Breaking Trivium Stream Cipher Implemented in ASIC Using Experimental Attacks and DFA

One of the best methods to improve the security of cryptographic systems used to exchange sensitive information is to attack them to find their vulnerabilities and to strengthen them in subsequent designs. Trivium stream cipher is one of the lightweight ciphers designed for security applications in the Internet of things (IoT). In this paper, we present a complete setup to attack ASIC implementations of Trivium which allows recovering the secret keys using the active non-invasive technique attack of clock manipulation, combined with Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject effective transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. Finally, a backward version of Trivium was also designed to go back and get the secret keys from the initial internal states. The key recovery has been verified with numerous simulations data attacks and used with the experimental data obtained from the Application Specific Integrated Circuit (ASIC) Trivium. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.

[1]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[2]  Li Zhang,et al.  An Efficient FPGA Implementation of ECC Modular Inversion over F256 , 2018, ICCSP.

[3]  Ashok M. Sapkal,et al.  An efficient AES implementation using FPGA with enhanced security features , 2020 .

[4]  Qing Liu,et al.  Fault analysis of Trivium , 2012, Des. Codes Cryptogr..

[5]  Imran A. Zualkernan,et al.  Internet of things (IoT) security: Current status, challenges and prospective measures , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[6]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis on the Families of SIMON and SPECK Ciphers , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[7]  Luca Benini,et al.  High speed ASIC implementations of leakage-resilient cryptography , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[8]  Dipanwita Roy Chowdhury,et al.  Differential Fault Analysis of MICKEY Family of Stream Ciphers , 2014, IACR Cryptol. ePrint Arch..

[9]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[10]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[11]  Brahmjit Singh,et al.  Demystifying elliptic curve cryptography: Curve selection, implementation and countermeasures to attacks , 2020 .

[12]  Willi Meier,et al.  A Key-recovery Attack on 855-round Trivium , 2018, IACR Cryptol. ePrint Arch..

[13]  Santanu Sarkar,et al.  A Differential Fault Attack on Plantlet , 2017, IEEE Transactions on Computers.

[14]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[15]  Liang Dong,et al.  Analysis of an Optimal Fault Attack on the LED-64 Lightweight Cryptosystem , 2019, IEEE Access.

[16]  Liang Dong,et al.  An Effective Simulation Analysis of Transient Electromagnetic Multiple Faults , 2020, Sensors.

[17]  Michal Hojsík,et al.  Floating Fault Analysis of Trivium , 2008, INDOCRYPT.

[18]  Chong Hee Kim,et al.  Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[19]  Abderrahmane Nitaj,et al.  A new attack on RSA and Demytko’s elliptic curve cryptosystem , 2019, IACR Cryptol. ePrint Arch..

[20]  Dongdai Lin,et al.  FPGA implementations of Grain v1, Mickey 2.0, Trivium, Lizard and Plantlet , 2020, Microprocess. Microsystems.

[21]  Fernando Gehm Moraes,et al.  Exploring RSA Performance up to 4096-bit for Fast Security Processing on a Flexible Instruction Set Architecture Processor , 2018, 2018 25th IEEE International Conference on Electronics, Circuits and Systems (ICECS).

[22]  Samih Abdul-Nabi,et al.  AES algorithm implementation for a simple low cost portable 8-bit microcontroller , 2016, 2016 Sixth International Conference on Digital Information Processing and Communications (ICDIPC).

[23]  Camel Tanougast,et al.  Hardware Implementation of Chaos Based Cipher: Design of Embedded Systems for Security Applications , 2011, Chaos-Based Cryptography.

[24]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[25]  An Wang,et al.  Transient-Steady Effect Attack on Block Ciphers , 2015, CHES.

[26]  Saleh Khalaj Monfared,et al.  Fast AES Implementation: A High-Throughput Bitsliced Approach , 2019, IEEE Transactions on Parallel and Distributed Systems.

[27]  Gaoli Wang,et al.  Improved Cube Attacks on Some Authenticated Encryption Ciphers and Stream Ciphers in the Internet of Things , 2020, IEEE Access.

[28]  M. Valencia-Barrero,et al.  Experimental and timing analysis comparison of FPGA trivium implementations and their vulnerability to clock fault injection , 2016, 2016 Conference on Design of Circuits and Integrated Systems (DCIS).

[29]  M. Valencia-Barrero,et al.  Vulnerability Analysis of Trivium FPGA Implementations , 2017, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[30]  Ben Soh,et al.  MICKEY 2.0.85: A Secure and Lighter MICKEY 2.0 Cipher Variant with Improved Power Consumption for Smaller Devices in the IoT , 2020, Symmetry.

[31]  Fawnizu Azmadi Hussin,et al.  An Efficient Implementation of LED Block Cipher on FPGA , 2019, 2019 First International Conference of Intelligent Computing and Engineering (ICOICE).

[32]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[33]  Kazue Sako,et al.  ECRYPT Stream Cipher Project , 2011, Encyclopedia of Cryptography and Security.

[34]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[35]  F. E. Potestad-Ordonez,et al.  Fault attack on FPGA implementations of Trivium stream cipher , 2016, 2016 IEEE International Symposium on Circuits and Systems (ISCAS).

[36]  Muhammad Khurram Khan,et al.  ECC-CoAP: Elliptic Curve Cryptography Based Constraint Application Protocol for Internet of Things , 2020, Wireless Personal Communications.

[37]  David Naccache,et al.  When Clocks Fail: On Critical Paths and Clock Faults , 2010, CARDIS.

[38]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[39]  Reza M. Parizi,et al.  A Hybrid RSA Algorithm in Support of IoT Greenhouse Applications , 2019, 2019 IEEE International Conference on Industrial Internet (ICII).

[40]  Martin Feldhofer,et al.  Implementation of Symmetric Algorithms on a Synthesizable 8-Bit Microcontroller Targeting Passive RFID Tags , 2010, Selected Areas in Cryptography.

[41]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[42]  Shaohui Wang,et al.  Differential Fault Analysis on PRESENT Key Schedule , 2010, 2010 International Conference on Computational Intelligence and Security.

[43]  Miodrag Potkonjak,et al.  Security of IoT systems: Design challenges and opportunities , 2014, 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[44]  Santanu Sarkar,et al.  Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions , 2015, IEEE Transactions on Computers.

[45]  Stamatis Vassiliadis,et al.  Reconfigurable memory based AES co-processor , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[46]  Michal Hojsík,et al.  Differential Fault Analysis of Trivium , 2008, FSE.

[47]  Debdeep Mukhopadhyay,et al.  Improved practical differential fault analysis of Grain-128 , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[48]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[49]  R. Sakthivel,et al.  An efficient hardware implementation of the elliptic curve cryptographic processor over prime field, Fp , 2020, Int. J. Circuit Theory Appl..

[50]  Adesh Kumari,et al.  A secure user authentication protocol using elliptic curve cryptography , 2019 .