A DFA on AES Based on the Entropy of Error Distributions

Differential fault analysis (DFA) techniques have been widely studied during the past decade. To our best knowledge, most DFA techniques on the Advanced Encryption Standard (AES) either impose strong constraints on the fault injection process or require numerous faults in order to recover the secret key. This article presents a simple methodology based on information theory which allows to adapt the number of required faults for the analysis to the fault injection process. With this technique, the constraints on the fault model to recover the last round key are considerably lowered. Additionally, entropy is proposed as a tool to apprehend the most complex fault models in DFA. A practical realization and simulations are presented to illustrate our methodology.

[1]  Sylvain Guilley,et al.  Entropy-based power attack , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[2]  Takeshi Sugawara,et al.  An on-chip glitchy-clock generator for testing fault injection attacks , 2011, Journal of Cryptographic Engineering.

[3]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[4]  Lejla Batina,et al.  Mutual Information Analysis - A Universal Differential Side-Channel Attack , 2007, IACR Cryptol. ePrint Arch..

[5]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[6]  Debdeep Mukhopadhyay,et al.  An Improved Fault Based Attack of the Advanced Encryption Standard , 2009, AFRICACRYPT.

[7]  Sylvain Guilley,et al.  Evaluation of countermeasure implementations based on Boolean masking to thwart side-channel attacks , 2009, 2009 3rd International Conference on Signals, Circuits and Systems (SCS).

[8]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[9]  Matthieu Rivain,et al.  Differential Fault Analysis on DES Middle Rounds , 2009, CHES.

[10]  Amir Moradi,et al.  A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[11]  Sylvain Guilley,et al.  Silicon-level Solutions to Counteract Passive and Active Attacks , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[12]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[13]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[14]  David Naccache,et al.  When Clocks Fail: On Critical Paths and Clock Faults , 2010, CARDIS.

[15]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[16]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[17]  Israel Koren,et al.  A parity code based fault detection for an implementation of the Advanced Encryption Standard , 2002, 17th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, 2002. DFT 2002. Proceedings..

[18]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[19]  Michael Tunstall,et al.  Round Reduction Using Faults , 2005 .

[20]  Bruno Robisson,et al.  Differential Behavioral Analysis , 2007, CHES.

[21]  Mitsugu Iwamoto,et al.  Information-Theoretic Approach to Optimal Differential Fault Analysis , 2012, IEEE Transactions on Information Forensics and Security.

[22]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[23]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[24]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[25]  Thomas Roche,et al.  Combined Fault and Side-Channel Attack on Protected Implementations of AES , 2011, CARDIS.