Practical Fault Attack on a Cryptographic LSI with ISO/IEC 18033-3 Block Ciphers

This paper presents practical fault attack results on six kinds of block ciphers listed in ISO/IEC 18033-3 that are implemented on an LSI: AES, DES, Camellia, CAST-128, SEED, and MISTY1. We developed an experimental environment that injects faults into any desired round by supplying a clock signal with a glitch. We examined practical attack assumptions and the fault model based on experimental results. We also succeeded in recovering AES keys in the LSI using Piret's attack, which uses only one faulty cipher text obtained using the proposed experimental environment.

[1]  Sylvain Guilley,et al.  Practical Setup Time Violation Attacks on AES , 2008, 2008 Seventh European Dependable Computing Conference.

[2]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[3]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[4]  Sylvain Guilley,et al.  Silicon-level Solutions to Counteract Passive and Active Attacks , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[5]  Michael Hutter,et al.  RFID and Its Vulnerability to Faults , 2008, CHES.

[6]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[7]  Jörn-Marc Schmidt,et al.  A Practical Fault Attack on Square and Multiply , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[8]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.