FaultDroid: An Algorithmic Approach for Fault-Induced Information Leakage Analysis
Citations
123 citations
87 citations
2 citations
2 citations
References
3,444 citations
"FaultDroid: An Algorithmic Approach..." refers background in this paper
...FaultDroid can be used for a large variety of ciphers ranging from the standard block ciphers, such as AES [18], CLEFIA [47], and CAMELLIA [5], to light-weight ciphers with S-boxes, such as PRESENT [12] and GIFT [6], to light-weight ciphers without S-box, such as SIMON [8]....
[...]
...For example, if the branch number [18] of the diffusion function is decreased, a greater number of exploitable faults can be...
[...]
...AES [18] 40 16 160 SPN CAMELLIA [5] 98 16 464 Feistel SMS4 [19] 128 16 388 Unbalanced Feistel CLEFIA [47] 148 8 440 Generalized Type II Feistel PRESENT [12] 94 16 512 SPN GIFT [6] 84 16 464 SPN SIMON [8] 192 32 1, 024 Balanced Feistel...
[...]
1,750 citations
1,662 citations
"FaultDroid: An Algorithmic Approach..." refers background in this paper
...Crypto-systems are highly vulnerable to a variety of physical attacks targeting key leakage [20]....
[...]
528 citations
"FaultDroid: An Algorithmic Approach..." refers methods in this paper
...For example, the fault layout {F31[1],F32[14],F33[2],F34[7]}, represents four faults of AES—two in the eighth round (1st byte after ShiftRows and 14th byte after MixColumns) and two in the ninth round (2nd byte after AddRoundKeys and 7th byte after SubBytes) respectively....
[...]
...It has been used to recover the secret key from various encryption schemes, such as AES [50], RSA [13], and ECC [11]....
[...]
...For instance, Moro et al. [36] provide a formally proven countermeasure against instruction skip attacks, whereas Christofi et al. [16] and Rauzy and Guilley [38] independently prove the security of several CRT-RSA implementations....
[...]
...Equivalent Set Function Elements Eq1 F28[1] to F28[16]; F29[1] to F29[16]; (size = 64) F30[1] to F30[16]; F31[1] to F31[16] Eq2 F32[1], F32[6], F32[11], F32[16] (size = 16) F33[1], F33[6], F33[11], F33[16] F34[1], F34[6], F34[11], F34[16] F35[1], F35[2], F35[3], F35[4] Eq3 F32[2], F32[7], F32[12], F32[13] (size = 16) F33[2], F33[7], F33[12], F33[13] F34[2], F34[7], F34[12], F34[13] F35[13],F35[14],F35[15],F35[16] Eq4 F32[3], F32[8], F32[9], F32[14] (size = 16) F33[3], F33[8], F33[9], F33[14] F34[3], F34[8], F34[9], F34[14] F35[9], F35[10], F35[11], F35[12] Eq5 F32[4], F32[5], F32[10], F32[15] (size = 16) F33[4], F33[5], F33[10], F33[15] F34[4], F34[5], F34[10], F34[15] F35[5], F35[6], F35[7], F35[8]...
[...]
504 citations
"FaultDroid: An Algorithmic Approach..." refers methods in this paper
...To test FaultDroid, we selected three standard blocks ciphers: AES, CAMELLIA, and SMS4; three light-weight ciphers: CLEFIA, PRESENT, and GIFT; and cipher SIMON, which does not use S-boxes (Table 5)....
[...]
...• FaultDroid is the first framework that can evaluate fault attack vulnerabilities in ciphers like SIMON, which rely on Boolean AND instead of S-boxes for non-linearity....
[...]
...Equivalent Set Function Elements Eq1 F28[1] to F28[16]; F29[1] to F29[16]; (size = 64) F30[1] to F30[16]; F31[1] to F31[16] Eq2 F32[1], F32[6], F32[11], F32[16] (size = 16) F33[1], F33[6], F33[11], F33[16] F34[1], F34[6], F34[11], F34[16] F35[1], F35[2], F35[3], F35[4] Eq3 F32[2], F32[7], F32[12], F32[13] (size = 16) F33[2], F33[7], F33[12], F33[13] F34[2], F34[7], F34[12], F34[13] F35[13],F35[14],F35[15],F35[16] Eq4 F32[3], F32[8], F32[9], F32[14] (size = 16) F33[3], F33[8], F33[9], F33[14] F34[3], F34[8], F34[9], F34[14] F35[9], F35[10], F35[11], F35[12] Eq5 F32[4], F32[5], F32[10], F32[15] (size = 16) F33[4], F33[5], F33[10], F33[15] F34[4], F34[5], F34[10], F34[15] F35[5], F35[6], F35[7], F35[8]...
[...]
...Such ciphers (e.g., SIMON [8]) are becoming popular due to their implementation of friendly structures....
[...]
...• We use FaultDroid to make an extensive evaluation of various fault scenarios in a variety of block cipher algorithms, namely AES, CLEFIA, CAMELLIA, SMS4, SIMON, PRESENT, and GIFT....
[...]