Fault Sensitivity Analysis Meets Zero-Value Attack

Mischke, Oliver; Moradi, Amir; Güneysu, Tim

doi:10.1109/fdtc.2014.16

Cited by 8 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Originally, Mischke et al reported that a zero-value attack is applicable not only to DPA, but also to FSA [MMG14]. While their study deals with a multiplicative masking for AES [GT03], our manuscript focuses on Boolean masking.…”

Section: Zero-value Attacks On Compact and Protected S-boxmentioning

confidence: 98%

All You Need Is Fault: Zero-Value Attacks on AES and a New λ-Detection M&M

Hirata,

Miyahara,

Arribas

et al. 2023

TCHES

View full text Add to dashboard Cite

Deploying cryptography on embedded systems requires security against physical attacks. At CHES 2019, M&M was proposed as a combined countermeasure applying masking against SCAs and information-theoretic MAC tags against FAs. In this paper, we show that one of the protected AES implementations in the M&M paper is vulnerable to a zero-value SIFA2-like attack. A practical attack is demonstrated on an ASIC board. We propose two versions of the attack: the first follows the SIFA approach to inject faults in the last round, while the second one is an extension of SIFA and FTA but applied to the first round with chosen plaintext. The two versions work at the byte level, but the latter version considerably improves the efficiency of the attack. Moreover, we show that this zero-value SIFA2 attack is specific to the AES tower-field decomposed S-box design. Hence, such attacks are applicable to any implementation featuring this AES S-box architecture.Then, we propose a countermeasure that prevents these attacks. We extend M&M with a fine-grained detection-based feature capable of detecting the zero-value glitch attacks. In this effort, we also solve the problem of a combined attack on the ciphertext output check of M&M scheme by using Kronecker’s delta function. We deploy the countermeasure on FPGA and verify its security against both fault and side-channel analysis with practical experiments.

show abstract

Section: Zero-value Attacks On Compact and Protected S-boxmentioning

confidence: 98%

All You Need Is Fault: Zero-Value Attacks on AES and a New λ-Detection M&M

Hirata,

Miyahara,

Arribas

et al. 2023

TCHES

View full text Add to dashboard Cite

show abstract

“…The attacks monitor the sensitivity information of the design under faults injection to try and reveal information about the circuit. FSA shares similarities with side channel analysis (SCA) attacks and has been recently combined with zero value attacks [17] for greater accuracy. Skorobogatov [18] uses a laser beam to increase the power consumption of a micro-controller logic cell and exploits this phenomenon via power analysis.…”

Section: Dpa and Resistive Bridges Fault Injectionmentioning

confidence: 99%

Security and fault tolerance evaluation of TMR–QDI circuits

Abdelmalek

Ziani

Mokdad

2019

IET Information Security

View full text Add to dashboard Cite

“…The Hamming Weight model has been used with success [20], but was shown to not work on all S-Boxes [27]. An alternative model based on the zero-value attack was shown successful in the latter cases [22].…”

Section: A Fault Sensitivity Analysismentioning

confidence: 99%

“…In the original work of Li, it was argued that masking schemes could provide resistance against FSA [20]. After several masking schemes were broken using FSA [21], [22], [24], dedicated countermeasures against FSA have been proposed. These can be categorized into gate-level countermeasures and RTL-level countermeasures.…”

Section: Related Workmentioning

confidence: 99%

Glitch-Resistant Masking Schemes as Countermeasure Against Fault Sensitivity Analysis

Arribas

Cnudde

Šijačić

2018

2018 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)

View full text Add to dashboard Cite

Fault Sensitivity Analysis is an attack on cryptographic implementations that exploits dependencies between the sensitive data and the intensity of an injected fault. Masking, an established Side-Channel Analysis countermeasure, was originally believed to resist Fault Sensitivity Analysis, until Moradi et al. presented a successful attack on several masked AES ASIC cores by leveraging Fault Sensitivity Analysis. However, the attacked masked implementations are known to be vulnerable to power analysis through glitches occurring from non-ideal gates in CMOS. This means that glitch-resistant masking schemes specifically have not been assessed against Fault Sensitivity Analysis. In this work we give a response to this matter and show that implementations protected with these glitch-resistant masking schemes provide Fault Sensitivity Analysis resistance by design. We argue our claims through a theoretical elaboration and provide further evidence through simulations for both ASIC and FPGA platforms. In our setup we give the attackers numerous, often unrealistic, advantages, only to see the attacks fail against glitch-resistant masking schemes.

show abstract

Fault Sensitivity Analysis Meets Zero-Value Attack

Cited by 8 publications

References 21 publications

All You Need Is Fault: Zero-Value Attacks on AES and a New λ-Detection M&M

All You Need Is Fault: Zero-Value Attacks on AES and a New λ-Detection M&M

Security and fault tolerance evaluation of TMR–QDI circuits

Glitch-Resistant Masking Schemes as Countermeasure Against Fault Sensitivity Analysis

Contact Info

Product

Resources

About