Proceedings ArticleDOI
Combined Fault and Side-Channel Attacks on the AES Key Schedule
Francois Dassance,Alexandre Venelli +1 more
- pp 63-71
TLDR
Combined attacks on the AES key schedule based on the work of Roche et al. are presented, which defeat most AES implementations secure against both high-order side-channel attacks and fault attacks.Abstract:
We present combined attacks on the AES key schedule based on the work of Roche et al. \cite{Roche2011}. The main drawbacks of the original attack are: the need for high repeatability of the fault, a very particular fault model and a very high complexity of the key recovery algorithm. We consider more practical fault models, we obtain improved key recovery algorithms and we present more attack paths for combined attacks on AES. We propose to inject faults on the different operations of the key schedule instead of the key state of round 9 or the corresponding data state. We also consider fault injections in AES constants such as the RCon or the affine transformation of the SubWord. By corrupting these constants, the attacker can easily deduce the value of the error. The key recovery complexity can then be greatly improved. Notably, we can obtain a complexity identical to a classical differential side-channel attack. Our attacks defeat most AES implementations secure against both high-order side-channel attacks and fault attacks.read more
Citations
More filters
Book ChapterDOI
ParTI --- Towards Combined Hardware Countermeasures Against Side-Channel and Fault-Injection Attacks
TL;DR: This work introduces a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme i.e., threshold implementation with an error detecting approach against fault injection, and applies it to the lightweight LED cipher.
Journal ArticleDOI
Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation
TL;DR: This article is a review on hardware-based fault attacks on software, with emphasis on the context of embedded systems, and presents a detailed discussion of the anatomy of a fault attack, and a review of fault attack evaluation techniques.
Proceedings ArticleDOI
ParTI: Towards Combined Hardware Countermeasures against Side-Channeland Fault-Injection Attacks
TL;DR: This work introduces a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme (i.e., threshold implementation) with an error detecting approach against fault injection, and applies it to the lightweight LED cipher.
Journal ArticleDOI
Securing the PRESENT Block Cipher Against Combined Side-Channel Analysis and Fault Attacks
Thomas De Cnudde,Svetla Nikova +1 more
TL;DR: This paper performs a side-channel evaluation using the state-of-the-art leakage detection tests, quantify the resource overhead of the Private Circuits II countermeasure, subdue the implementation to established differential FAs against the PRESENT block cipher, and contemplate on the structural resistance of the countermeasures.
References
More filters
Book ChapterDOI
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
TL;DR: By carefully measuring the amount of time required to perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Book ChapterDOI
Correlation Power Analysis with a Leakage Model
TL;DR: A classical model is used for the power consumption of cryptographic devices based on the Hamming distance of the data handled with regard to an unknown but constant reference state, which allows an optimal attack to be derived called Correlation Power Analysis.
Journal ArticleDOI
Encryption: Advanced Encryption Standard (AES)
TL;DR: The 'Caesar' Cypher shows how old encryption is and how simple old ciphers now are for us to break.
Book ChapterDOI
Mutual Information Analysis
TL;DR: This work builds a distinguisher that uses the value of the Mutual Information between the observed measurements and a hypothetical leakage to rank key guesses and demonstrates that the model and the attack work effectively in an attack scenario against DPA-resistant logic.