Fault Sensitivity Analysis
|
|
- Bruce Lane
- 5 years ago
- Views:
Transcription
1 Fault Sensitivity Analysis Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Kazuo Ohta The University of Electro-Communications Toshinori Fukunaga, Junko Takahashi NTT Information Sharing Platform Laboratories 19 Aug 2010 CHES Santa Barbara 1
2 Outline Differential Fault Analysis and its countermeasure Power-based Side-Channel Attacks DPA, CPA A New Fault-based Attack Fault Sensitivity Analysis (FSA) Some Case Studies on SASEBO-R FSA attack on PPRM1-AES FSA attack on WDDL-AES FSA attack on Satoh s AES (recent result) Conclusion 19 Aug 2010 CHES Santa Barbara 2
3 Differential Fault Analysis (DFA) Basic idea Make a differential path by fault injection Get correct outputs and faulty outputs Verify the differential path for each key candidate General DFA attack requirements Specific transient fault Pairs of correct output and faulty output for the same input General DFA countermeasures Inherent resistance, prevent specific transient fault e.g. WDDL [1] Redundant calculation for error detection e.g. Satoh s AES [2] 19 Aug 2010 CHES Santa Barbara 3
4 Outline Differential Fault Analysis and its countermeasure Power-based Side-Channel Attacks DPA, CPA A New Fault-based Attack Fault Sensitivity Analysis (FSA) Some Case Studies on SASEBO-R FSA attack on PPRM1-AES FSA attack on WDDL-AES FSA attack on Satoh s AES (recent result) Conclusion 19 Aug 2010 CHES Santa Barbara 4
5 Power-based Side-Channel Attacks Basic idea Power consumption depends on sensitive-data that is calculable with public variables and key guess General attack procedures Have a key guess Calculate sensitive-data Check the calculated data with recorded power consumption Correct key guess matches the power consumption best! Well-kown attacks Correlation Power Analysis (CPA) Differential Power Analysis (DPA) 19 Aug 2010 CHES Santa Barbara 5
6 Outline Differential Fault Analysis and its countermeasure Power-based Side-Channel Attacks DPA, CPA A New Fault-based Attack Fault Sensitivity Analysis (FSA) Some Case Studies on SASEBO-R FSA attack on PPRM1-AES FSA attack on WDDL-AES FSA attack on Satoh s AES (recent result) Conclusion 19 Aug 2010 CHES Santa Barbara 6
7 General Introduction to FSA Fault Sensitivity Analysis (FSA) Fault-based A new side channel leakage Sensitive-data dependency for fault sensitivity Similar Attack procedures to power-based attacks Bypass some DFA countermeasures What is Fault Sensitivity? Sensitivity to the fault injection E.g. Minimal clock frequency with correct output Has data dependency Can be used for key retrieval 19 Aug 2010 CHES Santa Barbara 7
8 Review Fault Injection (The idea of FSA) Input Good Environment Device (Key) Threshold ( Side-channel Leakage) Fault Bad Environment Device (Key) Output C C C Input Faulty Output C Change Fault Intensity Works for different types of fault injection: overclock, low-power, laser 19 Aug 2010 CHES Santa Barbara 8
9 Fault Sensitivity under an over-clock n n D in F/F D out Logic CLK Sensitive Data clk D in illegal_clk1 Critical Delay Timing illegal_clk2 Threshold as Fault Sensitivity 19 Aug 2010 CHES Santa Barbara 9
10 Signal delays for AND gate AND Gate (T X : delay time for signal X) T A Assume T A < T B When signal A=0, T C = T A + T AND (small) When signal A=1, T C = T B + T AND (large) T AND : Delay timing of AND gate A B T AND T B Data Dependency!! C = A B 0 input, small delay. 19 Aug 2010 CHES Santa Barbara 10
11 Signal delays for XOR gate XOR Gate (T X : delay time for signal X) Assume T A < T B When signal A=0, T C = T B + T XOR When signal A=1, T C = T B + T XOR T XOR : Delay timing of XOR gate T A A B T XOR T B No Data Dependency!! C = A B 19 Aug 2010 CHES Santa Barbara 11
12 How about an FSA Attack? FSA For Power-based attacks: Attackers Key Sensitive Data Fault Power Consumption Sensitivity 19 Aug 2010 CHES Santa Barbara 12
13 FSA Attack Procedures Collect pairs of public variables and fault sensitivity Retrieval the key by the data analysis Have a key guess Calculate sensitive-data Check the calculated data with recorded fault sensitivity Directly apply the techniques in power analysis 19 Aug 2010 CHES Santa Barbara 13
14 Case studies of FSA attacks FSA attack against PPRM1-AES FSA attack against WDDL-AES FSA attack against Satoh s AES (recent work) 19 Aug 2010 CHES Santa Barbara 14
15 CASE 1: FSA attacks against PPRM1-AES PPRM1-AES: a low power AES implementation with PPRM1-Sbox [4] PPRM1 S-box PPRM1 S-box AND array XOR array AND gate: 0 input, small delay. AND array: More 0 inputs, smaller delay! 19 Aug 2010 CHES Santa Barbara 15
