Optimizing Electromagnetic Fault Injection with Genetic Algorithms

Fault injection is a serious threat for implementations of cryptography, especially on small embedded devices. In particular, electromagnetic fault injection (EMFI) is a powerful active attack, requiring minimal modifications on the device under attack while having excellent penetration capabilities. The challenge is in finding the right combination of the attack parameters and their values. Namely, the number of possible combinations (for all the values of relevant parameters) is typically huge and rendering exhaustive search impossible.

[1]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[2]  Philippe Maurine,et al.  An EM Fault Injection Susceptibility Criterion and Its Application to the Localization of Hotspots , 2017, CARDIS.

[3]  Olivier Markowitch,et al.  Side channel attack: an approach based on machine learning , 2011 .

[4]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[5]  Philippe Maurine,et al.  EM Injection: Fault Model and Locality , 2015, 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[6]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[7]  Liwei Zhang,et al.  Differential Fault Analysis of SHA-3 Under Relaxed Fault Models , 2017, IACR Cryptol. ePrint Arch..

[8]  Thomas Wahl,et al.  Algebraic Fault Analysis of SHA-3 Under Relaxed Fault Models , 2018, IEEE Transactions on Information Forensics and Security.

[9]  Lejla Batina,et al.  Practical Fault Injection on Deterministic Signatures: The Case of EdDSA , 2018, AFRICACRYPT.

[10]  Lejla Batina,et al.  Fault Injection with a New Flavor: Memetic Algorithms Make a Difference , 2015, COSADE.

[11]  Liwei Zhang,et al.  Differential Fault Analysis of SHA3-224 and SHA3-256 , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[12]  Colin O'Flynn,et al.  Fault Injection using Crowbars on Embedded Systems , 2016, IACR Cryptol. ePrint Arch..

[13]  Sylvain Guilley,et al.  Side-channel analysis and machine learning: A practical perspective , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[14]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[15]  Lejla Batina,et al.  Glitch It If You Can: Parameter Search Strategies for Successful Fault Injection , 2013, CARDIS.

[16]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[17]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[18]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[19]  Lejla Batina,et al.  Evolving genetic algorithms for fault injection attacks , 2014, 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[20]  Cécile Canovas,et al.  Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures - Profiling Attacks Without Pre-processing , 2017, CHES.

[21]  Honorio Martín,et al.  Fault Attacks on STRNGs: Impact of Glitches, Temperature, and Underpowering on Randomness , 2015, IEEE Transactions on Information Forensics and Security.

[22]  Nasour Bagheri,et al.  Differential Fault Analysis of SHA-3 , 2015, INDOCRYPT.

[23]  Amir Moradi,et al.  Impeccable Circuits , 2020, IEEE Transactions on Computers.