Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis

Side-channel attacks have been deeply studied for years to ensure the tamper resistance of embedded implementations. Analysis are most of the time focused either on passive attack (side channel attack) or on active attacks (fault attack). In this article, a combination of both attacks is presented. It is named PACA for Passive and Active Combined Attacks. This new class of attacks allows us to recover the secret key with only one curve of leakages. Practical results on a secure implementation of RSA have been obtained and are presented here. Finally, a new kind of infective methodology is defined and countermeasures to counteract this type of analysis are introduced.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[3]  Arjen K. Lenstra Memo on RSA signature generation in the presence of faults , 1996 .

[4]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[5]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[6]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[7]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[8]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[9]  Paul Dischamp,et al.  Power Analysis, What Is Now Possible , 2000, ASIACRYPT.

[10]  Jean-Sébastien Coron,et al.  On Boolean and Arithmetic Masking against Differential Power Analysis , 2000, CHES.

[11]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[12]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[13]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[14]  Erik Knudsen,et al.  Ways to Enhance Differential Power Analysis , 2002, ICISC.

[15]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[16]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[17]  Jean-Pierre Seifert,et al.  A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[18]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[19]  Christophe Giraud,et al.  A Survey on Fault Attacks , 2004, CARDIS.

[20]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[21]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[22]  JaeCheol Ha,et al.  Power Analysis by Exploiting Chosen Message and Internal Collisions - Vulnerability of Checking Mechanism for RSA-Decryption , 2005, Mycrypt.

[23]  M. Joye,et al.  Practical Fault Countermeasures for Chinese Remaindering Based RSA ( Extended Abstract ) , 2005 .

[24]  Jean-Pierre Seifert,et al.  On authenticated computing and RSA-based authentication , 2005, CCS '05.

[25]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[26]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[27]  Mark G. Karpovsky,et al.  DPA on Faulty Cryptographic Hardware and Countermeasures , 2006, FDTC.

[28]  Christophe Giraud,et al.  An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis , 2006, IEEE Transactions on Computers.

[29]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[30]  Sergei P. Skorobogatov Optically Enhanced Position-Locked Power Analysis , 2006, CHES.

[31]  Christophe Clavier,et al.  Why One Should Also Secure RSA Public Key Elements , 2006, CHES.