WDDL is Protected against Setup Time Violation Attacks

In order to protect crypto-systems against side channel attacks various countermeasures have been implemented such as dual-rail logic or masking. Faults attacks are a powerful tool to break some implementations of robust cryptographic algorithms such as AES and DES. Various kind of fault attacks scenarios have been published. However, very few publications available in the public literature detail the practical realization of such attacks. In this paper we present the result of a practical fault attack on AES in WDDL and its comparison with its non-protected equivalent. The practical faults on an FPGA running an AES encrypt or are realized by under-powering it and further exploited using Piret's attack. The results show that WDDL is protected against setup violation attacks by construction because a faulty bit is replaced by a null bit in the cipher text. Therefore, the fault leaks no exploitable information. We also give a theoretical model for the above results. Other references have already studied the potential of fault protection of the resynchronizing gates (delay-insensitive). In this paper, we show that non-resynchronizing gates (hence combinatorial DPL such as WDDL) are natively immune to setup time violation attacks.

[1]  Régis Leveugle,et al.  Configuration errors analysis in SRAM-based FPGAs: Software tool and practical results , 2007, Microelectron. Reliab..

[2]  Sylvain Guilley,et al.  Evaluation of Power-Constant Dual-Rail Logic as a Protection of Cryptographic Applications in FPGAs , 2008, 2008 Second International Conference on Secure System Integration and Reliability Improvement.

[3]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[4]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[5]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[6]  Ingrid Verbauwhede,et al.  Synthesis of Secure FPGA Implementations , 2004, IACR Cryptol. ePrint Arch..

[7]  Sylvain Guilley,et al.  Security Evaluation of a Balanced Quasi-Delay Insensitive Library (SecLib) , 2008 .

[8]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[9]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[10]  Guido Bertoni,et al.  Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks , 2008, IEEE Transactions on Computers.

[11]  Assia Tria,et al.  Robustness of circuits under delay-induced faults : test of AES with the PAFI tool , 2007, 13th IEEE International On-Line Testing Symposium (IOLTS 2007).

[12]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[13]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[14]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[15]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[16]  Christophe Clavier,et al.  De la sécurité physique des crypto-systèmes embarqués. (On physical security of embedded systems) , 2007 .

[17]  Sylvain Guilley,et al.  Practical Setup Time Violation Attacks on AES , 2008, 2008 Seventh European Dependable Computing Conference.

[18]  Julien Francq,et al.  Security of several AES Implementations against Delay Faults , 2007 .

[19]  George S. Taylor,et al.  Balanced self-checking asynchronous logic for smart card applications , 2003, Microprocess. Microsystems.

[20]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[21]  Sylvain Guilley,et al.  Fault Analysis Attack on an FPGA AES Implementation , 2008, 2008 New Technologies, Mobility and Security.

[22]  Helena Handschuh,et al.  Masking Does Not Protect Against Differential Fault Attacks , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[23]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[24]  Mark G. Karpovsky,et al.  Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard , 2004, International Conference on Dependable Systems and Networks, 2004.

[25]  Ingrid Verbauwhede,et al.  Secure Logic Synthesis , 2004, FPL.

[26]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[27]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[28]  Sylvain Guilley,et al.  Area optimization of cryptographic co-processors implemented in dual-rail with precharge positive logic , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[29]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[30]  Régis Leveugle,et al.  Double-Data-Rate Computation as a Countermeasure against Fault Analysis , 2008, IEEE Transactions on Computers.