The Fault Attack Jungle - A Classification Model to Guide You

For a secure hardware designer, the vast array of fault attacks and countermeasures looks like a jungle. This paper aims at providing a guide through this jungle and at helping a designer of secure embedded devices to protect a design in the most efficient way. We classify the existing fault attacks on implementations of cryptographic algorithms on embedded devices according to different criteria. By doing do, we expose possible security threats caused by fault attacks and propose different classes of countermeasures capable of preventing them.

[1]  Robert H. Deng,et al.  RSA-type Signatures in the Presence of Transient Faults , 1997, IMACC.

[2]  Todd M. Austin,et al.  Fault-based attack of RSA authentication , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[3]  Frederik Vercauteren,et al.  A Fault Attack on Pairing-Based Cryptography , 2006, IEEE Transactions on Computers.

[4]  Nigel P. Smart,et al.  Lattice Attacks on Digital Signature Schemes , 2001, Des. Codes Cryptogr..

[5]  Jean-Jacques Quisquater,et al.  Safe-Error Attack on SPA-FA Resistant Exponentiations Using a HW Modular Multiplier , 2007, ICISC.

[6]  David Naccache,et al.  Experimenting with Faults, Lattices and the DSA , 2005, Public Key Cryptography.

[7]  Jean-Jacques Quisquater,et al.  How can we overcome both side channel analysis and fault attacks on RSA-CRT? , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[8]  Wei Wang,et al.  A CRT-RSA Algorithm Secure against Hardware Fault Attacks , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[9]  Ingrid Verbauwhede,et al.  Low-cost fault detection method for ECC using Montgomery powering ladder , 2011, 2011 Design, Automation & Test in Europe.

[10]  JaeCheol Ha,et al.  Hardware Fault Attackon RSA with CRT Revisited , 2002, ICISC.

[11]  Arnaud Tisserand,et al.  Error Detection for Borrow-Save Adders Dedicated to ECC Unit , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[12]  Nevine Maurice Ebeid,et al.  Securing the Elliptic Curve Montgomery Ladder against Fault Attacks , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[13]  Matthieu Rivain,et al.  Securing RSA against Fault Analysis by Double Addition Chain Exponentiation , 2009, CT-RSA.

[14]  Jean-Pierre Seifert,et al.  Sign Change Fault Attacks on Elliptic Curve Cryptosystems , 2006, FDTC.

[15]  Jean-Guillaume Dumas,et al.  Fault Attacks on RSA Public Keys: Left-To-Right Implementations Are Also Vulnerable , 2009, CT-RSA.

[16]  M. Anwar Hasan,et al.  Error Detection and Fault Tolerance in ECSM Using Input Randomization , 2009, IEEE Transactions on Dependable and Secure Computing.

[17]  David A. Wagner,et al.  Cryptanalysis of a provably secure CRT-RSA algorithm , 2004, CCS '04.

[18]  Rafael Tonicelli,et al.  A Fault Analytic Method against HB+ , 2010, IACR Cryptol. ePrint Arch..

[19]  I. Koren,et al.  Fault Diagnosis and Tolerance in Cryptography , 2006 .

[20]  Jörn-Marc Schmidt,et al.  Fault Attacks on the Montgomery Powering Ladder , 2010, ICISC.

[21]  Cécile Canovas,et al.  Public Key Perturbation of Randomized RSA Implementations , 2010, CHES.

[22]  Jean-Pierre Seifert,et al.  A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[23]  Aviad Kipnis,et al.  Attacks on Authentication and Signature Schemes Involving Corruption of Public Key (Modulus) , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[24]  Mark G. Karpovsky,et al.  Comparative Analysis of Robust Fault Attack Resistant Architectures for Public and Private Cryptosystems , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[25]  Mark G. Karpovsky,et al.  Non-linear Residue Codes for Robust Public-Key Arithmetic , 2006, FDTC.

[26]  Christophe Giraud,et al.  An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis , 2006, IEEE Transactions on Computers.

[27]  Jörn-Marc Schmidt,et al.  A Practical Fault Attack on Square and Multiply , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[28]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[29]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[30]  Jean-Jacques Quisquater,et al.  Fault Attacks on Public Key Elements: Application to DLP-Based Schemes , 2008, EuroPKI.

[31]  Denis Réal,et al.  Fault Attack on Elliptic Curve Montgomery Ladder Implementation , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[32]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[33]  Emmanuel Prouff,et al.  CRT RSA Algorithm Protected Against Fault Attacks , 2007, WISTP.

[34]  Jörn-Marc Schmidt,et al.  A Generic Fault Countermeasure Providing Data and Program Flow Integrity , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[35]  Seungjoo Kim,et al.  RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis , 2003, IEEE Trans. Computers.

[36]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[37]  Christophe Clavier,et al.  Why One Should Also Secure RSA Public Key Elements , 2006, CHES.

[38]  Jean-Pierre Seifert,et al.  On authenticated computing and RSA-based authentication , 2005, CCS '05.

[39]  Agustin Dominguez-Oviedo,et al.  On Fault-based Attacks and Countermeasures for Elliptic Curve Cryptosystems , 2008 .

[40]  Kaijie Wu,et al.  LOEDAR: A low cost error detection and recovery scheme for ECC , 2011, 2011 Design, Automation & Test in Europe.

[41]  Benoit Feix,et al.  Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[42]  Christophe Clavier,et al.  Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis , 2007 .

[43]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[44]  David A. Wagner,et al.  Fault attacks on dual-rail encoded systems , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[45]  Robert H. Deng,et al.  Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults , 1997, Security Protocols Workshop.

[46]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[47]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[48]  David Vigilant,et al.  RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks , 2008, CHES.

[49]  Jörn-Marc Schmidt,et al.  A Fault Attack on ECDSA , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[50]  Berk Sunar,et al.  Tate Pairing with Strong Fault Resiliency , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).