES). In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 162–181. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  10. 10.
    Clavier, C.: Secret External Encodings Do Not Prevent Transient Fault Analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 181–194. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Yen, S.-M., Joye, M.: Checking Before Output Not be Enough Against Fault Based Cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2000)CrossRefGoogle Scholar
  13. 13.
    Karpovsky, M.G., Kulikowski, K.J., Taubin, A.: Robust Protection Against Fault-Injection Attacks on Smart Cards Implementing the Advanced Encryption Standard. In: International Conference on Dependable Systems and Networks (DSN 2004), pp. 93–101. IEEE (2004)Google Scholar
  14. 14.
    Genelle, L., Giraud, C., Prouff, E.: Securing AES Implementation Against Fault Attacks. In: Naccache, D., Oswald, E. (eds.) Fault Diagnosis and Tolerance in Cryptography, pp. 51–62. IEEE (2009)Google Scholar
  15. 15.
    Malkin, T., Standaert, F.-X., Yung, M.: A Comparative Cost/Security Analysis of Fault Attack Countermeasures. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 159–172. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Medwed, M., Schmidt, J.-M.: A Continuous Fault Countermeasure for AES Providing a Constant Error Detection Rate. In: Breveglieri, L., Joye, M., Koren, I., Naccache, D., Verbauwhede, I. (eds.) Fault Diagnosis and Tolerance in Cryptography, pp. 66–71. IEEE (2010)Google Scholar
  17. 17.
    Kim, C.H., Quisquater, J.-J.: Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 215–228. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    van Woudenberg, J.G.J., Witteman, M.F., Menarini, F.: Practical Optical Fault Injection on Secure Microcontrollers. In: Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.) Fault Diagnosis and Tolerance in Cryptography, pp. 91–99. IEEE (2011)Google Scholar
  19. 19.
    FIPS PUB 197: Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA (2001)Google Scholar
  20. 20.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael. In: AES Round 1 Technical Evaluation CD-1: Documentation, NIST (August 1998), http://www.nist.gov/aes
  21. 21.
    Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    NIST: Data Encryption Standard (DES) (FIPS–46-3). National Institute of Standards and Technology (1999)Google Scholar
  23. 23.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  24. 24.
    Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 172–186. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Kim, C.H., Quisquater, J.-J.: New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 48–60. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Derbez, P., Fouque, P.-A., Leresteux, D.: Meet-in-the-Middle and Impossible Differential Fault Analysis on AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 274–291. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  27. 27.
    Rivain, M.: Differential Fault Analysis on DES Middle Rounds. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 457–469. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Benedikt Gierlichs
    • 1
  • Jörn-Marc Schmidt
    • 2
  • Michael Tunstall
    • 3
  1. 1.Dept. Electrical Engineering-ESAT/SCD-COSIC and IBBTKU LeuvenLeuven-HeverleeBelgium
  2. 2.Institute for Applied Information Processing and CommunicationsGraz University of TechnologyGrazAustria
  3. 3.Department of Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations