Multi Fault Laser Attacks on Protected CRT-RSA

Since the first publication of a successful practical two-fault attack on protected CRT-RSA surprisingly little attention was given by the research community to an ensuing new challenge. The reason for it seems to be two-fold. One is that generic higher order fault attacks are very difficult to model and thus finding robust countermeasures is also difficult. Another reason may be that the published experiment was carried out on an outdated 8 bit microcontroller and thus was not perceived as a serious threat to create a sense of urgency in addressing this new menace. In this paper we describe two-fault attacks on protected CRT-RSA implementations running on an advanced 32 bit ARM Cortex M3 core. To our knowledge, this is the first practical result of two fault laser attacks on a protected cryptographic application. Considering that laser attacks are much more accurate in targeting a particular variable, the significance of our result cannot be overlooked.

[1]  Christophe Giraud,et al.  An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis , 2006, IEEE Transactions on Computers.

[2]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[3]  Christophe Clavier,et al.  Case Study of a Fault Attack on Asynchronous DES Crypto-Processors , 2006, FDTC.

[4]  J. Quisquater,et al.  Fast decipherment algorithm for RSA public-key cryptosystem , 1982 .

[5]  Tughrul Arslan,et al.  Detecting Voltage Glitch Attacks on Secure Devices , 2008, 2008 Bio-inspired, Learning and Intelligent Systems for Security.

[6]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7]  Christophe Giraud,et al.  A Survey on Fault Attacks , 2004, CARDIS.

[8]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[9]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[10]  David Naccache,et al.  When Clocks Fail: On Critical Paths and Clock Faults , 2010, CARDIS.

[11]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[12]  Mathieu Lisart,et al.  Electrical modeling of the effect of beam profile for pulsed laser fault injection , 2009, Microelectron. Reliab..

[13]  S. Buchner,et al.  Critical evaluation of the pulsed laser method for single event effects testing and fundamental studies , 1994 .

[14]  Fabrice Monteiro,et al.  Characterizing laser-induced pulses in ICs: methodology and results , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[15]  George S. Taylor,et al.  Improving smart card security using self-timed circuits , 2002, Proceedings Eighth International Symposium on Asynchronous Circuits and Systems.

[16]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[17]  Sylvain Guilley,et al.  Practical Setup Time Violation Attacks on AES , 2008, 2008 Seventh European Dependable Computing Conference.

[18]  Seungjoo Kim,et al.  RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis , 2003, IEEE Trans. Computers.

[19]  J. Phang,et al.  A review of laser induced techniques for microelectronic failure analysis , 2004, Proceedings of the 11th International Symposium on the Physical and Failure Analysis of Integrated Circuits. IPFA 2004 (IEEE Cat. No.04TH8743).

[20]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[21]  Jean-Jacques Quisquater,et al.  How can we overcome both side channel analysis and fault attacks on RSA-CRT? , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[22]  Marc Joye,et al.  Chinese Remaindering Based Cryptosystems in the Presence of Faults , 1999, Journal of Cryptology.

[23]  Moti Yung,et al.  A Comparative Cost/Security Analysis of Fault Attack Countermeasures , 2006, FDTC.

[24]  Mike Bond,et al.  Cryptographic Processors-A Survey , 2006, Proceedings of the IEEE.

[25]  Jean-Jacques Quisquater,et al.  Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures , 2007, WISTP.

[26]  Assia Tria,et al.  Experimental evaluation of protections against laser-induced faults and consequences on fault modeling , 2007 .

[27]  Christophe Giraud,et al.  On Second-Order Fault Analysis Resistance for CRT-RSA Implementations , 2009, WISTP.

[28]  Hubert Kaeslin,et al.  Digital Integrated Circuit Design: From VLSI Architectures to CMOS Fabrication , 2008 .

[29]  Alessandro Barenghi,et al.  Low Voltage Fault Attacks on the RSA Cryptosystem , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[30]  Régis Leveugle,et al.  Practical evaluation of fault countermeasures on asynchronous DES crypto processor , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[31]  Martin Otto,et al.  Fault attacks and countermeasures , 2005 .

[32]  Vishwani D. Agrawal,et al.  Single Event Upset: An Embedded Tutorial , 2008, 21st International Conference on VLSI Design (VLSID 2008).

[33]  M. Joye,et al.  Practical Fault Countermeasures for Chinese Remaindering Based RSA ( Extended Abstract ) , 2005 .

[34]  Helena Handschuh,et al.  Fault Resistant RSA Signatures: Chinese Remaindering in Both Directions , 2010, IACR Cryptol. ePrint Arch..

[35]  Marc Joye,et al.  Protecting RSA against Fault Attacks: The Embedding Method , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).