Abstract
This article describes concrete results and practically validated countermeasures concerning differential fault attacks on RSA using the CRT. We investigate smartcards with an RSA coprocessor where any hardware countermeasures to defeat fault attacks have been switched off. This scenario was chosen in order to analyze the reliability of software countermeasures. We start by describing our laboratory setting for the attacks. Hereafter, we describe the experiments and results of a straightforward implementation of a well-known countermeasure. This implementation turned out to be not sufficient. With the data obtained by these experiments we developed a practical error model. This enabled us to specify enhanced software countermeasures for which we were not able to produce any successful attacks on the investigated chips. Nevertheless, we are convinced that only sophisticated hardware countermeasures (sensors, filters, etc.) in combination with software countermeasures will be able to provide security.
Chapter PDF
Similar content being viewed by others
Keywords
References
R. Anderson, Security Engineering, John Wiley & Sons, New York, 2001.
R. Anderson, M. Kuhn, “Tamper Resistance-a cautionary note”, Proc. of 2nd USENIX Workshop on Electronic Commerce, pp. 1–11, 1996.
R. Anderson, M. Kuhn, “Low cost attacks attacks on tamper resistant devices”, Proc. of 1997 Security Protocols Workshop, Springer LNCS vol. 1361, pp. 125–136, 1997.
D. Boneh, R. A. DeMillo, R. Lipton, “On the Importance of Eliminating Errors in Cryptographic Computations” Journal of Cryptology 14(2):101–120, 2001.
F. Bao, R. H. Deng, Y. Han, A. Jeng, A. D. Narasimbalu, T. Ngair, “Breaking public key cryptosystems on tamper resistant dives in the presence of transient faults”, Proc. of 1997 Security Protocols Workshop, Springer LNCS vol. 1361, pp. 115–124, 1997.
M. Bellare, P. Rogaway, “The exact security of digital signatures-how to sign with RSA and Rabin”, Proc. of EUROCRYPTO’ 96, Springer LNCS vol. 1070, pp. 399–416, 1996.
E. Biham, A. Shamir, “Differential fault analysis of secret key cryptosystems”, Proc. of CRYPTO’ 97, Springer LNCS vol. 1294, pp. 513–525, 1997.
I. Biehl, B. Meyer, V. Müller, “Differential fault attacks on elliptic curve cryptosystems”, Proc. of CRYPTO’ 00, Springer LNCS vol. 1880, pp. 131–146, 2000.
J. Blömer, A. May, J.-P. Seifert, personal communication, April 2002.
C. Couvreur, J.-J. Quisquater, “Fast decipherment algorithm for RSA public-key cryptosystem”, Electronics Letters 18(21):905–907, 1982.
W. Fischer, J.-P. Seifert, “Note on fast computation of secret RSA exponents”, Proc. of ACISP’ 02, Springer LNCS vol. 2384, pp. 136–143, 2002.
K. Gandol., C. Mourtel, F. Olivier, “Electromagnetic analysis: Concrete results”, Proc. of CHES’ 01, Springer LNCS vol. 2162, pp. 255–265, 2001.
P. Gutmann, “Secure deletion of data from magnetic and solid-state memory”, Proc. of 6th USENIX Security Symposium, pp. 77–89, 1997.
P. Gutmann, “Data Remanence in Semiconductor Devices”, Proc. of 7th USENIX Security Symposium, 1998.
H. Handschuh, P. Pailler, “Smart Card Crypto-Coprocessors for Public-Key Cryptography”, CryptoBytes 4(1):6–11, 1998.
H. Handschuh, P. Pailler, “Smart Card Crypto-Coprocessors for Public-Key Cryptography”, Proc. of CARDIS’ 98, Springer LNCS vol. 1820, pp. 372–379, 1998.
International Organization for Standardization, “eISO/IEC 7816-3: Electronic signals and transmission protocols”, http://www.iso.ch, 2002.
M. Joye, A. K. Lenstra, J.-J. Quisquater, “Chinese remaindering based cryptosystem in the presence of faults”, Journal of Cryptology 12(4):241–245, 1999.
