Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits

Fault sensitivity analysis (FSA) is a side-channel attack method that injects faults to cryptographic circuits through clock glitching and applies statistical analysis to deduce sensitive data such as the cryptographic key. It exploits the correlation between the circuit’s signal path delays and sensitive data. A countermeasure, in this case, is an alternative implementation of the circuit where signal path delays are made independent of the sensitive data. However, manually developing such countermeasure is tedious and error prone. In this paper, we propose a method for synthesizing the countermeasure automatically to defend against FSA attacks. Our method uses a syntax-guided inductive synthesis procedure combined with a light-weight static analysis. Given a circuit and a set of sensitive signals as input, it returns a functionally-equivalent and FSA-resistant circuit as output, where all path delays are made independent of the sensitive signals. We have implemented our method and evaluated it on a set of cryptographic circuits. Our experiments show that the method is both scalable and effective in eliminating FSA vulnerabilities.

[1]  Yang Li,et al.  A Silicon-Level Countermeasure Against Fault Sensitivity Analysis and Its Evaluation , 2015, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[2]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[3]  Paolo Ienne,et al.  A first step towards automatic application of power analysis countermeasures , 2011, 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC).

[4]  Georg Sigl,et al.  Ciphertext-Only Fault Attacks on PRESENT , 2014, LightSec.

[5]  Takeshi Sugawara,et al.  A Configurable On-Chip Glitchy-Clock Generator for Fault Injection Experiments , 2012, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Christof Paar,et al.  KeeLoq and Side-Channel Analysis-Evolution of an Attack , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[7]  Rajeev Alur,et al.  Syntax-guided synthesis , 2013, 2013 Formal Methods in Computer-Aided Design.

[8]  Sumit Gulwani,et al.  Program analysis as constraint solving , 2008, PLDI '08.

[9]  Chao Wang,et al.  An SMT Based Method for Optimizing Arithmetic Computations in Embedded Software Code , 2013, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[10]  Adrian Thillard,et al.  Fault Attacks on AES with Faulty Ciphertexts Only , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[11]  Patrick Schaumont,et al.  Formal Verification of Software Countermeasures against Side-Channel Attacks , 2014, ACM Trans. Softw. Eng. Methodol..

[12]  Patrick Schaumont,et al.  Quantitative Masking Strength: Quantifying the Power Side-Channel Resistance of Software Code , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[13]  Akashi Satoh,et al.  An Optimized S-Box Circuit Architecture for Low Power AES Design , 2002, CHES.

[14]  Benjamin Grégoire,et al.  Synthesis of Fault Attacks on Cryptographic Implementations , 2014, IACR Cryptol. ePrint Arch..

[15]  Chao Wang,et al.  Synthesis of Masking Countermeasures against Side Channel Attacks , 2014, CAV.

[16]  Michael Tunstall,et al.  Harnessing Biased Faults in Attacks on ECC-Based Signature Schemes , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[17]  Sumit Gulwani,et al.  Synthesis of loop-free programs , 2011, PLDI '11.

[18]  Armando Solar-Lezama,et al.  Program sketching , 2012, International Journal on Software Tools for Technology Transfer.

[19]  Giovanni Agosta,et al.  A code morphing methodology to automate power analysis countermeasures , 2012, DAC Design Automation Conference 2012.

[20]  Nahid Farhady Ghalaty,et al.  Analyzing and eliminating the causes of fault sensitivity analysis , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[21]  Fabio Somenzi,et al.  Logic synthesis and verification algorithms , 1996 .

[22]  Ruzica Piskac,et al.  Software synthesis procedures , 2012, Commun. ACM.

[23]  Nahid Farhady Ghalaty,et al.  TVVF: Estimating the vulnerability of hardware cryptosystems against timing violation attacks , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[24]  Nasour Bagheri,et al.  New differential fault analysis on PRESENT , 2013, EURASIP Journal on Advances in Signal Processing.

[25]  Robert K. Brayton,et al.  ABC: An Academic Industrial-Strength Verification Tool , 2010, CAV.

[26]  Joan Boyar,et al.  A Small Depth-16 Circuit for the AES S-Box , 2012, SEC.

[27]  Changhoon Lee,et al.  Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks , 2013, EURASIP J. Wirel. Commun. Netw..

[28]  Nahid Farhady Ghalaty,et al.  Differential Fault Intensity Analysis , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[29]  Patrick Schaumont,et al.  SMT-Based Verification of Software Countermeasures against Side-Channel Attacks , 2014, TACAS.

[30]  Yang Li,et al.  Fault Sensitivity Analysis Against Elliptic Curve Cryptosystems , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[31]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[32]  Ingrid Verbauwhede,et al.  Power Analysis of Atmel CryptoMemory - Recovering Keys from Secure EEPROMs , 2012, CT-RSA.

[33]  Nahid Farhady Ghalaty,et al.  Differential Fault Intensity Analysis on PRESENT and LED Block Ciphers , 2015, COSADE.

[34]  Tao Wang,et al.  Algebraic Differential Fault Attacks on LED using a Single Fault Injection , 2012, IACR Cryptol. ePrint Arch..

[35]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[36]  Alessandro Barenghi,et al.  On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs , 2011, CCS '11.

[37]  Mitsugu Iwamoto,et al.  Practical DFA Strategy for AES Under Limited-access Conditions , 2014, J. Inf. Process..

[38]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[39]  Ramkumar Natarajan Differential CryptAnalysis , 2022 .

[40]  Michael Tunstall,et al.  Compiler Assisted Masking , 2012, CHES.

[41]  Patrick Schaumont,et al.  QMS: Evaluating the side-channel resistance of masked software from source code , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).