Fault analysis attack on an FPGA AES implementation

2009

The present paper develops an attack on the AES algorithm, exploiting multiple byte faults in the state matrix. The work shows that inducing a random fault anywhere in one of the four diagonals of the state matrix at the input of the eighth round of the cipher leads to the deduction of the entire AES key. We also propose a more generalized fault attack which works if the fault induction does not stay confined to one diagonal. To the best of our knowledge, we present for the first time actual chip results for a fault attack on an iterative AES hardware running on a Xilinx FPGA platform. We show that when the fault stays within a diagonal, the AES key can be deduced with a brute force complexity of approximately 2 32 , which was successfully performed in about 400 seconds on an Intel Xeon Server with 8 cores. We show further that even if the fault induction corrupts two or three diagonals, 2 and 4 faulty ciphertexts are necessary to uniquely identify the correct key.

Cryptographic Hardware and Embedded Systems, 2006

In this paper we describe two differential fault attack techniques against Advanced Encryption Standard (AES). We propose two models for fault occurrence; we could find all 128 bits of key using one of them and only 6 faulty ciphertexts. We need approximately 1500 faulty ciphertexts to discover the key with the other fault model. Union of these models covers all faults that can occur in the 9th round of encryption algorithm of AES-128 cryptosystem. One of main advantage of proposed fault models is that any fault in the AES encryption from start (AddRoundKey with the main key before the first round) to MixColumns function of 9th round can be modeled with one of our fault models. These models cover all states, so generated differences caused by diverse plaintexts or ciphertexts can be supposed as faults and modeled with our models. It establishes a novel technique to cryptanalysis AES without side channel information. The major difference between these methods and previous ones is on the assumption of fault models. Our proposed fault models use very common and general assumption for locations and values of occurred faults.

2010 6th International Conference on Information Assurance and Security, IAS 2010, 2010

This work presents a differential fault attack against AES employing any key size, regardless of the key scheduling strategy. The presented attack relies on the injection of a single bit flip, and is able to check for the correctness of the injection of the fault a posteriori. This fault model nicely fits the one obtained through underfeeding a computing device employing a low cost tunable power supply unit. This fault injection technique, which has been successfully applied to hardware implementations of AES, receives a further validation in this paper where the target computing device is a system-on-chip based on the widely adopted ARM926EJ-S CPU core. The attack is successfully carried out against two different devices, etched in two different technologies (a generic 130nm and a low-power oriented 90nm library), running a software implementation of AES-192 and AES-256 and has been reproduced on multiple instances of the same chip.

While most current cryptographic efforts focus on designing ciphers resistant to mathematical attack by a third party with access to the ciphertext, the physical security of encryption and decryption devices remain important. We examine a prototypical encryption system based around AES-128 as implemented on a Xilinx Spartan FPGA, and design three attacks to perform sidechannel information leakage and denial-of-service (DOS). As any well-designed encryption system should be carefully checked to ensure its software has not been compromised prior to usage, we implement our attacks to be nearly indistinguishable from the reference design, consuming nearly the same amount of power and utilizing roughly the same percentage of the FPGA's resources.

2001

Fault-based side channel cryptanalysis is very effective against symmetric and asymmetric encryption algorithms. Although straightforward hardware and time redundancy based concurrent error detection (CED) architectures can be used to thwart such attacks, they entail significant overhead (either area or performance). In this paper we investigate systematic approaches to low-cost, low-latency CED for symmetric encryption algorithms based on the inverse relationship that exists between encryption and decryption at algorithm level, round level and operation level and develop CED architectures that explore the trade-off between area overhead, performance penalty and error detection latency. The proposed techniques have been validated on FPGA implementations of AES finalist 128-bit symmetric encryption algorithms.

Journal of Circuits, Systems and Computers, 2007

Security of cryptographic circuits is a major concern. Smartcards are targeted by sophisticated attacks like fault attacks that combine physical disturbance and cryptanalysis. We propose a methodology and a tool (PAFI) to analyze the robustness of circuits under fault attacks using fault injection in simulation. The number of injections is reduced by taking into account the function of the latches in the whole circuit. We tested a circuit implementing the cryptosystem AES and showed that our approach reduces the number of fault injections to be performed (- 80%). Moreover, most of the selected injection points are the ones that lead to known fault attacks (95%).

2013 International Conference on Reconfigurable Computing and FPGAs (ReConFig), 2013

Side-channel analysis is one of the most efficient techniques available to an attacker to break the security of a cryptographic device. Started as monitoring of computation time or power, it has evolved into considering several other possible information leakage sources, such as electromagnetic (EM) emissions. EM waves can be a very attractive means to attack a cryptographic implementation: they are contactless, and their intrinsic spatial, temporal, and frequency information can be a source of leakage richer than power consumption. Existing countermeasures may be thus insufficient against an EM attack and new solutions must be found and validated. In this paper, we describe a set of dedicated countermeasures protecting against EM analysis and validate them with real experimental campaigns on a Xilinx FPGA.

We show how to attack an FPGA implementation of AES where all bytes are processed in parallel using differential electromagnetic analysis. We first focus on exploiting local side channels to isolate the behaviour of our targeted byte. Then, generalizing the Square attack, we describe a new way of retrieving information, mixing algebraic properties and physical observations.

2013 IEEE 16th International Symposium on Design and Diagnostics of Electronic Circuits & Systems (DDECS), 2013

Mobile and embedded systems increasingly process sensitive data, ranging from personal information including health records or financial transactions to parameters of technical systems such as car engines. Cryptographic circuits are employed to protect these data from unauthorized access and manipulation. Fault-based attacks are a relatively new threat to system integrity. They circumvent the protection by inducing faults into the hardware implementation of cryptographic functions, thus affecting encryption and/or decryption in a controlled way. By doing so, the attacker obtains supplementary information that she can utilize during cryptanalysis to derive protected data, such as secret keys. In the recent years, a large number of fault-based attacks and countermeasures to protect cryptographic circuits against them have been developed. However, isolated techniques for each individual attack are no longer sufficient, and a generic protective strategy is lacking.

Proceedings of the IEEE, 2000

Implementations of cryptographic algorithms continue to proliferate in consumer products due to the increasing demand for secure transmission of confidential information. Although the current standard cryptographic algorithms proved to withstand exhaustive attacks, their hardware and software implementations have exhibited vulnerabilities to side channel attacks, e.g., power analysis and fault injection attacks. This paper focuses on fault injection attacks that have been shown to require inexpensive equipment and a short amount of time. The paper provides a comprehensive description of these attacks on cryptographic devices and the countermeasures that have been developed against them. After a brief review of the widely used cryptographic algorithms, we classify the currently known fault injection attacks into low cost ones (which a single attacker with a modest budget can mount) and high cost ones (requiring highly skilled attackers with a large budget). We then list the attacks that have been developed for the important and commonly used ciphers and indicate which ones have been successfully used in practice. The known countermeasures against the previously described fault injection attacks are then presented, including intrusion detection and fault detection. We conclude the survey with a discussion on the interaction between fault injection attacks (and the corresponding countermeasures) and power analysis attacks.