Security characterisation of a hardened AES cryptosystem using a laser

The AES is a standard encryption algorithm used in numerous cryptographic systems like smart cards, TPMs as well as in protocols like WPA2 or OpenSSL. Measuring the robustness of AES implementations against physical attacks is of utmost import-ance in order to guarantee the security of the system into which the AES is used. In this article, we describe how a hardware AES, embedding countermeasures against physical attacks, has been characterized using a laser. With the latter, we tried to implement a class of physical attacks called fault attacks which, when successful, allows an attacker to retrieve the secret key used by the AES module. Our experiments have allowed us to validate the efficiency of some of the countermeasures implemented in this AES implementation and have given us hints on how to further improve them.

[1]  Debdeep Mukhopadhyay,et al.  An Improved Fault Based Attack of the Advanced Encryption Standard , 2009, AFRICACRYPT.

[2]  Christophe Giraud,et al.  Piret and Quisquater's DFA on AES Revisited , 2010, IACR Cryptol. ePrint Arch..

[3]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[4]  Yang Li,et al.  On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting , 2011, CHES.

[5]  Yongdae Kim,et al.  Information Security Applications , 2013, Lecture Notes in Computer Science.

[6]  Stefan Mangard,et al.  On the Duality of Probing and Fault Attacks , 2009, J. Electron. Test..

[7]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[8]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[9]  Jacques Stern,et al.  Probing Attacks on Tamper-Resistant Devices , 1999, CHES.

[10]  Michael Hutter,et al.  Optical and EM Fault-Attacks on CRT-based RSA : Concrete Results , 2007 .

[11]  Christophe Clavier,et al.  Fault Analysis of DPA-Resistant Algorithms , 2006, FDTC.

[12]  Jerry den Hartog,et al.  Principles on the Security of AES against First and Second-Order Differential Power Analysis , 2010, ACNS.

[13]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[14]  Amir Moradi,et al.  A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[15]  Bing-Fei Wu,et al.  Simple error detection methods for hardware implementation of Advanced Encryption Standard , 2006, IEEE Transactions on Computers.

[16]  François-Xavier Standaert,et al.  A Tutorial on Physical Security and Side-Channel Attacks , 2004, FOSAD.

[17]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[18]  Vishwani D. Agrawal,et al.  Single Event Upset: An Embedded Tutorial , 2008, 21st International Conference on VLSI Design (VLSID 2008).

[19]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[20]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[21]  Bruno Robisson,et al.  Design and characterisation of an AES chip embedding countermeasures , 2011, Int. J. Intell. Eng. Informatics.

[22]  Elena Trichina,et al.  Combinational Logic Design for AES SubByte Transformation on Masked Data , 2003, IACR Cryptol. ePrint Arch..

[23]  Junko Takahashi,et al.  Differential Fault Analysis on the AES Key Schedule , 2007, IACR Cryptol. ePrint Arch..

[24]  Jean-Jacques Quisquater,et al.  New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough , 2008, CARDIS.

[25]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[26]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[27]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[28]  I. Koren,et al.  Fault Diagnosis and Tolerance in Cryptography , 2006 .

[29]  Jianying Zhou,et al.  Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication , 2011 .

[30]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[31]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[32]  David Naccache,et al.  When Clocks Fail: On Critical Paths and Clock Faults , 2010, CARDIS.