Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis

Clavier, Laurent; Feix,; Gagnerot,; Roussellet,

doi:10.1109/fdtc.2007.12

Cited by 59 publications

(33 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The first combined attack technique was reported by Amiel et al in [80]. In this work, the authors showed that it is possible to attack an RSA exponentiation that was protected against power analysis attacks using a balanced algorithm with message randomization, by inducing ad-hoc faults.…”

Section: Power and Fault Attacks Synergiesmentioning

confidence: 96%

Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures

et al. 2012

View full text Add to dashboard Cite

Abstract-Implementations of cryptographic algorithms continue to proliferate in consumer products due to the increasing demand for secure transmission of confidential information. Although the current standard cryptographic algorithms proved to withstand exhaustive attacks, their hardware and software implementations have exhibited vulnerabilities to side channel attacks, e.g., power analysis and fault injection attacks. This paper focuses on fault injection attacks that have been shown to require inexpensive equipment and a short amount of time. The paper provides a comprehensive description of these attacks on cryptographic devices and the countermeasures that have been developed against them.After a brief review of the widely used cryptographic algorithms, we classify the currently known fault injection attacks into low cost ones (which a single attacker with a modest budget can mount) and high cost ones (requiring highly skilled attackers with a large budget). We then list the attacks that have been developed for the important and commonly used ciphers and indicate which ones have been successfully used in practice. The known countermeasures against the previously described fault injection attacks are then presented, including intrusion detection and fault detection. We conclude the survey with a discussion on the interaction between fault injection attacks (and the corresponding countermeasures) and power analysis attacks.

show abstract

Section: Power and Fault Attacks Synergiesmentioning

confidence: 96%

Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures

et al. 2012

View full text Add to dashboard Cite

show abstract

“…Left-to-right atomic exponentiation algorithms seems particularly vulnerable to combined attacks [3,16]. In left-to-right algorithms, the value of one register, e.g.…”

Section: Efficiency and Security Evaluationmentioning

confidence: 99%

“…Our solution also allows dynamic randomization inside the exponentiation algorithm whereas other classical countermeasures often use only one randomization at the beginning of the exponentiation algorithm. This property can be useful in order to have a protection against the attack of Amiel et al in [1] or even combined attacks as presented in [3].…”

Section: Introductionmentioning

confidence: 99%

Redundant Modular Reduction Algorithms

Dupaquis¹

2011

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. We present modular reduction algorithms over finite fields of large characteristic that allow the use of redundant modular arithmetic. This technique provides constant time reduction algorithms. Moreover, it can also be used to strengthen the differential side-channel resistance of asymmetric cryptosystems. We propose modifications to the classic Montgomery and Barrett reduction algorithms in order to have efficient and resistant modular reduction methods. Our algorithms are called dynamic redundant reductions as random masks are intrinsically added within each reduction for a small overhead. This property is useful in order to thwart recent refined attacks on public key algorithms.

show abstract

“…They can be categorized into two types: passive attacks and active attacks [15]. Passive attacks are based on the observation of side-channel information such as the power consumption of the chip or its electromagnetic emanations.…”

Section: Types Of Attacksmentioning

confidence: 99%

Programmable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security

Guo

Fan

Schaumont

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Elliptic Curve Cryptography implementations are known to be vulnerable to various side-channel attacks and fault injection attacks, and many countermeasures have been proposed. However, selecting and integrating a set of countermeasures targeting multiple attacks into an ECC design is far from trivial. Security, performance and cost need to be considered together. In this paper, we describe a generic ECC coprocessor architecture, which is scalable and programmable. We demonstrate the coprocessor architecture with a set of countermeasures to address a collection of side-channel attacks and fault attacks. The programmable design of the coprocessor enables tradeoffs between area, speed, and security.

show abstract

Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis

Cited by 59 publications

References 22 publications

Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures

Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures

Redundant Modular Reduction Algorithms

Programmable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security

Contact Info

Product

Resources

About