M. Joye, P. Pailler, S.-M. Yen, “Secure Evaluation of Modular Functions”, Proc. of 2001 International Workshop on Cryptology and Network Security, pp. 227–229, 2001.
M. Joye, J.-J. Quisquater, F. Bao, R. H. Deng, “RSA-type signatures in the presence of transient faults”, Cryptography and Coding, Springer LNCS vol. 1335, pp. 155–160, 1997.
M. Joye, J.-J. Quisquater, S. M. Yen, M. Yung, “Observability analysis-detecting when improved cryptosystems fail”, Proc. of CT-RSA Conference 2002, Springer LNCS vol. 2271, pp. 17–29, 2002.
B. Kaliski, M. J. B. Robshaw, “Comments on some new attacks on cryptographic devices”, RSA Laboratories Bulletin 5, July 1997.
D. E. Knuth, The Art of Computer Programming, Vol.2: Seminumerical Algorithms, 3rd ed., Addison-Wesley, Reading MA, 1999.
O. Kocar, “Hardwaresicherheit von Mikrochips in Chipkarten”, Datenschutz und Datensicherheit 20(7):421–424, 1996.
P. Kocher, “Timing attacks on implementations of Diffie-Hellmann, RSA, DSS and other systems”, Proc. of CYRPTO’ 97, Springer LNCS vol. 1109, pp. 104–113, 1997.
P. Kocher, J. Jaffe, J. Jun, “Differential Power Analysis”, Proc. of CYRPTO’ 99, Springer LNCS vol. 1666, pp. 388–397, 1999.
D. P. Maher, “Fault induction attacks, tamper resistance, and hostile reverse engineering in perspective”, Proc. of Financial Cryptography, Springer LNCS vol. 1318, pp. 109–121, 1997.
A. J. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, New York, 1997.
D. Naccache, D. M'Raihi, “Cryptographic smart cards”, IEEE Micro, pp. 14–24, 1996.
I. Petersen, “Chinks in digital armor-Exploiting faults to break smartcard cryptosystems”, Science News 151(5):78–79, 1997.
T. Rosa, “Future Cryptography: Standards are not enough”, Proc. of Security and Protection of Information 2001, pp. 237–245, 2001.
R. Rivest, A. Shamir, L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Comm. of the ACM 21:120–126, 1978.
D. Samyde, J.-J. Quisquater, “ElectroMagnetic Analysis (EMA): Measures and Countermeasures for Smart Cards”, Proc. of Int. Conf. on Research in Smart Cards, E-Smart 2001, Springer LNCS vol. 2140, pp. 200–210, 2001.
A. Shamir, “Method and Apparatus for protecting public key schemes from timing and fault attacks”, U.S. Patent Number 5,991,415, November 1999; also presented at the rump session of EUROCRYPT’97.
S.-M. Yen, M. Joye, “Checking before output may not be enough against fault-based cryptanalysis”, IEEE Trans. on Computers 49:967–970, 2000.
S.-M. Yen, S.-J. Kim, S.-G. Lim, S.-J. Moon, “RSA Speedup with Residue Number System immune from Hardware fault cryptanalysis”, Proc. of the ICISC 2001, Springer LNCS vol. 2288, pp. 397–413, 2001.
S.-M. Yen, S.-J. Kim, S.-G. Lim, S.-J. Moon, “A countermeasure against one physical cryptanalysis may benefit another attack”, Proc. of the ICISC 2001, Springer LNCS vol. 2288, pp. 414–427, 2001.
Y. Zheng, T. Matsumoto, “Breaking real-world implementations of cryptosystems by manipulating their random number generation”, Proc. of the 1997 Symposium on Cryptography and Information Security, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, JP. (2003). Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In: Kaliski, B.S., Koç, ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems - CHES 2002. CHES 2002. Lecture Notes in Computer Science, vol 2523. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36400-5_20
Download citation
DOI: https://doi.org/10.1007/3-540-36400-5_20
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00409-7
Online ISBN: 978-3-540-36400-9
eBook Packages: Springer Book Archive