Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output

Gierlichs, Benedikt; Schmidt, Jörn-Marc; Tunstall, Michael

doi:10.1007/978-3-642-33481-8_17

Cited by 81 publications

(62 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This attack can said to be successful when the attacker will be able to know the plaintext from the cipher text he knows. Mainly encryption key can be known with the help of this attack Morden cryptosystem are guarded against COA [15].…”

Section: Bitsmentioning

confidence: 99%

Fault analysis in cryptography

Mrabet¹,

Page

Vercauteren³

2017

IJLTET

View full text Add to dashboard Cite

Section: Bitsmentioning

confidence: 99%

Fault analysis in cryptography

Mrabet¹,

Page

Vercauteren³

2017

IJLTET

View full text Add to dashboard Cite

“…Recently Gierlichs et al [18] and then Tupsamudre et al [39] published an AES countermeasure that consists in infecting the result in the presence of fault in order to make it nonexploitable by an attacker.…”

Section: Introductionmentioning

confidence: 99%

Using linear codes as a fault countermeasure for nonlinear operations: application to AES and formal verification

Azzi

Barras²,

Christofi³

et al. 2016

J Cryptogr Eng

View full text Add to dashboard Cite

Recently, Bringer et al. [10] introduced a new countermeasure based on linear codes. This elegant design aims at protecting advanced encryption standard against both side-channel attacks and fault attacks (FA). However, the fault detection during nonlinear operations (for example SubBytes operation) was left as an open question. The present work studies how linear systematic error correcting codes can simply be used to detect fault injections during nonlinear operations in a symmetric block cipher. In particular, for the faults that cause errors with limited Hamming weight, this method can lead to interesting detection capabilities. Considering this way of protecting AES encryption against FA, a concrete implementation is presented. For a given fault model, a methodology of formal verification is applied to some parts of this implementation, assessing the fault resistance of one linear operation AddRoundKey and one nonlinear operation SubBytes.

show abstract

“…However, deterministic diffusion-based infective countermeasures are vulnerable to attack as demonstrated by Lomné et al [8]. A random variation of the infective countermeasure was proposed by Gierlichs et al [9]. However, the infection method employed by this countermeasure has a number of shortcomings, as demonstrated by Battistello and Giraud [10], and in greater detail by Tupsamudre et al [11].…”

Section: Introductionmentioning

confidence: 99%

“…However, the infection method employed by this countermeasure has a number of shortcomings, as demonstrated by Battistello and Giraud [10], and in greater detail by Tupsamudre et al [11]. Tupsamudre et al have also proposed an improved infective countermeasure that avoids all the pitfalls of [9] and is claimed to thwart DFA.…”

Section: Introductionmentioning

confidence: 99%

Fault Tolerant Infective Countermeasure for AES

2017

View full text Add to dashboard Cite

Infective countermeasures have been a promising class of fault attack countermeasures. However, they have been subjected to several attacks owing to lack of formal proofs of security and improper implementations. In this paper, we first provide a formal information theoretic proof of security for one of the most recently proposed state of the art infective countermeasures against DFA, under the assumption that the adversary does not change the flow sequence or skip any instruction. Subsequently, we identify weaknesses in the infection mechanism of the countermeasure that could be exploited by attacks which change the flow sequence. Furthermore, we propose an augmented infective countermeasure scheme obtained by introducing suitable randomizations that reduce the success probabilities of such attacks. Finally, we develop a fault tolerant implementation of the countermeasure using the x86 instruction set to make any attacks which attempt to change the control flow of the algorithm via instruction skips practically infeasible. All the claims have been validated by supporting simulations and real-life experiments on a SASEBO-W platform. We also compare the fault tolerance provided by our proposed countermeasure scheme against that provided by the existing scheme.

show abstract

Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output

Cited by 81 publications

References 25 publications

Fault analysis in cryptography

Fault analysis in cryptography

Using linear codes as a fault countermeasure for nonlinear operations: application to AES and formal verification

Fault Tolerant Infective Countermeasure for AES

Contact Info

Product

Resources

About