Abstract
Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption algorithms. To protect cryptographic implementations (e.g. of the recent AES which will be our running example) against these attacks, a number of innovative countermeasures have been proposed, usually based on the use of space and time redundancies (e.g. error detection/correction techniques, repeated computations). In this paper, we take the next natural step in engineering studies where alternative methods exist, namely, we take a comparative perspective. For this purpose, we use unified security and efficiency metrics to evaluate various recent protections against fault attacks. The comparative study reveals security weaknesses in some of the countermeasures (e.g. intentional malicious fault injection that are unrealistically modelled). The study also demonstrates that, if fair performance evaluations are performed, many countermeasures are not better than the naive solutions, namely duplication or repetition. We finally suggest certain design improvements for some countermeasures, and further discuss security/efficiency tradeoffs.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anderson, R., Kuhn, M.: Tamper Resistance - a Cautionary Note. In: The proceedings of the USENIX Workshop on Electronic Commerce, Oakland, CA, USA, November 1996, pp. 1–11 (1996)
Anderson, R., Kuhn, M.: Low Cost Attacks on Tamper Resistant Devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice Guide to Fault Attacks, IACR e-print archive 2004/100 (2004), http://eprint.iacr.org
Barreto, P., Rijmen, V.: The KHAZAD Legacy-Level Block Cipher, Submission to NESSIE project, Available from: http://www.cosic.esat.kuleuven.ac.be/nessie/
Bertoni, G., Breveglieri, L., Koren, I., Maistri, P., Piuri, V.: Error Analysis And Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard. IEEE Transactions on Computers 52(4), 492–505 (2003)
Bertoni, G., Breveglieri, L., Koren, I., Maistri, P.: An Efficient Hardware-Based Fault Diagnosis Scheme for AES: Performance and Cost. In: Proceedings of DFT 2004, Cannes, France, October 2004, p. 9 (2004)
Biehl, I., Meyer, B., Müller, V.: Differential Fault Analysis on Elliptic Curve Cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000)
Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Boneh, D., DeMillo, R., Lipton, R.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Brier, E., Handschuh, H., Tymen, C.: Fast Primitives for Internal Data Scrambling in Tamper Resistant Hardware. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 16–27. Springer, Heidelberg (2001)
Daemen, J., Rijmen, V.: The Design of Rijndael. AES – The Advanced Encryption Standard. Springer, Heidelberg (2001)
Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, S., Rabin, T.: Algorithmic Tamper-Proof Security: Theoretical Foundations for Security Against Hardware Tampering. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 258–277. Springer, Heidelberg (2004)
Giraud, C., Thiebauld, H.: A Survey on Fault Attacks. In: Proceedings of CARDIS 2004, Toulouse, France (August 2004)
Golic, J.D.: DeKaRT: A New Paradigm for Key-Dependent Reversible Circuits. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 98–112. Springer, Heidelberg (2003)
Johansson, K., Ohlsson, M., Blomgren, N., Renberg, P.: Neutron Induced Single-Word Multiple-Bit Upset in SRAM. IEEE Transactions on Nuclear Science 46(7), 1427–1433 (1999)
Joshi, N., Wu, K., Karry, R.: Concurrent Error Detection Schemes for Involution Ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 400–412. Springer, Heidelberg (2004)
Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese Remaindering Based Cryptosystems in the Presence of Faults. Journal of Cryptology 12(4), 241–246 (1999)
Karnik, T., Hazucha, P., Patel, J.: Characterization of Soft Errors Caused by Single Event Upsets in CMOS Processes. IEEE Transactions on Secure and Dependable Computing 1(2) (2004)
Karpovsky, M., Kulikowski, K.J., Taubin, A.: Differential Fault Analysis Attack Resistant Architectures For The Advanced Encryption Standard. In: Proceedings of CARDIS 2004, Toulouse, France (August 2004)
Karpovsky, M., Kulikowski, K.J., Taubin, A.: Robust Protection against Fault Injection Attacks on Smart Cards Implementing the Advanced Encryption Standard. In: Proceedings of DSN 2004, Florence, Italy, p. 9 (June 2004)
Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent Error Detection Schemes for Fault-Based Side-Channel Cryptanalysis of Symmetric Block Ciphers. IEEE Transactions on Computer-Aided Design 21(12), 1509–1517 (2002)
Karri, R., Gössel, M.: Parity-Based Concurrent Error Detection in Symmetric Block Ciphers. In: Proceedings of ITC 2003, Charlotte, USA, September 2003, pp. 919–926 (2003)
Karri, R., Kuznetsov, G., Gössel, M.: Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 113–124. Springer, Heidelberg (2003)
Kulikowski, K.J., Karpovsky, M., Taubin, A.: Robust Codes for Fault Attack Resistant Cryptographic Hardware. In: The Proceedings of FDTC 2005, Edinburgh, Scotland, September 2005, pp. 2–12 (2005)
Mitra, S., McCluskey, E.J.: Which Concurrent Error Detection Scheme ro Choose. In: Proceedings of the International Test Conference 2000, Atlantic City, NJ, USA, October 2000, pp. 985–994 (2000)
Moshanin, V., Otscheretnij, V., Dmitriev, A.: The Impact of Logic Optimization on Concurrent Error Detection. In: Proceedings of the 4th IEEE International On-Line Testing Workshop, pp. 81–84 (July 1998)
Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique Against SPN Structures, With Applications to the AES and Khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)
Reed, R.: Heavy Ion and Proton Induced Single Event Multiple Upsets. In: Proceedings of the IEEE Nuclear and Space Radiation Effects Conference (July 1997)
Samyde, D., Skorobogatov, S., Anderson, R., Quisquater, J.-J.: On a New Way to Read Data from Memory. In: The proceedings of the IEEE Security in Storage Workshop 2002, pp. 65–69, Greenbelt, Maryland, USA (December 2002)
Shirvani, P.: Fault Tolerant Computing for Radiation Environments, Ph.D Thesis, Center for Reliable Computing, Stanford University (June 2001)
Skorobogatov, S., Anderson, R.: Optical Fault Induction Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)
Wu, K., Karri, R., Kuznetsov, G., Goessel, M.: Low Cost Error Detection for the Advanced Encryption Standard. In: Proceedings of ITC 2004 (October 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Malkin, T.G., Standaert, FX., Yung, M. (2006). A Comparative Cost/Security Analysis of Fault Attack Countermeasures. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, JP. (eds) Fault Diagnosis and Tolerance in Cryptography. FDTC 2006. Lecture Notes in Computer Science, vol 4236. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11889700_15
Download citation
DOI: https://doi.org/10.1007/11889700_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46250-7
Online ISBN: 978-3-540-46251-4
eBook Packages: Computer ScienceComputer Science (R0)