16 As a result, for PPRM1 S-box More 0 inputs, Smaller delay!! Smaller hamming weight Less sensitive to overclock Fault sensitivity Typical Side Channel Leakage Exploitable by CPA-like analysis Input hamming weight 19 Aug 2010 CHES Santa Barbara 16
17 Attack results against last round of PPRM1-AES Correlation All of the 16 key bytes can be identified clearly. Key guess 19 Aug 2010 CHES Santa Barbara 17
18 How much fault sensitivity data is needed? Less than 50 plaintexts (FS data) to obtain a 128-bit key. 19 Aug 2010 CHES Santa Barbara 18
19 How many times of fault injection? Which point is the fault sensitivity? 1 Success rate of fault injection 0 In our experiment Fre. of Clock C C Worst case: 120 times Fre. of Clock 19 Aug 2010 CHES Santa Barbara 19
20 CASE 2: FSA attacks against WDDL-AES Naturally immune to DFA attacks based on the setup-time violation. [2] Dual-Rail Precharge Logic Complementary wires: (ture,false) transient fault will erase the secret information at the output. WDDL is not perfectly immune to FSA attacks based on setup-time violation. 19 Aug 2010 CHES Santa Barbara 20
21 WDDL s Vulnerability against FSA (1/2) First of all, no clear correlation between input data and fault sensitivity. All types of gates are mixed up However, we observed a data dependence at the output. Imbalance of complementary wires leads to imbalance of critical path delays. 19 Aug 2010 CHES Santa Barbara 21
22 WDDL s Vulnerability against FSA (2/2) Assume Precharge value = 0 Delay_ture > Delay_false then (1,0) (0,0) happens easier than (0,1) (0,0). 1 is more sensitive than 0 WDDL Logic true false Vulnerability! Exploitable by DPA-like analysis Difficult to make perfect matching wires. 19 Aug 2010 CHES Santa Barbara 22
23 Attack result against WDDL-AES with 1200 plaintexts Correlation 3 of 16 key bytes can be identified. Key guess 19 Aug 2010 CHES Santa Barbara 23
24 CASE 3: FSA attacks against Satoh s AES Satoh s AES (CHES2008) High performance AES with Error-detection Scheme Successful FSA attack Self-Template FSA To be continued in the rump section. 19 Aug 2010 CHES Santa Barbara 24
25 Outline Differential Fault Analysis and its countermeasure Power-based Side-Channel Attacks DPA, CPA A New Fault-based Attack Fault Sensitivity Analysis (FSA) Some Case Studies on SASEBO-R FSA attack on PPRM1-AES FSA attack on WDDL-AES FSA attack on Satoh s AES (recent result) Conclusion 19 Aug 2010 CHES Santa Barbara 25
26 Conclusion A new side channel leakage: fault sensitivity FSA has a potential to bypass some fault attack countermeasures. Future work: FSA countermeasures (mask technique?) Stronger FSA attacks Try other types of FSA under other fault injection methods 19 Aug 2010 CHES Santa Barbara 26
27 References [1]G. Piret and J.-J. Quisquater. A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. CHES 2003 [2] S. Guilley T. Graba N. Selmane, S. Bhasin and J.-L. Danger. WDDL is Protected Against Setup Time Violation Attacks. FDTC 2009 [3] Akashi Satoh, Takeshi Sugawara, Naofumi Homma, Takafumi Aoki: High-Performance Concurrent Error Detection Scheme for AES Hardware. CHES 2008 [4] S. Morioka and A. Satoh. An Optimized S-Box Circuit Architecture for Low Power AES Design. CHES Aug 2010 CHES Santa Barbara 27
28 Thank you for your attentions! Questions? 19 Aug 2010 CHES Santa Barbara 28
Fault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li 1, Kazuo Sakiyama 1, Shigeto Gomisawa 1, Toshinori Fukunaga 2, Junko Takahashi 1,2, and Kazuo Ohta 1 1 Department of Informatics, The University of Electro-Communications
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li 1, Kazuo Sakiyama 1, Shigeto Gomisawa 1, Toshinori Fukunaga 2, Junko Takahashi 1,2,andKazuoOhta 1 1 Department of Informatics, The University of Electro-Communications
More informationOn the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting
On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting Amir Moradi 1, Oliver Mischke 1, Christof Paar 1, Yang Li 2, Kazuo Ohta 2, and Kazuo Sakiyama 2 1 Horst
More informationSho Endo1, Naofumi Homma1, Yu-ichi Hayashi1, Junko Takahashi2, Hitoshi Fuji2 and Takafumi Aoki1
April 15, 2014 COSADE2014 A Multiple-fault Injection Attack by Adaptiv e Timing Control under Black-box Conditi ons and a Countermeasure Sho Endo1, Naofumi Homma1, Yu-ichi Hayashi1, Junko Takahashi2, Hitoshi
More informationSynthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
More informationFault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
More informationSide-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel?
Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel? 11. Sep 2013 Ruhr University Bochum Outline Power Analysis Attack Masking Problems in hardware Possible approaches
More informationFault Sensitivity Analysis Meets Zero-Value Attack
Fault Sensitivity Analysis Meets Zero-Value Attack Oliver Mischke, Amir Moradi, Tim Güneysu Horst Görtz stitute for IT-Security Ruhr-Universität Bochum Bochum, Germany E-mail: {mischke, moradi, gueneysu}@crypto.rub.de
More informationFDTC 2010 Fault Diagnosis and Tolerance in Cryptography. PACA on AES Passive and Active Combined Attacks
FDTC 21 Fault Diagnosis and Tolerance in Cryptography PACA on AES Passive and Active Combined Attacks Christophe Clavier Benoît Feix Georges Gagnerot Mylène Roussellet Limoges University Inside Contactless
More informationHardware Security. Debdeep Mukhopadhyay
Hardware Security Debdeep Mukhopadhyay Secured Embedded Architecture Laboratory (SEAL) Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Kharagpur, West Bengal, INDIA
More informationDifferential Fault Analysis on the AES Key Schedule
ifferential Fault Analysis on the AES Key Schedule Junko TAKAHASHI and Toshinori FUKUNAGA NTT Information Sharing Platform Laboratories, Nippon Telegraph and Telephone Corporation, {takahashi.junko, fukunaga.toshinori}@lab.ntt.co.jp
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationChosen-IV Correlation Power Analysis on KCipher-2 and a Countermeasure
Fourth International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2013) Chosen-IV Correlation Power Analysis on KCipher-2 and a Countermeasure Takafumi Hibiki*, Naofumi Homma*,
More informationFPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES
, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING CHAIR OF DEPENDABLE NANO COMPUTING KIT Die Forschungsuniversität in der Helmholtz-Gemeinschaft
More informationSide-channel Power Analysis of Different Protection Schemes Against Fault Attacks on AES
Side-channel Power Analysis of Different Protection Schemes Against Fault Attacks on AES Pei Luo 1, Yunsi Fei 1, Liwei Zhang 2, and A. Adam Ding 2 1 Department of Electrical and Computer Engineering, Northeastern
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationExternal Encodings Do not Prevent Transient Fault Analysis
External Encodings Do not Prevent Transient Fault Analysis Christophe Clavier Gemalto, Security Labs CHES 2007 Vienna - September 12, 2007 Christophe Clavier CHES 2007 Vienna September 12, 2007 1 / 20
More informationThe Davies-Murphy Power Attack. Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab
The Davies-Murphy Power Attack Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab Introduction Two approaches for attacking crypto devices traditional cryptanalysis Side Channel Attacks
More informationThe Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance
2013.12.7 DLSI International Symposium The Design and Evaluation Methodology of Dependable VLSI for Focusing on the security of hardware modules - Tamper resistant cryptographic circuit - Evaluation tools
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationFault Analysis Study of the Block Cipher FOX64
Fault Analysis Study of the Block Cipher FOX64 Ruilin Li 1, Jianxiong You 1, Bing Sun 1,, and Chao Li 1,3 1 Department of Mathematics and System Science, Science College, National University of Defense
More informationPower Analysis Attacks
Power Analysis Attacks Elisabeth Oswald Computer Science Department Crypto Group eoswald@cs.bris.ac.uk Elisabeth.Oswald@iaik.tugraz.at Outline Working principle of power analysis attacks DPA Attacks on
More informationHigh-performance Concurrent Error Detection Scheme for AES Hardware
High-performance Concurrent Error Detection Scheme for AES Hardware Akashi Satoh 1, Takeshi Sugawara 2,NaofumiHomma 2,andTakafumiAoki 2 1 Research Center for Information Security, National Institute of
More informationFault Attacks on Cryptosystems: Novel Threat Models, Countermeasures and Evaluation Metrics
Fault Attacks on Cryptosystems: Novel Threat Models, Countermeasures and Evaluation Metrics Nahid Farhady Ghalaty Dissertation submitted to the Faculty of the Virginia Polytechnic Institute and State University
More informationA Fault Attack Against the FOX Cipher Family
