Study of a Parity Check Based Fault-Detection Countermeasure for the AES Key Schedule

In this paper we study a parity check based countermeasure proposed by Chen et al. that thwarts their attack by detecting byte fault injection during the AES key schedule process. We provide a generalization of their approach that allows to derive parity equations for every AES sizes not given by the authors. We analyze why Chen et al. countermeasure does not properly works. Doing so we are able to extend the coverage of the fault detection to the full expanded key. Finally we suggest optimizations that reduce memory and computation costs, and propose an adaptation to a more general fault model.

[1]  Chong Hee Kim,et al.  Improved Differential Fault Analysis on AES Key Schedule , 2012, IEEE Transactions on Information Forensics and Security.

[2]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[3]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[4]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5]  Christophe Clavier,et al.  Simple Power Analysis on AES Key Expansion Revisited , 2014, CHES.

[6]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[7]  Junko Takahashi,et al.  DFA Mechanism on the AES Key Schedule , 2007 .

[8]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[9]  Shen Lei,et al.  Differential Fault Analysis on AES and DES , 2013 .

[10]  Debdeep Mukhopadhyay,et al.  A Differential Fault Analysis on AES Key Schedule Using Single Fault , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[11]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[12]  Hossein Pedram,et al.  An EDA tool for implementation of low power and secure crypto-chips , 2009, Comput. Electr. Eng..

[13]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[14]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[15]  Noémie Floissac,et al.  From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks on Key Expansion , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[16]  Jean-Jacques Quisquater,et al.  New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough , 2008, CARDIS.

[17]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[18]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.