Abstract
CLOC and SILC are two block cipher-based authenticated encryption schemes, submitted to the CAESAR competition, that aims to use low area buffer and handle short input efficiently. The designers of CLOC and SILC claimed \(\frac {n}{2}\)-bit integrity security against nonce-reusing adversaries, where n is the blockcipher state size in bits. In this paper, we present single fault-based almost universal forgeries on both CLOC and SILC with only one single bit fault at a fixed position of a specific blockcipher input. In the case of CLOC, the forgery can be done for almost any nonce, associated data and message triplet, except some nominal restrictions on associated data. In the case of SILC, the forgery can be done for almost any associated data and message, except some nominal restrictions on associated data along with a fixed nonce. Both the attacks on CLOC and SILC require several nonce-misusing encryption queries This attack is independent of the underlying block cipher and works on the encryption mode. In this paper, we also validate the proposed fault-based forgery methodology by performing actual fault attacks by electromagnetic pulse injection which shows practicality of the proposed forgery procedure. Next, we provide updated constructions that can resist the fault-based forgery on the mode assuming the underlying block cipher is fault resistant. Finally, we show that, if the underlying block cipher is not fault resistant, then for both CLOC and SILC, the key recovery can be done by injecting fault into the block cipher operations. We have considered the example with AES as the underlying block cipher. We would like to note that our attacks do not violate the designers’ claims as our attacks require fault. However, it shows some vulnerability of the schemes when fault is feasible.
Similar content being viewed by others
References
Chakraborti A, Chang D, Dilip Kumar SV, Mukhopadhyay D, Nandi M CAESAR Competition. http://competitions.cr.yp.to/caesar.html
Basu RD (2016) Fault Based Almost Universal Forgeries on CLOC and SILC. SPACE, 2016, Lecture Notes in Computer Science, 10076, 66–86
Banik S, Maitra S (2012) A Differential Fault Attack on MICKEY 2.0, 215–232. CHES, 2013, Lecture Notes in Computer Science 8086, 2012
Banik S, Maitra S, Sarkar S (2012) A differential fault attack on the grain family of stream ciphers, 122–139. CHES 2012, Lecture Notes in Computer Science 7428
Debdeep M, Chakraborty RS (2014) Hardware Security: Design, Threats, and Safeguards. CRC Press, Boca Raton
Banik S, Maitra S, Sarkar S (2012) A Differential Fault Attack on the Grain Family under Reasonable Assumptions, INDOCRYPT, 2012 . Lect Notes Comput Sci 7668:191–208
Patranabis S, Chakraborty A, Mukhopadhyay D, Chakrabarti PP (2017) Fault space transformation: a generic approach to counter differential fault analysis and differential fault intensity analysis on aes-like block ciphers. IEEE Trans Inf Forensics Secur 12:1092–1102
Bellare M, Rogaway P, Wagner D (2004) The EAX Mode of Operation. Lect Notes Comput Sci 1233:37–51. FSE, 2004
Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. CRYPTO. Lect Notes Comput Sci 1294:513–525
Biham E, Granboulan L, Nguyen PQ (2005) Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4. FSE. Lect Notes Comput Sci 3557:359–367
Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: An Ultra-Lightweight Block Cipher. CHES. Lect Notes Comput Sci 4727:450–466
Boneh D, DeMillo RA, Lipton RJ (1997) On the Importance of Checking Cryptographic Protocols for Faults. EUROCRYPT. Lect Notes Comput Sci 3017:389–407
Boneh D, DeMillo RA, Lipton RJ (2001) On the importance of eliminating errors in cryptgraphic computations. J Cryptol 2001:101–119
Daemen J, Rijmen V (2000) Rijndael for AES. In: AES Candidate Conference 343–348
Daemen J, Rijmen V (2002) The design of Rijndael: AES - the advanced encryption standard. Information security and cryptography. Springer, Berlin
Dusart P, Letourneux G, Vivolo O (2003) Differential Fault Analysis on A.E.S. ACNS. Lect Notes Comput Sci 2846:293–306
Dworkin M (2004) Recommendation for block cipher modes of operation: The CCM mode for authentication and confidentiality, nist special publication 800-38C
Guo J, Peyrin T, Poschmann A, Robshaw M (2011) The LED Block Cipher. CHES. Lect Notes Comput Sci 6917:326–341
Hemme L, Hoffman L, Lee C (2011) Differential Fault Analysis on the SHA1 Compression Function. FDTC, 11 54–62
Hoch J, Shamir A (2004) Fault Analysis of Stream Ciphers. CHES. Lect Notes Comput Sci 3156:41–51
Hojsik M, Rudolf B (2008) Floating fault analysis of Trivium. INDOCRYPT. Lect Notes Comput Sci 5365:239–250
Hojsik M, Rudolf B (2008) Differential fault analysis of Trivium. FSE. Lect Notes Comput Sci 5086:158–172
Iwata T, Minematsu K, Guo J, Morioka S, Kobayashi E Re: Fault Based Forgery on CLOC and SILC. https://groups.google.com/forum/#!searchin/crypto-competitions/tetsu20iwata/crypto-competitions/_qxORmqcSrY/L47qfEdY9uoJ
Iwata T, Minematsu K, Guo J, Morioka S, Kobayashi E (2014) SILC: SImple Lightweight CFB. http://competitions.cr.yp.to/round1/silcv1.pdf
Iwata T, Minematsu K, Guo J, Morioka S, Kobayashi E (2014) CLOC: Compact Low-Overhead CFB. http://competitions.cr.yp.to/round1/clocv1.pdf
Jeong K, Lee C (2012) Differential Fault Analysis on Block Cipher LED-64. FutureTech, 12. Lect Notes in Electr Eng 164:747–755
Jovanovic P, Kreuzer M, Poilan I, Lee C (2012) A Fault Attack on the LED Block Cipher. COSADE, 12. Lect Notes Comput Sci 7275:120–134
Minematsu K, Lucks S, Iwata T (2013) Improved Authenticity Bound of EAX, and Refinements. Provsec. Lect Notes Comput Sci 8209:184–201
Moise A, Beroset E, Phinney T, Burns M (2011) EAX′ Cipher Mode. NIST Submission, 2011. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax-prime/eax-prime-spec.pdf. Technique against SPN Structures with Application to the AES and KHAZAD
Piret G, Quisquater J. J. (2003) Differential Fault Attack. CHES. Lect Notes Comput Sci 2779:77–88
Saha D, Kuila S, Roy Chowdhury D (2014) EscApe: Diagonal Fault Analysis of APE. INDOCRYPT, 2014. Lect Notes Comput Sci 8885:197–216
Suzaki T, Minematsu K, Morioka S, Kobayashi E (2012) TWINE: A Lightweight Block Cipher for Multiple Platforms. SAC, 2012. Lect Notes Comput Sci 7707:339–354
Tunstall M, Mukhopadhyay D, Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault workshop on security and privacy of mobile devices in wireless communication. Lect Notes Comput Sci 6633:224–233
Whiting D, Houeley R, Ferguson N (2002) Counter with CBC-MAC Submission to NIST (2002). http://csrc.nist.gov/groups/ST/toolkit/BCM/modesdevelopment.html
Agoyan M, Dutertre J-M, Mirbaha A-P, Tria A (2010) How to Flip a Bit? On-Line Testing Symposium (IOLTS). In: 2010 IEEE 16th International
Fournier JJA, Moore S, Li H, Mullins R, Taylor G Security evaluation of asynchronous circuits, Cryptographic hardware and embedded systems
Skorobogatov SP, Anderson RJ (2002) Optical fault induction attacks, Cryptographic hardware and embedded systems
Skorobogatov S (2009) Local heating attacks on flash memory devices. In: IEEE International Workshop on Hardware-Oriented Security and Trust
Dehbaoui A, Dutertre J-M, Robisson B, Tria A (2012) Electromagnetic transient faults injection on a hardware and a software implementations of AES fault diagnosis and tolerance
Moro N, Dehbaoui A, Heydemann K, Robisson B, Encrenaz E (2014) Electromagnetic fault injection: towards a fault model on a 32-bit micro-controller. arXiv:1402.6421
Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures proceedings of the IEEE pp 3056–3076
Zajic A, Prvulovic M, Chu D (2017) Path loss prediction for electromagnetic side-channel signals. In: 11th European Conference on Antennas and Propagation (EUCAP) pp 3877–3881
Callan R, Zajic A, Prvulovic M (2014) A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In: 47th Annual IEEE/ACM international symposium on microarchitecture pp 242–254
Acknowledgments
Avik Chakraborti and Mridul Nandi are supported by the Centre of Excellence in Cryptology, Indian Statistical Institute, Kolkata. We would also like to thank the reviewers for their useful comments on our paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Roy, D.B., Chakraborti, A., Chang, D. et al. Two Efficient Fault-Based Attacks on CLOC and SILC . J Hardw Syst Secur 1, 252–268 (2017). https://doi.org/10.1007/s41635-017-0022-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-017-0022-1