A Fault Attack Against the FOX Cipher Family L. Breveglieri 1,I.Koren 2,andP.Maistri 1 1 Department of Electronics and Information Technology, Politecnico di Milano, Milano, Italy {brevegli, maistri}@elet.polimi.it
More informationWhen Clocks Fail On Critical Paths And Clock Faults
When Clocks Fail On Critical Paths And Clock Faults Michel Agoyan 1, Jean-Max Dutertre 2, David Naccache 1,3, Bruno Robisson 1, and Assia Tria 1 1 cea-leti {michel.agoyan, bruno.robisson, assia.tria}@cea.fr
More informationThe embedded security challenge: Protecting bits at rest
The embedded security challenge: Protecting bits at rest Patrick Schaumont schaum@vt.edu Acknowledgements: Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department Secret bits-at-rest Hi-Res
More informationJUST ONE FAULT Persistent Fault Analysis on Block Ciphers
JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK 2018, Kolkata, India 15 Nov 2018 Table of Contents 1. 2. 3. 4. Introduction to Fault Attacks Persistent Fault
More informationOutline. Embedded Security. Black-box Security. B. Gierlichs CryptArchi, Trégastel, June 2008
Outline Power and Fault Analysis Resistance in Hardware through Dynamic Reconfiguration Nele Mentens 1,2, Benedikt Gierlichs 1, Ingrid Verbauwhede 1 1 K.U. Leuven, ESAT/SCD-Cosic 2 KH Limburg, IWT firstname.lastname@esat.kuleuven.be
More informationCountermeasures against EM Analysis
Countermeasures against EM Analysis Paolo Maistri 1, SebastienTiran 2, Amine Dehbaoui 3, Philippe Maurine 2, Jean-Max Dutertre 4 (1) (2) (3) (4) Context Side channel analysis is a major threat against
More informationPiret and Quisquater s DFA on AES Revisited
Piret and Quisquater s DFA on AES Revisited Christophe Giraud 1 and Adrian Thillard 1,2 1 Oberthur Technologies, 4, allée du doyen Georges Brus, 33 600 Pessac, France. c.giraud@oberthur.com 2 Université
More informationPRACTICAL DPA ATTACKS ON MDPL. Elke De Mulder, Benedikt Gierlichs, Bart Preneel, Ingrid Verbauwhede
PRACTICAL DPA ATTACKS ON MDPL Elke De Mulder, Benedikt Gierlichs, Bart Preneel, Ingrid Verbauwhede K.U. Leuven, ESAT/SCD-COSIC and IBBT Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {elke.demulder,benedikt.gierlichs,bart.preneel,ingrid.verbauwhede}@esat.kuleuven.be
More informationSide Channel Attacks: A Primer
Side Channel Attacks: A Primer Debdeep Mukhopadhyay Department of Computer Science and Engineering IIT debdeep@cse.iitkgp.ernet.in 1 THE BIRD S EYE VIEW Of Secrecy I am Silence Bhagavad Gita, Vibhuti Yoga,
More informationFault Injection Resilience
Fault Injection Resilience Sylvain GUILLEY, Laurent SAUVAGE, Jean-Luc DANGER, Nidhal SELMANE. Institut TELECOM / TELECOM-ParisTech CNRS LTCI (UMR 5141) FDTC (Santa Barbara, CA, USA), Saturday August 21st,
More informationPrototype IC with WDDL and Differential Routing DPA Resistance Assessment
Prototype IC with WDDL and Differential Routing DPA Resistance Assessment Kris Tiri, David Hwang, Alireza Hodjat, Bo-Cheng Lai, Shenglin Yang, Patrick Schaumont, and Ingrid Verbauwhede,2 Electrical Engineering
More informationFault Tolerant Infective Countermeasure for AES
Fault Tolerant Infective Countermeasure for AES Sikhar Patranabis, Abhishek Chakraborty, and Debdeep Mukhopadhyay Department of Computer Science and Engg. IIT Kharagpur, India sikharpatranabis@gmail.com,
More informationIntroduction to Software Countermeasures For Embedded Cryptography
Introduction to Software Countermeasures For Embedded Cryptography David Vigilant UMPC Master, 1 st December, 2017 Outline 1 Context and Motivations 2 Basic Rules and Countermeasures Examples Regarding
More informationKeynote: White-Box Cryptography
Keynote: White-Box Cryptography Matthieu Rivain PHIIC Workshop, 4 Oct 2016 Outline Context: white-box crypto: big trend in the industry cryptographic obfuscation: big trend in the scientific literature
More information«Safe (hardware) design methodologies against fault attacks»
«Safe (hardware) design methodologies against fault attacks» Bruno ROBISSON Assia TRIA SESAM Laboratory (joint R&D team CEA-LETI/EMSE), Centre Microélectronique de Provence Avenue des Anémones, 13541 Gardanne,
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationInvestigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs
Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs Shaunak Shah Corsec Security, Inc Fairfax, VA, USA Email: sshah@corsec.com Rajesh Velegalati, Jens-Peter Kaps, David
More information@ 2014 SEMAR GROUPS TECHNICAL SOCIETY.
www.semargroup.org, www.ijsetr.com ISSN 2319-8885 Vol.03,Issue.02, February-2014, Pages:0350-0355 Performance Improvement in Fault Detection Schemes for the Advanced Encryption Standard Using Composite
More informationSoftware Protection Against Fault and Side Channel Attacks
Software Protection Against Fault and Side Channel Attacks Conor P. Patrick Thesis submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationOnce upon a time... A first-order chosen-plaintext DPA attack on the third round of DES
A first-order chosen-plaintext DPA attack on the third round of DES Oscar Reparaz, Benedikt Gierlichs KU Leuven, imec - COSIC CARDIS 2017 Once upon a time... 14 November 2017 Benedikt Gierlichs - DPA on
More informationBlock Ciphers that are Easier to Mask How Far Can we Go?
Block Ciphers that are Easier to Mask How Far Can we Go? Benoît Gérard, Vincent Grosso, María Naya-Plasencia, François-Xavier Standaert DGA & UCL Crypto Group & INRIA CHES 2013 Santa Barbara, USA Block
More informationEvaluating the Duplication of Dual-Rail Logics on FPGAs
Horst Görtz Institute for IT-Security Evaluating the Duplication of Dual-Rail Logics on FPGAs Alexander Wild, Amir Moradi, Tim Güneysu April 13. 2015 Motivation Dual-rail precharge logic 1 Motivation Dual-rail
More informationFault Injection Attacks and Countermeasures
Fault Injection Attacks and Countermeasures Brněnské bezpečnostní setkávání, FEKT VUT Brno Jakub Breier 28 March 2018 Physical Analysis and Cryptographic Engineering Nanyang Technological University Singapore
More informationSecurity against Timing Analysis Attack
International Journal of Electrical and Computer Engineering (IJECE) Vol. 5, No. 4, August 2015, pp. 759~764 ISSN: 2088-8708 759 Security against Timing Analysis Attack Deevi Radha Rani 1, S. Venkateswarlu
More informationOn the Simplicity of Converting Leakages from Multivariate to Univariate
On the Simplicity of Converting Leakages from Multivariate to Univariate 21. Aug. 2013, Oliver Mischke Embedded Security Group + Hardware Security Group Ruhr University Bochum, Germany Outline Definitions,
More informationCorrelation-Enhanced Power Analysis Collision Attack
Correlation-Enhanced Power Analysis Collision Attack Amir Moradi 1, Oliver Mischke 1, and Thomas Eisenbarth 2 1 Horst Görtz Institute for IT Security Ruhr University Bochum, Germany {moradi, mischke}@crypto.rub.de
More informationCOSADE Conference Series
COSADE Conference Series Past, Present, and Future Sorin A. Huss 1 / 24 Initiators Werner Schindler Sorin Alexander Huss 2 / 24 Constructive Side-Channel Analysis and Secure Design Time Period 2010 to
More informationA Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher
A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher Lu Xiao and Howard M. Heys 2 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering, Faculty
More informationFrom AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks
From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks Noémie Floissac and Yann L Hyver SERMA TECHNOLOGIES ITSEF 30, avenue Gustave Eiffel, 33608 Pessac, France Email: {n.floissac;y.lhyver}@serma.com
More informationProtecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis
Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis Sk Subidh Ali and Debdeep Mukhopadhyay Dept. of Computer Science and Engineering Indian Institute of Technology Kharagpur,
More informationPARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE
PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE Raghavan Kumar, University of Massachusetts Amherst Contributions by: Philipp Jovanovic, University of Passau Wayne P. Burleson, University
More informationPractical Electromagnetic Template Attack on HMAC
Practical Electromagnetic Template Attack on HMAC Pierre Alain Fouque 1 Gaétan Leurent 1 Denis Réal 2,3 Frédéric Valette 2 1ENS,75Paris,France. 2CELAR,35Bruz,France. 3INSA-IETR,35Rennes,France. September
