On the Need of Randomness in Fault Attack Countermeasures - Application to AES

Lomné, Victor; Roche, Thomas; Thillard, Adrian

doi:10.1109/fdtc.2012.19

Cited by 71 publications

(47 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Infective countermeasures, on the other hand, avoid the use of comparison by diffusing the effect of the fault to render the ciphertext unexploitable. However, deterministic diffusion-based infective countermeasures are vulnerable to attack as demonstrated by Lomné et al [8]. A random variation of the infective countermeasure was proposed by Gierlichs et al [9].…”

Section: Introductionmentioning

confidence: 99%

Fault Tolerant Infective Countermeasure for AES

2017

View full text Add to dashboard Cite

Infective countermeasures have been a promising class of fault attack countermeasures. However, they have been subjected to several attacks owing to lack of formal proofs of security and improper implementations. In this paper, we first provide a formal information theoretic proof of security for one of the most recently proposed state of the art infective countermeasures against DFA, under the assumption that the adversary does not change the flow sequence or skip any instruction. Subsequently, we identify weaknesses in the infection mechanism of the countermeasure that could be exploited by attacks which change the flow sequence. Furthermore, we propose an augmented infective countermeasure scheme obtained by introducing suitable randomizations that reduce the success probabilities of such attacks. Finally, we develop a fault tolerant implementation of the countermeasure using the x86 instruction set to make any attacks which attempt to change the control flow of the algorithm via instruction skips practically infeasible. All the claims have been validated by supporting simulations and real-life experiments on a SASEBO-W platform. We also compare the fault tolerance provided by our proposed countermeasure scheme against that provided by the existing scheme.

show abstract

Section: Introductionmentioning

confidence: 99%

Fault Tolerant Infective Countermeasure for AES

2017

View full text Add to dashboard Cite

show abstract

“…Unfortunately, most existing countermeasures are very difficult to defense double fault attacks which can bypass the existing infection mechanisms [4,7]. This is because the most commonly used infection mechanisms are based on the assumption of the signal fault [4,5,7].…”

Section: Introductionmentioning

confidence: 99%

“…This is because the most commonly used infection mechanisms are based on the assumption of the signal fault [4,5,7]. What is worse, with the significantly improving accuracy of fault injections in recent years, it has become possible to carry on double fault attacks at a certain time [9,10].…”

Section: Introductionmentioning

confidence: 99%

“…The idea of infection countermeasures is to make faulty ciphertexts unexploitable by diffusing the effect of a fault. But the paper [7] have pointed out only using infection mechanism without introducing the idea of randomization was not enough to resist fault attacks. In 2012, Gierlichs et al [8] proposed an infection countermeasure using of dummy rounds and redundant computation with consistency checks to prevent fault attacks.…”

Section: Introductionmentioning

confidence: 99%

“…But as the detection position is related to the data being processed [5], the comparison step itself is prone to fault attacks. The other ones based on infection [6,7]. The idea of infection countermeasures is to make faulty ciphertexts unexploitable by diffusing the effect of a fault.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Against fault attacks based on random infection mechanism

Zhang

et al. 2016

IEICE Electron. Express

View full text Add to dashboard Cite

Fault attack is a very effective way to crack the key for cipher chip. Among existing fault attack countermeasures, the infection countermeasures are very effective means, but, most existing infection countermeasures are based on the single fault assumption, and the accuracy of fault injections has significantly improved in the late years, it has become possible to implementation of double fault attacks in specific circuit regions, and it is, therefore, flawed in the resistance to double fault attacks. Aim at the flawed mentioned, this paper proposes a countermeasure called random infection mechanism to resist fault attacks. We use the encryption/decryption circuit to construct the fault diffusion pattern and avoid under the possibility of double error attacks. Furthermore, in order to against single byte fault attacks, we introduce random numbers to make the fault diffusion randomization. Experiments are carried out to verify the proposed algorithm and the results show that the proposed random infection mechanism can resist fault attacks effectively including single byte error attacks.

show abstract