论文信息 - To Exploit Fault Injection on Non-injective Sboxes

To Exploit Fault Injection on Non-injective Sboxes

Differential Fault Analysis (DFA) attacks are well known to cryptanalyse embedded cryptographic algorithms. However, efficient countermeasures exist and most devices are now secured against this kind of attacks. In the same way, Safe Error attacks avoid most of DFA countermeasures but they can not break a masked implementation. In this paper, we introduce a new fault attack which takes advantage of both kinds of attack and which is efficient with all countermeasures detecting the fault. We illustrate this attack on the DES Sboxes, even if it applies on all non-injective Sboxes. First, we provide a short reminder of DES, we introduce previous attacks performed on it and we present some existing mechanisms to defend it against these threats. Then, we introduce our attack which consists in injecting faults that nullify after passing in the SBoxes of the first round and allows retrieving the key of a secure DES implementation. We continue by presenting the simulated results of our attack. Finally, we detail the results of our attack realised on a DES implemented on a smart card thus confirming its practical feasibility.

Nicolas Debande | Guillaume Bethouart

[1] Ludger Hemme,et al. A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[2] Bruno Robisson,et al. Differential Behavioral Analysis , 2007, CHES.

[3] Richard J. Lipton,et al. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[4] Christophe Clavier,et al. Secret External Encodings Do Not Prevent Transient Fault Analysis , 2007, CHES.

[5] Shubhendu S. Mukherjee,et al. Transient fault detection via simultaneous multithreading , 2000, Proceedings of 27th International Symposium on Computer Architecture (IEEE Cat. No.RS00201).

[6] Jason Smith,et al. The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[7] Luk Bettale. Secure Multiple SBoxes Implementation with Arithmetically Masked Input , 2012, CARDIS.

[8] Claude Carlet,et al. PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance , 2012, ACNS.

[9] Marc Joye,et al. Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[10] Matthieu Rivain,et al. Differential Fault Analysis on DES Middle Rounds , 2009, CHES.

[11] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[12] Michael Tunstall,et al. Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output , 2012, LATINCRYPT.