More informationMulti-Stage Fault Attacks
Multi-Stage Fault Attacks Applications to the Block Cipher PRINCE Philipp Jovanovic Department of Informatics and Mathematics University of Passau March 27, 2013 Outline 1. Motivation 2. The PRINCE Block
More informationCombined SCA and DFA Countermeasures Integrable in a FPGA Design Flow
Combined SCA and DFA Countermeasures Integrable in a FPGA Design Flow Shivam Bhasin, Jean-Luc Danger, Florent Flament, Tarik Graba, Sylvain Guilley, Yves Mathieu, Maxime Nassar, Laurent Sauvage, Nidhal
More informationImplementing Virtual Secure Circuit Using A Custom-Instruction Approach
Implementing Virtual Secure Circuit Using A Custom-Instruction Approach Zhimin Chen Virginia Tech. Blacksburg, VA 246 chenzm@vt.edu Ambuj Sinha Virginia Tech. Blacksburg, VA 246 ambujs87@vt.edu Patrick
More informationPractical DFA on AES. Marc Witteman CTO June 13, 2013
Practical DFA on AES Marc Witteman CTO June 13, 2013 DFA on AES, how hard is that? 2003 Gilles Piret and Jean-Jacques Quisquater 2 faults 2013 Christophe Giraud and Adrian Thillard 1 fault 2013 Riscure
More informationNon-Profiled Deep Learning-Based Side-Channel Attacks
Non-Profiled Deep Learning-Based Side-Channel Attacks Benjamin Timon UL Transaction Security, Singapore benjamin.timon@ul.com Abstract. Deep Learning has recently been introduced as a new alternative to
More informationDestroying Fault Invariant with Randomization
Destroying Fault Invariant with Randomization -A Countermeasure for AES against Differential Fault Attacks Harshal Tupsamudre, Shikha Bisht and Debdeep Mukhopadhyay Department of Computer Science and Engg.
More informationEnergy Evaluation of AES based Authenticated Encryption Algorithms (Online + NMR)
Energy Evaluation of AES based Authenticated Encryption Algorithms (Online + NMR) Subhadeep Banik 1, Andrey Bogdanov 1, Francesco Regazzoni 2 1 DTU Compute, Technical University of Denmark, Lyngby 2 ALARI,
More informationOn the Easiness of Turning Higher-Order Leakages into First-Order
On the Easiness of Turning Higher-Order Leakages into First-Order Thorben Moos and Amir Moradi Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Bochum, Germany {firstname.lastname}@rub.de
More informationClock Glitch Fault Injection Attacks on an FPGA AES Implementation
Journal of Electrotechnology, Electrical Engineering and Management (2017) Vol. 1, Number 1 Clausius Scientific Press, Canada Clock Glitch Fault Injection Attacks on an FPGA AES Implementation Yifei Qiao1,a,
More informationHardware-Focused Performance Comparison for the Standard Block Ciphers AES, Camellia, and Triple-DES
Hardware-ocused Performance Comparison for the Standard Block Ciphers AES, Camellia, and Triple-DES Akashi Satoh and Sumio Morioka Tokyo Research Laboratory IBM Japan Ltd. Contents Compact and High-Speed
More informationFault Attacks on Embedded Software: Threats, Design, and Mitigation
Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Acknowledgements FAME Project Team https://sites.google.com/view/famechip
More informationBLIND FAULT ATTACK AGAINST SPN CIPHERS FDTC 2014
BLIND FAULT ATTACK AGAINST SPN CIPHERS FDTC 2014 Roman Korkikian, Sylvain Pelissier, David Naccache September 23, 2014 IN BRIEF Substitution Permutation Networks (SPN) Fault attacks Blind fault attack
More informationASIC Performance Comparison for the ISO Standard Block Ciphers
ASIC Performance Comparison for the ISO Standard Block Ciphers Takeshi Sugawara 1, Naofumi Homma 1, Takafumi Aoki 1, and Akashi Satoh 2 1 Graduate School of Information Sciences, Tohoku University Aoba
More informationA Defense Mechanism for Differential Power Analysis Attack in AES
Journal of Computer Science Original Research Paper A Defense Mechanism for Differential Power Analysis Attack in AES 1 M. Rajaramand 2 J. Vijaya 1 Anna University, Chennai, India 2 Vice Chancellor, Anna
More informationSIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM)
SIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM) A Major Qualifying Project Report Submitted to the Faculty of WORCESTER POLYTECHNIC INSTITUTE By Zachary Goddard Nicholas LaJeunesse 1 Abstract While
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationPrincipal Component Analysis and Side-Channel Attacks - Master Thesis
Principal Component Analysis and Side-Channel Attacks - Master Thesis Jip Hogenboom Department of Computing Science Digital Security Radboud University Nijmegen, The Netherlands August, 2010 J.Hogenboom@student.ru.nl
More informationPower Analysis of MAC-Keccak: A Side Channel Attack. Advanced Cryptography Kyle McGlynn 4/12/18
Power Analysis of MAC-Keccak: A Side Channel Attack Advanced Cryptography Kyle McGlynn 4/12/18 Contents Side-Channel Attack Power Analysis Simple Power Analysis (SPA) Differential Power Analysis (DPA)
More informationFault-based Cryptanalysis on Block Ciphers
LIRMM / university of Montpellier COSADE 2017, Thursday April 13 2017, Paris, France 1/ 62 Outline 1 2 Fault Model Safe Error Attack DFA Statistical Fault Attack 3 Analog Level Digital Level Application
More informationAnalysis and Design of Clock-glitch Fault Injection within an FPGA
Analysis and Design of Clock-glitch Fault Injection within an FPGA by Masoumeh Dadjou A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master
More informationEC500. Design of Secure and Reliable Hardware. Lecture 1 & 2
EC500 Design of Secure and Reliable Hardware Lecture 1 & 2 Mark Karpovsky January 17 th, 2013 1 Security Errors injected by the attacker (active attacks) Reliability Errors injected by random sources e.g.
More informationSilent SIMON: A Threshold Implementation under 100 Slices
Silent SIMON: A Threshold Implementation under 1 Slices Aria Shahverdi, Mostafa Taha and Thomas Eisenbarth Worcester Polytechnic Institute, Worcester, MA 169, USA Email: {ashahverdi, mtaha, teisenbarth}@wpi.edu
More informationA Power Attack Method Based on Clustering Ruo-nan ZHANG, Qi-ming ZHANG and Ji-hua CHEN
2017 International Conference on Computer, Electronics and Communication Engineering (CECE 2017) ISBN: 978-1-60595-476-9 A Power Attack Method Based on Clustering Ruo-nan ZHANG, Qi-ming ZHANG and Ji-hua
More informationPhysical Security Evaluation at an Early Design-Phase: A Side-Channel Aware Simulation Methodology
Physical Security Evaluation at an Early Design-Phase: A Side-Channel Aware Simulation Methodology Shivam Bhasin Jean-Luc Danger Tarik Graba Yves Mathieu Institut MINES-TELECOM, TELECOM ParisTech, 46 rue
More informationOne Plus One is More than Two: A Practical Combination of Power and Fault Analysis Attacks on PRESENT and PRESENT-like Block Ciphers
One Plus One is More than Two: A Practical Combination of Power and Fault Analysis Attacks on PREENT and PREENT-like Block Ciphers ikhar Patranabis, Debdeep Mukhopadhyay Department of CE, IIT Kharagpur,
More informationCombined Fault and Side-Channel Attack on Protected Implementations of AES
Combined Fault and Side-Channel Attack on Protected Implementations of AES Thomas Roche, Victor Lomné, and Karim Khalfallah ANSSI, 51, Bd de la Tour-Maubourg, 75700 Paris 07 SP, France firstname.lastname@ssi.gouv.fr
More informationOn the Optimality of Mutual Information Analysis for Discrete Leakages Cryptarchi June 29-30, 2015 Leuven
On the Optimality of Mutual Information Analysis for Discrete Leakages Cryptarchi June 29-30, 2015 Leuven Éloi de Chérisey*, Annelie Heuser**, Sylvain Guilley** and Olivier Rioul** * ENS Cachan, **Telecom
More informationOn Analyzing Program Behavior Under Fault Injection Attacks
On Analyzing Program Behavior Under Fault Injection Attacks Jakub Breier Physical Analysis and Cryptographic Engineering Nanyang Technological University, Singapore jbreier@ntuedusg Abstract Fault attacks
