On the Duality of Probing and Fault Attacks

In this work we investigate the problem of simultaneous privacy and integrity protection in cryptographic circuits. We consider a white-box scenario with a powerful, yet limited attacker. A concise metric for the level of probing and fault security is introduced, which is directly related to the capabilities of a realistic attacker. In order to investigate the interrelation of probing and fault security we introduce a common mathematical framework based on the formalism of information and coding theory. The framework unifies the known linear masking schemes. We proof a central theorem about the properties of linear codes which leads to optimal secret sharing schemes. These schemes provide the lower bound for the number of masks needed to counteract an attacker with a given strength. The new formalism reveals an intriguing duality principle between the problems of probing and fault security, and provides a unified view on privacy and integrity protection using error detecting codes. Finally, we introduce a new class of linear tamper-resistant codes. These are eligible to preserve security against an attacker mounting simultaneous probing and fault attacks.

[1]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[2]  Yuval Ishai,et al.  Private Circuits II: Keeping Secrets in Tamperable Circuits , 2006, EUROCRYPT.

[3]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[4]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[5]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[6]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[7]  Jörn-Marc Schmidt,et al.  A Probing Attack on AES , 2009, WISA.

[8]  Vitaly Ocheretny,et al.  New Methods of Concurrent Checking , 2008 .

[9]  Silvio Micali,et al.  Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering , 2004, TCC.

[10]  Rudolf Schlangen,et al.  Physical Techniques for Chip-Backside IC Debug in Nanotechnologies , 2008, IEEE Design & Test of Computers.

[11]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[12]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs : (Extended abstract) , 2001, CRYPTO 2001.

[13]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[14]  James L. Massey,et al.  Minimal Codewords and Secret Sharing , 1999 .

[15]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[16]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[17]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[18]  Jacques Stern,et al.  Probing Attacks on Tamper-Resistant Devices , 1999, CHES.

[19]  Michael Goessel,et al.  New Methods of Concurrent Checking (Frontiers in Electronic Testing) , 2008 .

[20]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[21]  M. Y. Hsiao,et al.  A class of optimal minimum odd-weight-column SEC-DED codes , 1970 .

[22]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[23]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[24]  Thomas M. Cover,et al.  Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing) , 2006 .

[25]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[26]  Thomas Siegenthaler,et al.  Correlation-immunity of nonlinear combining functions for cryptographic applications , 1984, IEEE Trans. Inf. Theory.