Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures

Implementation attacks like side-channel and fault attacks are a threat to deployed devices especially if an attacker has physical access. As a consequence, devices like smart cards and IoT devices usually provide countermeasures against implementation attacks, such as masking against side-channel attacks and detection-based countermeasures like temporal or spacial redundancy against fault attacks. In this paper, we show how to attack implementations protected with both masking and detection-based fault countermeasures by using statistical ineffective fault attacks using a single fault induction per execution. Our attacks are largely unaffected by the deployed protection order of masking and the level of redundancy of the detection-based countermeasure. These observations show that the combination of masking plus error detection alone may not provide sufficient protection against implementation attacks.

[1]  Christophe Clavier,et al.  Secret External Encodings Do Not Prevent Transient Fault Analysis , 2007, CHES.

[2]  Stefan Mangard,et al.  An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order , 2017, CT-RSA.

[3]  Stefan Mangard,et al.  Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order , 2016, IACR Cryptol. ePrint Arch..

[4]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .

[5]  Thomas Peters,et al.  On Leakage-Resilient Authenticated Encryption with Decryption Leakages , 2017, IACR Trans. Symmetric Cryptol..

[6]  Joan Boyar,et al.  A depth-16 circuit for the AES S-box , 2011, IACR Cryptol. ePrint Arch..

[7]  Florian Mendel,et al.  Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes , 2016, ASIACRYPT.

[8]  Joos Vandewalle,et al.  An efficient nonlinear shift-invariant transformation , 1994 .

[9]  Florian Mendel,et al.  Exploiting Ineffective Fault Inductions on Symmetric Cryptography , 2018, IACR Cryptol. ePrint Arch..

[10]  Florian Mendel,et al.  Exploiting Ineffective Fault Inductions on Symmetric Cryptography , 2018, IACR Cryptol. ePrint Arch..

[11]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[12]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[13]  Debdeep Mukhopadhyay,et al.  Destroying Fault Invariant with Randomization - A Countermeasure for AES Against Differential Fault Attacks , 2014, CHES.

[14]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[15]  Bart Mennink,et al.  Optimal PRFs from Blockcipher Designs , 2017, IACR Trans. Symmetric Cryptol..

[16]  Vincent Rijmen,et al.  Efficient and First-Order DPA Resistant Implementations of Keccak , 2013, CARDIS.

[17]  Ingrid Verbauwhede,et al.  Consolidating Masking Schemes , 2015, CRYPTO.

[18]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[19]  Elena Trichina,et al.  Combinational Logic Design for AES SubByte Transformation on Masked Data , 2003, IACR Cryptol. ePrint Arch..

[20]  Adrian Thillard,et al.  Fault Attacks on AES with Faulty Ciphertexts Only , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[21]  Florian Mendel,et al.  ISAP - Towards Side-Channel Secure Authenticated Encryption , 2017, IACR Trans. Symmetric Cryptol..

[22]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[23]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[24]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[25]  Florian Mendel,et al.  Towards Fresh and Hybrid Re-Keying Schemes with Beyond Birthday Security , 2015, CARDIS.

[26]  Peter Schwabe,et al.  All the AES You Need on Cortex-M3 and M4 , 2016, SAC.

[27]  Tim Güneysu,et al.  ParTI - Towards Combined Hardware Countermeasures Against Side-Channel and Fault-Injection Attacks , 2016, CRYPTO.