More informationFault Detection of the Camellia Cipher against Single Byte Differential Fault Analysis
Appl. Math. Inf. Sci. 6-3S, No. 3, 951-957 (2012) 951 Applied Mathematics & Information Sciences An International Journal Fault Detection of the Camellia Cipher against Single Byte Differential Fault Analysis
More informationCountering power analysis attacks by exploiting characteristics of multicore processors
This article has been accepted and published on J-STAGE in advance of copyediting. Content is final as presented. IEICE Electronics Express, Vol.*, o.*, 1 11 Countering power analysis attacks by exploiting
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationImproved Leakage Model Based on Genetic Algorithm
Improved Leakage Model Based on Genetic Algorithm Zhenbin Zhang 1, Liji Wu 2, An Wang 3, Zhaoli Mu 4 May 4, 2014 Abstract. The classical leakage model usually exploits the power of one single S-box, which
More informationFault Attack on AES with Single-Bit Induced Faults
Fault Attack on AES with Single-Bit Induced Faults Alessandro Barenghi, Guido M. Bertoni, Luca Breveglieri, Mauro Pellicioli and Gerardo Pelosi DEI Dipartimento di Elettronica e Informazione, Politecnico
More informationInformation Leakage Attacks Against Smart Card Implementations of Cryptographic Algorithms and Countermeasures A Survey
Information Leakage Attacks Against Smart Card Implementations of Cryptographic Algorithms and Countermeasures A Survey Erwin Hess 1, Norbert Janssen 2, Bernd Meyer 1, and Torsten Schütze 1 1 Siemens AG,
More informationWhoamI. Attacking WBC Implementations No con Name 2017
Attacking WBC Implementations No con Name 2017 1 WHO I AM EDUCATION: Computer Science MSc in IT security COMPANY & ROLES: HCE Security Evaluator R&D Engineer WBC project Responsible of Android security
More informationDPA CONTEST 08/09 A SIMPLE IMPROVEMENT OF CLASSICAL CORRELATION POWER ANALYSIS ATTACK ON DES
DPA CONTEST 08/09 A SIMPLE IMPROVEMENT OF CLASSICAL CORRELATION POWER ANALYSIS ATTACK ON DES, Fakultät für Informatik Antonio Almeida Prof. Dejan Lazich Karlsruhe, 9 th June 2010 KIT Universität des Landes
More informationSecond-Order Power Analysis Attacks against Precomputation based Masking Countermeasure
, pp.259-270 http://dx.doi.org/10.14257/ijsh.2016.10.3.25 Second-Order Power Analysis Attacks against Precomputation based Masking Countermeasure Weijian Li 1 and Haibo Yi 2 1 School of Computer Science,
More informationCorrelated Power Noise Generator as a Low Cost DPA Countermeasures to Secure Hardware AES Cipher
Correlated Power Noise Generator as a Low Cost DPA Countermeasures to Secure Hardware AES Cipher Najeh Kamoun 1, Lilian Bossuet 2, and Adel Ghazel 1 1 CIRTA COM, SUP COM 2 IMS, University of Bordeaux Tunis,
More informationFault Attacks on AES with Faulty Ciphertexts Only
Fault Attacks on AES with Faulty Ciphertexts Only Thomas Fuhr, Eliane Jaulmes, Victor Lomné and Adrian Thillard ANSSI 51, Bd de la Tour-Maubourg, 75700 Paris 07 SP, France firstname.lastname@ssi.gouv.fr
More informationEfficient DPA Attacks on AES Hardware Implementations
I. J. Communications, Network and System Sciences. 008; : -03 Published Online February 008 in SciRes (http://www.srpublishing.org/journal/ijcns/). Efficient DPA Attacks on AES Hardware Implementations
More informationTest Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES
Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES 1 Document Scope This document describes requirements and test procedures for qualifying DPA-resistant implementations of
More informationPOWER ANALYSIS RESISTANT SRAM
POWER ANALYSIS RESISTANT ENGİN KONUR, TÜBİTAK-UEKAE, TURKEY, engin@uekae.tubitak.gov.tr YAMAN ÖZELÇİ, TÜBİTAK-UEKAE, TURKEY, yaman@uekae.tubitak.gov.tr EBRU ARIKAN, TÜBİTAK-UEKAE, TURKEY, ebru@uekae.tubitak.gov.tr
More information