Exploration of Benes Network in Cryptographic Processors: A Random Infection Countermeasure for Block Ciphers Against Fault Attacks

Traditional detection countermeasures against fault attacks have been criticized as insecure because of the fragile comparison operation that can be maliciously bypassed. In order to avoid the comparison, infection countermeasures have been designed to confuse the faulty ciphertexts so that the output cannot be further explored. This paper presents an infection method that resists fault attacks using the existing Benes network module in high-performance crypto processors. The Benes network is originally used to accelerate permutation operations in block ciphers. The hamming weight of the differential results is balanced by modifying specific network switches, without changing the network topology. A further confusion is performed to destroy the determinacy by configuring part of the network with a random bit-stream. Furthermore, a statistical evaluation method is presented to quantitatively verify the proposed countermeasure in addition to a formal proof of security. This also provides a new concept for the evaluation of future random-enhanced infection methods. Experiments are carried out using Advanced Encryption Standard (AES), triple Data Encryption Standard (DES), and Camellia as examples. Under statistical evaluation, the results show that the proposed countermeasure improves the fault resistance by over four orders of magnitude compared with the unprotected case. Also, the performance and the area overhead are within 10% compared with the original Benes network.

[1]  Lilian Bossuet,et al.  Architectures of flexible symmetric key crypto engines—a survey: From hardware coprocessor to multi-crypto-processor system on chip , 2013, CSUR.

[2]  Mitsuru Matsui,et al.  Speci cation of Camellia | a 128-bit Block Cipher , 2001 .

[3]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[4]  V. Benes Optimal rearrangeable multistage connecting networks , 1964 .

[5]  Bruno Robisson,et al.  Design and characterisation of an AES chip embedding countermeasures , 2011, Int. J. Intell. Eng. Informatics.

[6]  Debdeep Mukhopadhyay,et al.  Differential fault analysis of AES: towards reaching its limits , 2013, Journal of Cryptographic Engineering.

[7]  Himanshu Kaul,et al.  2.4 Gbps, 7 mW All-Digital PVT-Variation Tolerant True Random Number Generator for 45 nm CMOS High-Performance Microprocessors , 2012, IEEE Journal of Solid-State Circuits.

[8]  Karine Heydemann,et al.  Formal verification of a software countermeasure against instruction skip attacks , 2013, Journal of Cryptographic Engineering.

[9]  Debdeep Mukhopadhyay,et al.  Using State Space Encoding To Counter Biased Fault Attacks on AES Countermeasures , 2015, IACR Cryptol. ePrint Arch..

[10]  Giorgio Di Natale,et al.  Laser-induced fault effects in security-dedicated circuits , 2014, 2014 22nd International Conference on Very Large Scale Integration (VLSI-SoC).

[11]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[12]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[13]  Tse-Yun Feng,et al.  On a Class of Multistage Interconnection Networks , 1980, IEEE Transactions on Computers.

[14]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[15]  Andrey Bogdanov,et al.  Cryptanalysis of Two Fault Countermeasure Schemes , 2015, INDOCRYPT.

[16]  Christophe Giraud,et al.  Fault Analysis of Infective AES Computations , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[17]  Ruby B. Lee Precision architecture , 1989, Computer.

[18]  Dipanwita Roy Chowdhury,et al.  Preventing Fault Attacks Using Fault Randomization with a Case Study on AES , 2017, ACISP.

[19]  Michael Tunstall,et al.  Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output , 2012, LATINCRYPT.

[20]  Ingrid Verbauwhede,et al.  Hardware Designer's Guide to Fault Attacks , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[21]  Michael Portz,et al.  On the Use of Interconnection Networks in Cryptography , 1991, EUROCRYPT.

[22]  Adrian Thillard,et al.  On the Need of Randomness in Fault Attack Countermeasures - Application to AES , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[23]  Jean-Max Dutertre,et al.  A side-channel and fault-attack resistant AES circuit working on duplicated complemented values , 2011, 2011 IEEE International Solid-State Circuits Conference.

[24]  Marc Snir,et al.  A Unified Theory of Interconnection Network Structure , 1986, Theor. Comput. Sci..

[25]  Ramesh Karri,et al.  Recomputing with Permuted Operands: A Concurrent Error Detection Approach , 2013, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[26]  Ruby B. Lee,et al.  Efficient permutation instructions for fast software cryptography , 2001 .

[27]  Debdeep Mukhopadhyay,et al.  A Biased Fault Attack on the Time Redundancy Countermeasure for AES , 2015, COSADE.

[28]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[29]  Ellis Horowitz,et al.  Fundamentals of Computer Algorithms , 1978 .

[30]  Benedikt Heinz,et al.  Localized Electromagnetic Analysis of Cryptographic Implementations , 2012, CT-RSA.

[31]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[32]  Alessandro Barenghi,et al.  Fault attack on AES with single-bit induced faults , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[33]  Yang Li,et al.  New Fault-Based Side-Channel Attack Using Fault Sensitivity , 2012, IEEE Transactions on Information Forensics and Security.

[34]  William Stallings,et al.  Network Security Essentials: Applications and Standards , 1999 .

[35]  Jasper G. J. van Woudenberg,et al.  Practical Optical Fault Injection on Secure Microcontrollers , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[36]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[37]  Debdeep Mukhopadhyay,et al.  Fault Tolerant Infective Countermeasure for AES , 2015, IACR Cryptol. ePrint Arch..

[38]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[39]  Marc Joye,et al.  Strengthening hardware AES implementations against fault attacks , 2007, IET Inf. Secur..

[40]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.