Fault Injection Resilience

Guilley, Sylvain; Sauvage, Laurent; Danger, Jean‐Luc; Selmane, Nidhal

doi:10.1109/fdtc.2010.15

Cited by 29 publications

(19 citation statements)

References 58 publications

(74 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are also some works using evolution and genetic algorithms [11]. Very powerful attacks are also active side-channel-attacks, namely Fault Injection Attacks (FIA) [12,13], and hardware trojan horses [14].…”

Section: Other Scasmentioning

confidence: 99%

Improving CPA Attack Against DSA and ECDSA

Repka

Varchola

Drutarovský

2015

Journal of Electrical Engineering

View full text Add to dashboard Cite

In this work, we improved Correlation Power Analysis (CPA) attack against Digital Signature Algorithm (DSA) and its various derivations, such as Elliptic Curve Digital Signature Algorithm (ECDSA). The attack is aimed against integer multiplication with constant secret operand. We demonstrate this improvement on 16-bit integer multiplier in FPGA. The improvement makes it possible to guess more blocks of key, and the improvement also eliminates errors of simulated attacks what is very important when approximating attack success rate and complexity based on simulated attacks. We also discus a possible efficient countermeasure.

show abstract

Section: Other Scasmentioning

confidence: 99%

Improving CPA Attack Against DSA and ECDSA

Repka

Varchola

Drutarovský

2015

Journal of Electrical Engineering

View full text Add to dashboard Cite

show abstract

“…Also, hiding is a countermeasure against most fault injection attacks since the attacker erases the value stored redundantly in one pair of wires by changing only one of them. The case of symmetric faults is covered in [38] and of arbitrary faults in [39]. An interesting noting is that by associating masking and hiding, the protection extends to semi-invasive and invasive attacks.…”

Section: General Picturementioning

confidence: 99%

Vade mecum on side-channels attacks and countermeasures for the designer and the evaluator

Guilley

Meynard

Nassar

et al. 2011

2011 6th International Conference on Design &Amp; Technology of Integrated Systems in Nanoscale Era (DTIS)

Self Cite

View full text Add to dashboard Cite

Abstract-Implementation-level attacks are nowadays well known and most designers of security embedded systems are aware of them. However, both the number of vulnerabilities and of protections have seriously grown since the first public reporting of these threats in 1996. It is thus difficult to assess the correct countermeasures association to cover all the possible attack pathes. The goal of this paper is to give a clear picture of the possible adequation between actually risks and mitigation techniques. A specific focus is made on two protection techniques addressing primarily side-channel attacks: masking and hiding. For the first time, we provide with a way to estimate a tradeoff depending on the environmental conditions (amount of noise) and on the designer skills (ability to balance the design). This tradeoff is illustrated in a decision diagram, helpful for the security designer to justify choices and to account for the cost overhead.

show abstract

“…Typically, the bitstream decryption in Xilinx FPGAs is sent to the fabric (thus becoming non-functional), but the attacker cannot know which fault has been triggered (it remains internal to the FPGA). Also, if a mode of operation is used in way secure way (an initialization vector is refreshed each time), then it is difficult to observe both a correct and a faulty ciphertext; this is the root of the fault injection resilience countermeasure introduced in [14]. Now, secrets can be recovered from a circuit by various means:…”

Section: Threatsmentioning

confidence: 99%

“…Also, differential attacks (such as DFA [4]) require a correct and at least one [28] faulty cryptogram. This approach is similar to resilient countermeasures: the secret is made volatile [17], as well as the data [15]. We emphasize that for this class of countermeasure to be efficient, a tamper-resistant TRNG (True Random Number Generator) shall be available.…”

Section: Randomizing the Protocolsmentioning

confidence: 99%