Hardware Designer's Guide to Fault Attacks

Karaklajic, Dusko; Schmidt, Jörn-Marc; Verbauwhede, Ingrid

doi:10.1109/tvlsi.2012.2231707

Cited by 145 publications

(74 citation statements)

References 92 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Low-cost fault attack either manipulates the clock or the power supply [15]. By lowering the supply voltage or increasing the clock frequency, the critical path should fail first.…”

Section: Security Analysis Against Dfamentioning

confidence: 99%

NREPO: Normal basis Recomputing with Permuted Operands

Guo

Mukhopadhyay

Jin

et al. 2014

2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)

View full text Add to dashboard Cite

Abstract. Hardware implementations of cryptographic algorithms are vulnerable to natural and malicious faults. Concurrent Error Detection (CED) can be used to detect these faults. We present NREPO, a CED which does not require redundant computational resources in the design. Therefore, one can integrate it when computational resources are scarce or when the redundant resources are difficult to harness for CED. We integrate NREPO in a low-cost Advanced Encryption Standard (AES) implementation with 8-bit datapath. We show that NREPO has 25 and 50 times lower fault miss rate than robust code and parity, respectively. The area, throughput, and power are compared with other CEDs on 45nm ASIC. The hardware overhead of NREPO is 34.9%. The throughput and power are 271.6Mbps and 1579.3µW , respectively. One can also implement NREPO in other cryptographic algorithms.

show abstract

“…Low-cost fault attack either manipulates the clock or the power supply [15]. By lowering the supply voltage or increasing the clock frequency, the critical path should fail first.…”

Section: Security Analysis Against Dfamentioning

confidence: 99%

NREPO: Normal basis Recomputing with Permuted Operands

Guo

Mukhopadhyay

Jin

et al. 2014

2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)

View full text Add to dashboard Cite

show abstract

“…Research on FA techniques has been very active in both academic and industrial communities in the past twenty years and has revealed many exploitable design weaknesses for almost all cryptosystems families [6]. This has contributed to introducing new design practices to secure implementations against fault attacks for hardware designs [7] as well as software for embedded processors [8].…”

Section: Introductionmentioning

confidence: 99%

An RTOS-based Fault Injection Simulator for Embedded Processors

Alimi¹,

Lahbib²,

Machhout³

et al. 2017

ijacsa

View full text Add to dashboard Cite

Abstract-Evaluating embedded systems vulnerability to faults injection attacks has gained importance in recent years due to the rising threats they bring to chips security. The task is particularly important for micro-controllers since they have lower resistance to fault attacks compared to hardware-based cryptosystems. This paper reviews recent embedded fault injection simulators from literature and presents an embedded high-level fault injection mechanism based on a Real-Time Operating System (RTOS). The approach aims to be architecture-independent and portable to 32-bit microcontrollers and embedded processors. The proposed mechanism, primarily targets realistic fault attack scenarios on memory locations, is adapted to timed and event-based fault injection. A Differential Fault Attack (DFA) was mounted on a popular ARM-based micro-controller running FreeRTOS to illustrate the proposed mechanism. The aim is also to bridge the embedded fault injection simulation mechanism efficiently to a computerbased cryptanalysis and to highlight the importance of physically protecting the memory and integrating data-specific countermeasures.

show abstract

“…This is known as differential fault analysis (DFA). DFA has been demonstrated to be practical, and inexpensive [8,29]. Several DFAs have been shown by injecting clock glitches [2,7,47]; such shortening corrupts a single byte or multiple bytes.…”

Section: Introductionmentioning

confidence: 99%

Security analysis of concurrent error detection against differential fault analysis

et al. 2014

View full text Add to dashboard Cite

Differential fault analysis (DFA) poses a significant threat to advanced encryption standard (AES). Only a single faulty ciphertext is required to extract the secret key. Concurrent error detection (CED) is widely used to protect AES against DFA. Traditionally, these CEDs are evaluated with uniformly distributed faults, the resulting fault coverage indicates the security of CEDs against DFA. However, DFA-exploitable faults, which are a small subspace of the entire fault space, are not uniformly distributed. Therefore, fault coverage does not accurately measure the security of the CEDs against DFA. We provide a systematic study of DFA of AES and show that an attacker can inject biased faults to improve the success rate of the attacks. We propose fault entropy (FE) and fault differential entropy (FDE) to evaluate CEDs. We show that most CEDs with high fault coverage are not secure when evaluated with FE and FDE. This work challenges the traditional use of fault coverage for uniformly distributed faults as a metric for evaluating the security of CEDs against DFA.

show abstract

Hardware Designer's Guide to Fault Attacks

Cited by 145 publications

References 92 publications

NREPO: Normal basis Recomputing with Permuted Operands

NREPO: Normal basis Recomputing with Permuted Operands

An RTOS-based Fault Injection Simulator for Embedded Processors

Security analysis of concurrent error detection against differential fault analysis

Contact Info

Product

Resources

About