Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Constructive Side-Channel Analysis and Secure Design

COSADE 2013: Constructive Side-Channel Analysis and Secure Design pp 17–31Cite as

Electromagnetic Glitch on the AES Round Counter

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7864)

Abstract

This article presents a Round Addition Analysis on a software implementation of the Advanced Encryption Standard (aes) algorithm. The round keys are computed on-the-fly during each encryption. A non-invasive transient fault injection is achieved on the aes round counter. The attack is performed by injecting a very short electromagnetic glitch on a 32-bit microcontroller based on the arm Cortex-M3 processor. Using this experimental setup, we are able to disrupt the round counter increment at the end of the penultimate round and execute one additional round. This faulty execution enables us to recover the encryption key with only two pairs of corresponding correct and faulty ciphertexts.

Keywords

  • Advance Encryption Standard
  • Fault Injection
  • Fault Attack
  • Faulty Ciphertext
  • Fault Injection Attack

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ARM. ARM Debug Interface v5 (2008)

    Google Scholar 

  2. ARM. Documentation about Cortex-M3 processors (2010)

    Google Scholar 

  3. Bae, K., Moon, S., Choi, D., Choi, Y., Choi, D.-S., Ha, J.: Differential fault analysis on AES by round reduction. In: Proceedings of ICCIT 2011, pp. 607–612. IEEE (2011)

    Google Scholar 

  4. Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Proceedings of FDTC 2011, pp. 105–114 (2011)

    Google Scholar 

  5. Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures. In: Proceedings of the IEEE (2012)

    Google Scholar 

  6. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)

    CrossRef  Google Scholar 

  7. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)

    CrossRef  Google Scholar 

  8. Choukri, H., Tunstall, M.: Round reduction using faults. In: Proceedings of FDTC 2005, pp. 13–24 (2005)

    Google Scholar 

  9. Dehbaoui, A., Dutertre, J.-M., Robisson, B., Tria, A.: Electromagnetic transient faults injection on a hardware and a software implementations of AES. In: Proceedings of FDTC 2012, pp. 7–15. IEEE (2012)

    Google Scholar 

  10. Dutertre, J.-M., Mirbaha, A.-P., Naccache, D., Ribotta, A.-L., Tria, A., Vaschalde, T.: Fault round modification analysis of the advanced encryption standard. In: Proceedings of HOST 2012. IEEE (2012)

    Google Scholar 

  11. Kim, C.H., Quisquater, J.-J.: Fault attacks for CRT based RSA: New attacks, new results, and new countermeasures. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 215–228. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  12. NIST. Announcing the Advanced Encryption Standard (aes). Federal Information Processing Standards Publication, n. 197 (November 26, 2001)

    Google Scholar 

  13. Park, J., Moon, S., Choi, D., Kung, Y., Ha, J.: Differential fault analysis for round-reduced AES by fault injection. ETRI Journal 33(3), 434–442 (2011)

    CrossRef  Google Scholar 

  14. Poucheret, F., Tobich, K., Lisart, M., Robisson, B., Chusseau, L., Maurine, P.: Local and direct EM injection of power into CMOS integrated circuits. In: Proceedings of FDTC 2011. IEEE (2011)

    Google Scholar 

  15. Quisquater, J.-J., Samyde, D.: Eddy current for magnetic analysis with active sensor. In: Proceedings of Esmart 2002 (2002)

    Google Scholar 

  16. Schmidt, J.-M., Herbst, C.: A practical fault attack on square and multiply. In: Proceedings of FDTC 2008, pp. 53–58 (2008)

    Google Scholar 

  17. Schmidt, J.-M., Hutter, M.: Optical and EM fault-attacks on CRT-based RSA: Concrete results. In: Proceedings of Austrochip 2007, pp. 61–67. Verlag der Technischen Universität (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CEA-LETI, 880 Avenue de Mimet, F-13541, Gardanne, France

    Amine Dehbaoui, Nicolas Moro & Assia Tria

  2. École nationale supérieure des Mines de Saint-Étienne, 880 Avenue de Mimet, F-13541, Gardanne, France

    Amir-Pasha Mirbaha & Jean-Max Dutertre

Authors
  1. Amine Dehbaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amir-Pasha Mirbaha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicolas Moro
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Max Dutertre
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Assia Tria
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. ANSSI, 75007, Paris, France

    Emmanuel Prouff

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dehbaoui, A., Mirbaha, AP., Moro, N., Dutertre, JM., Tria, A. (2013). Electromagnetic Glitch on the AES Round Counter. In: Prouff, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2013. Lecture Notes in Computer Science, vol 7864. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40026-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40026-1_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40025-4

  • Online ISBN: 978-3-642-40026-1

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation