Skip to main content
SpringerLink
Log in

Two Efficient Fault-Based Attacks on CLOC and SILC

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

CLOC and SILC are two block cipher-based authenticated encryption schemes, submitted to the CAESAR competition, that aims to use low area buffer and handle short input efficiently. The designers of CLOC and SILC claimed \(\frac {n}{2}\)-bit integrity security against nonce-reusing adversaries, where n is the blockcipher state size in bits. In this paper, we present single fault-based almost universal forgeries on both CLOC and SILC with only one single bit fault at a fixed position of a specific blockcipher input. In the case of CLOC, the forgery can be done for almost any nonce, associated data and message triplet, except some nominal restrictions on associated data. In the case of SILC, the forgery can be done for almost any associated data and message, except some nominal restrictions on associated data along with a fixed nonce. Both the attacks on CLOC and SILC require several nonce-misusing encryption queries This attack is independent of the underlying block cipher and works on the encryption mode. In this paper, we also validate the proposed fault-based forgery methodology by performing actual fault attacks by electromagnetic pulse injection which shows practicality of the proposed forgery procedure. Next, we provide updated constructions that can resist the fault-based forgery on the mode assuming the underlying block cipher is fault resistant. Finally, we show that, if the underlying block cipher is not fault resistant, then for both CLOC and SILC, the key recovery can be done by injecting fault into the block cipher operations. We have considered the example with AES as the underlying block cipher. We would like to note that our attacks do not violate the designers’ claims as our attacks require fault. However, it shows some vulnerability of the schemes when fault is feasible.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

References

  1. Chakraborti A, Chang D, Dilip Kumar SV, Mukhopadhyay D, Nandi M CAESAR Competition. http://competitions.cr.yp.to/caesar.html

  2. Basu RD (2016) Fault Based Almost Universal Forgeries on CLOC and SILC. SPACE, 2016, Lecture Notes in Computer Science, 10076, 66–86

  3. Banik S, Maitra S (2012) A Differential Fault Attack on MICKEY 2.0, 215–232. CHES, 2013, Lecture Notes in Computer Science 8086, 2012

  4. Banik S, Maitra S, Sarkar S (2012) A differential fault attack on the grain family of stream ciphers, 122–139. CHES 2012, Lecture Notes in Computer Science 7428

  5. Debdeep M, Chakraborty RS (2014) Hardware Security: Design, Threats, and Safeguards. CRC Press, Boca Raton

    Google Scholar 

  6. Banik S, Maitra S, Sarkar S (2012) A Differential Fault Attack on the Grain Family under Reasonable Assumptions, INDOCRYPT, 2012 . Lect Notes Comput Sci 7668:191–208

    Article  MATH  Google Scholar 

  7. Patranabis S, Chakraborty A, Mukhopadhyay D, Chakrabarti PP (2017) Fault space transformation: a generic approach to counter differential fault analysis and differential fault intensity analysis on aes-like block ciphers. IEEE Trans Inf Forensics Secur 12:1092–1102

    Article  Google Scholar 

  8. Bellare M, Rogaway P, Wagner D (2004) The EAX Mode of Operation. Lect Notes Comput Sci 1233:37–51. FSE, 2004

    MATH  Google Scholar 

  9. Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. CRYPTO. Lect Notes Comput Sci 1294:513–525

    Article  MATH  Google Scholar 

  10. Biham E, Granboulan L, Nguyen PQ (2005) Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4. FSE. Lect Notes Comput Sci 3557:359–367

    Article  MATH  Google Scholar 

  11. Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: An Ultra-Lightweight Block Cipher. CHES. Lect Notes Comput Sci 4727:450–466

    Article  MATH  Google Scholar 

  12. Boneh D, DeMillo RA, Lipton RJ (1997) On the Importance of Checking Cryptographic Protocols for Faults. EUROCRYPT. Lect Notes Comput Sci 3017:389–407

    Google Scholar 

  13. Boneh D, DeMillo RA, Lipton RJ (2001) On the importance of eliminating errors in cryptgraphic computations. J Cryptol 2001:101–119

    Article  MATH  Google Scholar 

  14. Daemen J, Rijmen V (2000) Rijndael for AES. In: AES Candidate Conference 343–348

  15. Daemen J, Rijmen V (2002) The design of Rijndael: AES - the advanced encryption standard. Information security and cryptography. Springer, Berlin

    Book  MATH  Google Scholar 

  16. Dusart P, Letourneux G, Vivolo O (2003) Differential Fault Analysis on A.E.S. ACNS. Lect Notes Comput Sci 2846:293–306

    Article  MATH  Google Scholar 

  17. Dworkin M (2004) Recommendation for block cipher modes of operation: The CCM mode for authentication and confidentiality, nist special publication 800-38C

  18. Guo J, Peyrin T, Poschmann A, Robshaw M (2011) The LED Block Cipher. CHES. Lect Notes Comput Sci 6917:326–341

    Article  MATH  Google Scholar 

  19. Hemme L, Hoffman L, Lee C (2011) Differential Fault Analysis on the SHA1 Compression Function. FDTC, 11 54–62

  20. Hoch J, Shamir A (2004) Fault Analysis of Stream Ciphers. CHES. Lect Notes Comput Sci 3156:41–51

    MATH  Google Scholar 

  21. Hojsik M, Rudolf B (2008) Floating fault analysis of Trivium. INDOCRYPT. Lect Notes Comput Sci 5365:239–250

    Article  MATH  Google Scholar 

  22. Hojsik M, Rudolf B (2008) Differential fault analysis of Trivium. FSE. Lect Notes Comput Sci 5086:158–172

    Article  MATH  Google Scholar 

  23. Iwata T, Minematsu K, Guo J, Morioka S, Kobayashi E Re: Fault Based Forgery on CLOC and SILC. https://groups.google.com/forum/#!searchin/crypto-competitions/tetsu20iwata/crypto-competitions/_qxORmqcSrY/L47qfEdY9uoJ

  24. Iwata T, Minematsu K, Guo J, Morioka S, Kobayashi E (2014) SILC: SImple Lightweight CFB. http://competitions.cr.yp.to/round1/silcv1.pdf

  25. Iwata T, Minematsu K, Guo J, Morioka S, Kobayashi E (2014) CLOC: Compact Low-Overhead CFB. http://competitions.cr.yp.to/round1/clocv1.pdf

  26. Jeong K, Lee C (2012) Differential Fault Analysis on Block Cipher LED-64. FutureTech, 12. Lect Notes in Electr Eng 164:747–755

    Article  Google Scholar 

  27. Jovanovic P, Kreuzer M, Poilan I, Lee C (2012) A Fault Attack on the LED Block Cipher. COSADE, 12. Lect Notes Comput Sci 7275:120–134

    Article  Google Scholar 

  28. Minematsu K, Lucks S, Iwata T (2013) Improved Authenticity Bound of EAX, and Refinements. Provsec. Lect Notes Comput Sci 8209:184–201

    Article  MATH  Google Scholar 

  29. Moise A, Beroset E, Phinney T, Burns M (2011) EAX Cipher Mode. NIST Submission, 2011. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax-prime/eax-prime-spec.pdf. Technique against SPN Structures with Application to the AES and KHAZAD

  30. Piret G, Quisquater J. J. (2003) Differential Fault Attack. CHES. Lect Notes Comput Sci 2779:77–88

    Article  MATH  Google Scholar 

  31. Saha D, Kuila S, Roy Chowdhury D (2014) EscApe: Diagonal Fault Analysis of APE. INDOCRYPT, 2014. Lect Notes Comput Sci 8885:197–216

    Article  MATH  Google Scholar 

  32. Suzaki T, Minematsu K, Morioka S, Kobayashi E (2012) TWINE: A Lightweight Block Cipher for Multiple Platforms. SAC, 2012. Lect Notes Comput Sci 7707:339–354

    Article  MATH  Google Scholar 

  33. Tunstall M, Mukhopadhyay D, Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault workshop on security and privacy of mobile devices in wireless communication. Lect Notes Comput Sci 6633:224–233

    Article  Google Scholar 

  34. Whiting D, Houeley R, Ferguson N (2002) Counter with CBC-MAC Submission to NIST (2002). http://csrc.nist.gov/groups/ST/toolkit/BCM/modesdevelopment.html

  35. Agoyan M, Dutertre J-M, Mirbaha A-P, Tria A (2010) How to Flip a Bit? On-Line Testing Symposium (IOLTS). In: 2010 IEEE 16th International

  36. Fournier JJA, Moore S, Li H, Mullins R, Taylor G Security evaluation of asynchronous circuits, Cryptographic hardware and embedded systems

  37. Skorobogatov SP, Anderson RJ (2002) Optical fault induction attacks, Cryptographic hardware and embedded systems

  38. Skorobogatov S (2009) Local heating attacks on flash memory devices. In: IEEE International Workshop on Hardware-Oriented Security and Trust

  39. Dehbaoui A, Dutertre J-M, Robisson B, Tria A (2012) Electromagnetic transient faults injection on a hardware and a software implementations of AES fault diagnosis and tolerance

  40. Moro N, Dehbaoui A, Heydemann K, Robisson B, Encrenaz E (2014) Electromagnetic fault injection: towards a fault model on a 32-bit micro-controller. arXiv:1402.6421

  41. Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures proceedings of the IEEE pp 3056–3076

  42. Zajic A, Prvulovic M, Chu D (2017) Path loss prediction for electromagnetic side-channel signals. In: 11th European Conference on Antennas and Propagation (EUCAP) pp 3877–3881

  43. Callan R, Zajic A, Prvulovic M (2014) A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In: 47th Annual IEEE/ACM international symposium on microarchitecture pp 242–254

Download references

Acknowledgments

Avik Chakraborti and Mridul Nandi are supported by the Centre of Excellence in Cryptology, Indian Statistical Institute, Kolkata. We would also like to thank the reviewers for their useful comments on our paper.

Author information

Authors and Affiliations

  1. Indian Institute of Technology, Kharagpur, India

    Debapriya Basu Roy, S. V. Dilip Kumar & Debdeep Mukhopadhyay

  2. Indian Statistical Institute, Kolkata, India

    Avik Chakraborti & Mridul Nandi

  3. Indraprastha Institute of Information Technology, Delhi, India

    Donghoon Chang

Authors
  1. Debapriya Basu Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Avik Chakraborti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Donghoon Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. S. V. Dilip Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Debdeep Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Mridul Nandi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Debapriya Basu Roy.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Roy, D.B., Chakraborti, A., Chang, D. et al. Two Efficient Fault-Based Attacks on CLOC and SILC . J Hardw Syst Secur 1, 252–268 (2017). https://doi.org/10.1007/s41635-017-0022-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-017-0022-1

Keywords

Search

Navigation