Analyzing the Efficiency of Biased-Fault Based Attacks

In this letter, we analyze a class of recently proposed fault analysis techniques, which adopt a biased fault model. The purpose of our analysis is to evaluate the relative efficiency of several recently proposed biased-fault attacks. We compare the relative performance of each technique in a common framework, using a common circuit and a common fault injection method. We show that, for an identical circuit and fault injection method (setup time violation through clock glitching), the number of faults per attack greatly varies according to the analysis technique. In particular, DFIA is more efficient than FSA, and FSA is more efficient than both NUEVA and NUFVA. In terms of number of fault injections until full key disclosure, for a typical case, FSA uses 8x more faults than DFIA, and NUEVA uses 33x more faults than DFIA. Hence, the postprocessing technique selected in a biased-fault attack has a significant impact on the success of the attack.

[1]  Michael Hutter,et al.  The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[2]  Ingrid Verbauwhede,et al.  Hardware Designer's Guide to Fault Attacks , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[3]  Marc Joye,et al.  Fault Analysis in Cryptography , 2012, Information Security and Cryptography.

[4]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[5]  Christophe Clavier Attacking Block Ciphers , 2012, Fault Analysis in Cryptography.

[6]  Akashi Satoh,et al.  A Compact Rijndael Hardware Architecture with S-Box Optimization , 2001, ASIACRYPT.

[7]  Alessandro Barenghi,et al.  Low Voltage Fault Attacks on the RSA Cryptosystem , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[8]  Jasper G. J. van Woudenberg,et al.  Practical Optical Fault Injection on Secure Microcontrollers , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[9]  David Naccache,et al.  When Clocks Fail: On Critical Paths and Clock Faults , 2010, CARDIS.

[10]  N. Homma,et al.  Feasibility of fault analysis based on intentional electromagnetic interference , 2012, 2012 IEEE International Symposium on Electromagnetic Compatibility.

[11]  B. Robisson,et al.  Investigation of timing constraints violation as a fault injection means , 2012 .

[12]  Yang Li,et al.  Yet Another Fault-Based Leakage in Non-uniform Faulty Ciphertexts , 2013, FPS.

[13]  Nahid Farhady Ghalaty,et al.  Analyzing and eliminating the causes of fault sensitivity analysis , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[14]  Nahid Farhady Ghalaty,et al.  Differential Fault Intensity Analysis , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[15]  Akashi Satoh,et al.  An Optimized S-Box Circuit Architecture for Low Power AES Design , 2002, CHES.

[16]  Jean-Max Dutertre,et al.  A DFA on AES Based on the Entropy of Error Distributions , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[17]  Debdeep Mukhopadhyay,et al.  A Biased Fault Attack on the Time Redundancy Countermeasure for AES , 2015, COSADE.

[18]  Adrian Thillard,et al.  Fault Attacks on AES with Faulty Ciphertexts Only , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.