Cited By
View all- Alur RSingh RFisman DSolar-Lezama A(2018)Search-based program synthesisCommunications of the ACM10.1145/320807161:12(84-93)Online publication date: 20-Nov-2018
Analyzing and eliminating the causes of fault sensitivity analysis
Article No.: 204, Pages 1 - 6
Abstract
Fault Sensitivity Analysis (FSA) is a new type of side-channel attack that exploits the relation between the sensitive data and the faulty behavior of a circuit, the so-called fault sensitivity. This paper analyzes the behavior of different implementations of AES S-box architectures against FSA, and proposes a systematic countermeasure against this attack. This paper has two contributions. First, we study the behavior and structure of several S-box implementations, to understand the causes behind the fault sensitivity. We identify two factors: the timing of fault sensitive paths, and the number of logic levels of fault sensitive gates within the netlist. Next, we propose a systematic countermeasure against FSA. The countermeasure masks the effect of these factors by intelligent insertion of delay elements. We evaluate our methodology by means of an FPGA prototype with built-in timing-measurement. We show that FSA can be thwarted at low hardware overhead. Compared to earlier work, our method operates at the logic-level, is systematic, and can be easily generalized to bigger circuits.
References
[1]
Paul Kocher, "Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems", in Advances in CryptologyCRYPTO96. Springer, 1996, pp. 104--113.
[2]
Paul Kocher, Joshua Jaffe, and Benjamin Jun, "Differential power analysis", in Advances in CryptologyCRYPTO99. Springer, 1999, pp. 388--397.
[3]
Karine Gandolfi, Christophe Mourtel, and Francis Olivier, "Electromagnetic analysis: Concrete results", in Cryptographic Hardware and Embedded SystemsCHES 2001. Springer, 2001, pp. 251--261.
[4]
Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Toshinori Fukunaga, Junko Takahashi, and Kazuo Ohta, "Fault sensitivity analysis", in Cryptographic Hardware and Embedded Systems, CHES 2010, pp. 320--334. Springer, 2010.
[5]
Sumio Morioka and Akashi Satoh, "An optimized s-box circuit architecture for low power AES design", in Cryptographic Hardware and Embedded Systems-CHES 2002, pp. 172--186. Springer, 2003.
[6]
Dan Boneh, Richard A DeMillo, and Richard J Lipton, "On the importance of checking cryptographic protocols for faults", in Advances in CryptologyEUROCRYPT97. Springer, 1997, pp. 37--51.
[7]
Eli Biham and Adi Shamir, Differential cryptanalysis of the data encryption standard, vol. 28, Springer-Verlag New York, 1993.
[8]
Joan Boyar and René Peralta, "A small depth-16 circuit for the AES s-box", in Information Security and Privacy Research, pp. 287--298. Springer, 2012.
[9]
Joan Boyar, René Peralta, and Denis Pochuev, "On the multiplicative complexity of boolean functions over the basis (and,xor,1)", Theoretical Computer Science, vol. 235, no. 1, pp. 43--57, 2000.
[10]
David Canright, "A very compact s-box for aes", in Cryptographic Hardware and Embedded Systems--CHES 2005, pp. 441--455. Springer, 2005.
[11]
Joan Daemen, Vincent Rijmen, and AES Proposal, "Rijndael", in Proceedings from the First Advanced Encryption Standard Candidate Conference, National Institute of Standards and Technology (NIST), 1998.
[12]
Design Compiler, "Synopsys inc", 2000.
[13]
Nidhal Selmane, Shivam Bhasin, Sylvain Guilley, Tarik Graba, and J-L Danger, "WDDL is protected against setup time violation attacks", in Fault Diagnosis and Tolerance in Cryptography (FDTC), 2009 Workshop on. IEEE, 2009, pp. 73--83.
[14]
Yang Li, Kazuo Ohta, and Kazuo Sakiyama, "Revisit fault sensitivity analysis on WDDL-AES", in Hardware-Oriented Security and Trust (HOST), 2011 IEEE International Symposium on. IEEE, 2011, pp. 148--153.
[15]
Akashi Satoh, Takeshi Sugawara, Naofumi Homma, and Takafumi Aoki, "High-performance concurrent error detection scheme for aes hardware", in Cryptographic Hardware and Embedded Systems--CHES 2008, pp. 100--112. Springer, 2008.
[16]
Amir Moradi, Oliver Mischke, and Christof Paar, "Collision timing attack when breaking 42 aes asic cores", Tech. Rep., Cryptology ePrint Archive, Report 2011/162, 2011. http://eprint. iacr. org, 2011.
[17]
Amir Moradi, Oliver Mischke, Christof Paar, Yang Li, Kazuo Ohta, and Kazuo Sakiyama, "On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting", in Cryptographic Hardware and Embedded Systems--CHES 2011, pp. 292--311. Springer, 2011.
[18]
Sho Endo, Yang Li, Naofumi Homma, Kazuo Sakiyama, Kazuo Ohta, and Takafumi Aoki, "An efficient countermeasure against fault sensitivity analysis using configurable delay blocks", in 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). IEEE, 2012, pp. 95--102.
[19]
Li Yang and Kazuo Sakiyama, "Toward effective countermeasures against an improved fault sensitivity analysis", IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences, vol. 95, no. 1, pp. 234--241, 2012.
Index Terms
- Analyzing and eliminating the causes of fault sensitivity analysis
Recommendations
Fault sensitivity analysis
CHES'10: Proceedings of the 12th international conference on Cryptographic hardware and embedded systemsThis paper proposes a new fault-based attack called the Fault Sensitivity Analysis (FSA) attack, which unlike most existing fault-based analyses including Differential Fault Analysis (DFA) does not use values of faulty ciphertexts. Fault sensitivity ...
A new zero value attack combined fault sensitivity analysis on masked AES
Recently, a new kind of fault-based attacks called fault sensitivity analysis (FSA) has been proposed, which has significant advantage over the traditional Differential Fault Attacks (DFA). However, the masking countermeasure could resist original FSA ...
An Efficient Countermeasure against Fault Sensitivity Analysis Using Configurable Delay Blocks
FDTC '12: Proceedings of the 2012 Workshop on Fault Diagnosis and Tolerance in CryptographyIn this paper, we present an efficient countermeasure against Fault Sensitivity Analysis (FSA) based on a configurable delay blocks (CDBs). FSA is a new type of fault attack which exploits the relationship between fault sensitivity and secret ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Sponsors
- EDAA: European Design Automation Association
- ECSI
- EDAC: Electronic Design Automation Consortium
- IEEE Council on Electronic Design Automation (CEDA)
- The Russian Academy of Sciences: The Russian Academy of Sciences
In-Cooperation
Publisher
European Design and Automation Association
Leuven, Belgium
Publication History
Published: 24 March 2014
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
DATE '14
Sponsor:
- EDAA
- EDAC
- The Russian Academy of Sciences
Acceptance Rates
Overall Acceptance Rate 518 of 1,794 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 85Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Reflects downloads up to 29 Jan 2025
Other Metrics
Citations
Cited By
View all- Alur RSingh RFisman DSolar-Lezama A(2018)Search-based program synthesisCommunications of the ACM10.1145/320807161:12(84-93)Online publication date: 20-Nov-2018
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in