Fault Based Cryptanalysis of the Advanced Encryption Standard (AES)

In this paper we describe several fault attacks on the Ad- vanced Encryption Standard (AES). First, using optical/eddy current fault induction attacks as recently publicly presented by Skorobogatov, Anderson and Quisquater, Samyde (SA,QS), we present an implemen- tation independent fault attack on AES. This attack is able to deter- mine the complete 128-bit secret key of a sealed tamper-proof smart- card by generating 128 faulty cipher texts. Second, we present several implementation-dependent fault attacks on AES. These attacks rely on the observation that due to the AES's known timing analysis vulnera- bility (as pointed out by Koeune and Quisquater (KQ)), any implemen- tation of the AES must ensure a data independent timing behavior for the so called AES's xtime operation. We present fault attacks on AES based on various timing analysis resistant implementations of the xtime- operation. Our strongest attack in this direction uses a very liberal fault model and requires only 256 faulty encryptions to determine a 128-bit key.

[1]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[2]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[3]  Akashi Satoh,et al.  A Compact Rijndael Hardware Architecture with S-Box Optimization , 2001, ASIACRYPT.

[4]  Peter Gutmann,et al.  Data Remanence in Semiconductor Devices , 2001, USENIX Security Symposium.

[5]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[6]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[7]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[8]  Neil Weste,et al.  Principles of CMOS VLSI Design , 1985 .

[9]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[10]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[11]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[12]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[13]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[14]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[15]  Bart Preneel,et al.  Topics in Cryptology — CT-RSA 2002 , 2002, Lecture Notes in Computer Science.

[16]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[17]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[18]  Jean-Sébastien Coron,et al.  Statistics and secret leakage , 2000, TECS.

[19]  David Paul Maher Fault Induction Attacks, Tamper Resistance, and Hostile Reverse Engineering in Perspective , 1997, Financial Cryptography.

[20]  Yuliang Zheng,et al.  Breaking real-world implementations of cryptosys-tems by manipulating their random number generation , 1997 .

[21]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[22]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[23]  Suresh Chari,et al.  A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards , 1999 .

[24]  Ivars Peterson,et al.  Chinks in digital armor: Exploiting faults to break smart‐card cryptosystems , 1997 .

[25]  Kwangjo Kim,et al.  Information Security and Cryptology — ICISC 2001 , 2002, Lecture Notes in Computer Science.

[26]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[27]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[28]  George S. Taylor,et al.  Improving smart card security using self-timed circuits , 2002, Proceedings Eighth International Symposium on Asynchronous Circuits and Systems.

[29]  Ramesh Karri,et al.  Concurrent error detection of fault-based side-channel cryptanalysis of 128-bit symmetric block ciphers , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[30]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[31]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[32]  Robert H. Deng,et al.  Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults , 1997, Security Protocols Workshop.

[33]  David M'Raïhi,et al.  Cryptographic smart cards , 1996, IEEE Micro.

[34]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[35]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[36]  Ali Esmaili,et al.  Probability and Random Processes , 2005, Technometrics.

[37]  Marc Joye,et al.  Chinese Remaindering Based Cryptosystems in the Presence of Faults , 1999, Journal of Cryptology.

[38]  Pascal Paillier Evaluating Differential Fault Analysis of Unknown Cryptosystems , 1999, Public Key Cryptography.

[39]  P. Kocher,et al.  Di erential Power Analysis , 1999 .

[40]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[41]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[42]  Seungjoo Kim,et al.  RSA Speedup with Residue Number System Immune against Hardware Fault Cryptanalysis , 2001, ICISC.

[43]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[44]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .