Exploiting Bitflip Detector for Non-invasive Probing and its Application to Ineffective Fault Analysis

Matsuda et al. proposed a countermeasure against laser fault injection that uses distributed on-chip sensors. The sensor raises an alarm by detecting an electrical phenomenon caused in conjunction with a bitflip. A cryptographic module can stop releasing a faulty ciphertext by using the alarm. In this paper, security and limitation of the countermeasure by Matsuda et al. is rigorously evaluated. We show that an attacker can get side-channel information by observing how the sensors react to laser fault injection. That enables the attacker to probe intermediate values in a chip non-invasively. On the one hand, under a chosen-plaintext setting, the laser-based probing enables to run the conventional probing attack on AES by Schmidt and Kim. On the other hand, under a ciphertextonly setting, the laser-based probing raises a new challenge: the attacker is given correct ciphertexts and corresponding singlebit probing results. We propose a new ineffective fault analysis against AES based on linear cryptanalysis that can be used in the above setting.

[1]  Assia Tria,et al.  Adjusting Laser Injections for Fully Controlled Faults , 2014, COSADE.

[2]  Jean-Pierre Seifert,et al.  Breaking and entering through the silicon , 2013, CCS.

[3]  Ingrid Verbauwhede,et al.  Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions , 2010, Towards Hardware-Intrinsic Security.

[4]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[5]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[6]  Jean-Max Dutertre,et al.  Fault Model Analysis of Laser-Induced Faults in SRAM Memory Cells , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[7]  Thomas Roche,et al.  Combined Fault and Side-Channel Attack on Protected Implementations of AES , 2011, CARDIS.

[8]  Giorgio Di Natale,et al.  Improving the ability of Bulk Built-In Current Sensors to detect Single Event Effects by using triple-well CMOS , 2014, Microelectron. Reliab..

[9]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[10]  Adrian Thillard,et al.  Fault Attacks on AES with Faulty Ciphertexts Only , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[11]  Tatsuya Fujii,et al.  On-chip substrate-bounce monitoring for laser-fault countermeasure , 2016, 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST).

[12]  Giorgio Di Natale,et al.  Customized cell detector for laser-induced-fault detection , 2014, 2014 IEEE 20th International On-Line Testing Symposium (IOLTS).

[13]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[14]  Marc Joye,et al.  Fault Analysis in Cryptography , 2012, Information Security and Cryptography.

[15]  Jörn-Marc Schmidt,et al.  A Probing Attack on AES , 2009, WISA.

[16]  Giorgio Di Natale,et al.  Sensitivity tuning of a bulk built-in current sensor for optimal transient-fault detection , 2013, Microelectron. Reliab..

[17]  Jacques Stern,et al.  Probing Attacks on Tamper-Resistant Devices , 1999, CHES.

[18]  Dawu Gu,et al.  Linear Fault Analysis of Block Ciphers , 2012, ACNS.

[19]  Christophe Clavier,et al.  Reverse Engineering of a Secret AES-like Cipher by Ineffective Fault Analysis , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[20]  Felix C. Freiling,et al.  Lest we forget: Cold-boot attacks on scrambled DDR3 memory , 2016, Digit. Investig..

[21]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.