Evidence of an information leakage between logically independent blocks

In this paper we study the information leakage that may exist, due to electrical coupling, between logically independent blocks of a secure circuit as a new attack path to retrieve secret information. First, an aes-128 has been implemented on a fpga board. Then, this aes implementation has been secured with a delay-based countermeasure against fault injection related to timing constraints violations. The countermeasure's detection threshold was supposed to be logically independent from the data handled by the cryptographic algorithm. Thus, it theoretically does not leak any information related to sensitive values. However experiments point out an existing correlation between the fault detection threshold of the countermeasure and the aes's calculations. As a result, we were able to retrieve the secret key of the aes using this correlation. Finally, different strategies were tested in order to minimize the number of triggered alarm to retrieve the secret key.

[1]  Amine Dehbaoui,et al.  Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[2]  Jean-Max Dutertre,et al.  Efficiency of a glitch detector against electromagnetic fault injection , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[3]  Meeta Srivastav,et al.  Sensing nanosecond-scale voltage attacks and natural transients in FPGAs , 2013, FPGA '13.

[4]  Emmanuel Prouff,et al.  Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers , 2009, CHES.

[5]  Li Shang,et al.  Dynamic power consumption in Virtex™-II FPGA family , 2002, FPGA '02.

[6]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[7]  Sylvain Guilley,et al.  Security evaluation of application-specific integrated circuits and field programmable gate arrays against setup time violation attacks , 2011, IET Inf. Secur..

[8]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[9]  Yang Li,et al.  An Efficient Countermeasure against Fault Sensitivity Analysis Using Configurable Delay Blocks , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[10]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[11]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[12]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[13]  Marc Joye,et al.  Strengthening hardware AES implementations against fault attacks , 2007, IET Inf. Secur..

[14]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[15]  Jean-Max Dutertre,et al.  From physical stresses to timing constraints violation , 2013 .

[16]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[17]  Takeshi Sugawara,et al.  An on-chip glitchy-clock generator for testing fault injection attacks , 2011, Journal of Cryptographic Engineering.

[18]  Michael Hutter,et al.  Side-Channel Leakage across Borders , 2010, CARDIS.

[19]  Jean-Sébastien Coron,et al.  On Boolean and Arithmetic Masking against Differential Power Analysis , 2000, CHES.