An Operation-Centered Approach to Fault Detection in Symmetric Cryptography Ciphers

One of the most effective ways of attacking a cryptographic device is by deliberate fault injection during computation, which allows retrieving the secret key with a small number of attempts. Several attacks on symmetric and public-key cryptosystems have been described in the literature and some dedicated error-detection techniques have been proposed to foil them. The proposed techniques are ad hoc ones and exploit specific properties of the cryptographic algorithms. In this paper, we propose a general framework for error detection in symmetric ciphers based on an operation-centered approach. We first enumerate the arithmetic and logic operations included in the cipher and analyze the efficacy and hardware complexity of several error-detecting codes for each such operation. We then recommend an error-detecting code for the cipher as a whole based on the operations it employs. We also deal with the trade-off between the frequency of checking for errors and the error coverage. We demonstrate our framework on a representative group of 11 symmetric ciphers. Our conclusions are supported by both analytical proofs and extensive simulation experiments

[1]  W. W. Peterson,et al.  Error-Correcting Codes. , 1962 .

[2]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[3]  Shai Halevi,et al.  MARS - a candidate cipher for AES , 1999 .

[4]  Israel Koren,et al.  Incorporating error detection and online reconfiguration into a regular architecture for the advanced encryption standard , 2005, 20th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT'05).

[5]  Colin D. Walter Data Integrity in Hardware for Modular Arithmetic , 2000, CHES.

[6]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[7]  D. Chaum,et al.  Di(cid:11)erential Cryptanalysis of the full 16-round DES , 1977 .

[8]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[9]  Israel Koren,et al.  Detecting and locating faults in VLSI implementations of the Advanced Encryption Standard , 2003, Proceedings 18th IEEE Symposium on Defect and Fault Tolerance in VLSI Systems.

[10]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[11]  Jeff Gilchrist,et al.  The CAST-256 Encryption Algorithm , 1999, RFC.

[12]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[13]  Michael Nicolaidis,et al.  Fault-Secure Parity Prediction Booth Multipliers , 1999, IEEE Des. Test Comput..

[14]  Brian R. Gladman A Specification for Rijndael, the AES Algorithm , 2001 .

[15]  Ramesh Karri,et al.  Concurrent Error Detection Schemes for Involution Ciphers , 2004, CHES.

[16]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[17]  Ralph Howard,et al.  Data encryption standard , 1987 .

[18]  Régis Leveugle,et al.  Designing Resistant Circuits against Malicious Faults Injection Using Asynchronous Logic , 2006, IEEE Transactions on Computers.

[19]  Israel Koren,et al.  Detecting faults in four symmetric key block ciphers , 2004, Proceedings. 15th IEEE International Conference on Application-Specific Systems, Architectures and Processors, 2004..

[20]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[21]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[22]  I. Koren,et al.  Fault Diagnosis and Tolerance in Cryptography , 2006 .

[23]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[24]  Israel Koren,et al.  Fault Diagnosis and Tolerance in Cryptography, Third International Workshop, FDTC 2006, Yokohama, Japan, October 10, 2006, Proceedings , 2006, FDTC.

[25]  Ramesh Karri,et al.  Fault-based side-channel cryptanalysis tolerant Rijndael symmetric block cipher architecture , 2001, Proceedings 2001 IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems.

[26]  Ramesh Karri,et al.  Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers , 2003, CHES.

[27]  Israel Koren Computer arithmetic algorithms , 1993 .

[28]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[29]  Håvard Raddum Cryptanalysis of IDEA-X/2 , 2003, FSE.

[30]  Israel Koren,et al.  Concurrent fault detection in a hardware implementation of the RC5 encryption algorithm , 2003, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors. ASAP 2003.

[31]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[32]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[33]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.