Abstract
In this paper we describe several fault attacks on the Advanced Encryption Standard (AES). First, using optical/eddy current fault induction attacks as recently publicly presented by Skorobogatov, Anderson and Quisquater, Samyde [SA, QS], we present an implementation independent fault attack on AES. This attack is able to determine the complete 128-bit secret key of a sealed tamper-proof smartcard by generating 128 faulty cipher texts. Second, we present several implementation-dependent fault attacks on AES. These attacks rely on the observation that due to the AES’s known timing analysis vulnerability (as pointed out by Koeune and Quisquater [KQ]), any implementation of the AES must ensure a data independent timing behavior for the so called AES’s xtime operation. We present fault attacks on AES based on various timing analysis resistant implementations of the xtime-operation. Our strongest attack in this direction uses a very liberal fault model and requires only 256 faulty encryptions to determine a 128-bit key.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R.: Security Engineering. John Wiley & Sons, New York (2001)
Aumüller, C., Bier, B., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA: Concrete results and practical countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 261–276. Springer, Heidelberg (2003)
Akkar, M.L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 315–324. Springer, Heidelberg (2001)
Anderson, R., Kuhn, M.: Tamper Resistance – a cautionary note. In: Proc. of 2nd USENIX Workshop on Electronic Commerce, pp. 1–11 (1996)
Anderson, R., Kuhn, M.: Low cost attacks attacks on tamper resistant devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)
Boneh, D., DeMillo, R.A., Lipton, R.: On the Importance of Eliminating Errors in Cryptographic Computations. Journal of Cryptology 14(2), 101–120 (2001)
Bao, F., Deng, R.H., Han, Y., Jeng, A., Narasimbalu, A.D., Ngair, T.: Breaking public key cryptosystems on tamper resistant dives in the presence of transient faults. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Biham, E., Shamir, A.: Power analysis of the key scheduling of the AES candidates. In: Proc. of the second AES conference, pp. 115–121 (1999)
Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000)
Clavier, C., Coron, J.-S., Dabbous, N.: Differential Power Analysis in the presence of Hardware Countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)
Chari, S., Jutla, C., Rao, J.R., Rohatgi, P.J.: A cautionary note regarding evaluation of AES candidates on smartcards. In: Proc. of the second AES conference, pp. 135–150 (1999)
Coron, J.-S., Kocher, P., Naccache, D.: Statistics and Secret Leakage. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, p. 157. Springer, Heidelberg (2001)
Daemen, J., Rijmen, V.: Resistance against implementation attacks: a comparative study. In: Proc. of the second AES conference, pp. 122–132 (1999)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Berlin (2002)
Grimmett, G.R., Stirzaker, D.R.: Probability and random processes. Oxford Science Publications, Oxford (1992)
Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: Proc. of 6th USENIX Security Symposium, pp. 77–89 (1997)
Gutmann, P.: Data Remanence in Semiconductor Devices. In: Proc. of 7th USENIX Security Symposium (1998)
International Organization for Standardization, ISO/IEC 7816-3: Electronic signals and transmission protocols (2002), http://www.iso.ch
Kaliski, B., Robshaw, M.J.B.: Comments on some new attacks on cryptographic devices. RSA Laboratories Bulletin 5 (July 1997)
Kömmerling, O., Kuhn, M.: Design Principles for Tamper-Resistant Smartcard Processors. In: Proc. of the USENIX Workshop on Smartcard Technologies, pp. 9–20 (1999)
Koeune, F., Quisquater, J.-J.: A timing attack against Rijndael, Université catholique de Louvain, TR CG-1999/1, 6 pages (1999)
Kocar, O.: Hardwaresicherheit von Mikrochips in Chipkarten. Datenschutz und Datensicherheit 20(7), 421–424 (1996)
Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent error detection of faultbased side-channel cryptanalysis of 128-bit symmetric block ciphers. In: Proc. of IEEE Design Automation Conference, pp. 579–585 (2001)
Maher, D.P.: Fault induction attacks, tamper resistance, and hostile reverse engineering in perspective. In: Luby, M., Rolim, J.D.P., Serna, M. (eds.) FC 1997. LNCS, vol. 1318, pp. 109–121. Springer, Heidelberg (1997)
Messerges, T.: Securing the AES finalists against power analysis attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 150–164. Springer, Heidelberg (2001)
Moore, S.W., Anderson, R.J., Kuhn, M.G.: Improving Smartcard Security using Self-Timed Circuit Technology. In: Fourth AciD-WG Workshop, Grenoble (2000) ISBN 2-913329-44-6
Moore, S.W., Anderson, R.J., Cunningham, P., Mullins, R., Taylor, G.: Improving Smartcard Security using Self-Timed Circuit Technology. In: Proc. of Asynch 2002. IEEE Computer Society Press, Los Alamitos (2002)
Naccache, D., M’Raihi, D.: Cryptographic smart cards. IEEE Micro, 14–24 (1996)
Pailler, P.: Evaluating differential fault analysis of unknown cryptosystems. Gemplus Corporate Product R&D Division, TR AP05-1998, 8 pages (1999)
Petersen, I.: Chinks in digital armor — Exploiting faults to break smartcard cryptosystems. Science News 151(5), 78–79 (1997)
Quisquater, J.-J., Samyde, D.: Eddy Current for Magnetic Analysis with Active Sensor. In: Proc. of Int. Conf. on Research in SmartCards (E-Smart 2002), Novamedia, pp. 185–194 (2002)
Samyde, D., Quisquater, J.-J.: ElectroMagnetic Analysis (EMA): Measures and Countermeasures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)
Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A compact Rijndael hardware architecture with S-Box optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 241–256. Springer, Heidelberg (2001)
Skorobogatov, S., Anderson, R.: Optical Fault Induction Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)
Weste, N.H.E., Eshraghian, K.: Principles of CMOS VLSI Design, 2nd edn. Addison-Wesley, Reading (1994)
Wolkerstorfer, J.: An ASIC implementation of the AES MixColumnoperation. Graz University of Technology, Institute for Applied Information Processing and Communications, Manuscript, 4 pages (2001)
Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC implementation of the AES S-Boxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, p. 67. Springer, Heidelberg (2002)
Yen, S.-M., Joye, M.: Checking before output not be enough against fault-based cryptanalysis. IEEE Trans. on Computer 49, 967–970 (2000)
Yen, S.-M., Kim, S.-J., Lim, S.-G., Moon, S.-J.: RSA Speedup with Residue Number System immune from Hardware fault cryptanalysis. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, p. 397. Springer, Heidelberg (2002)
Yen, S.-M., Kim, S.-J., Lim, S.-G., Moon, S.-J.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, p. 414. Springer, Heidelberg (2002)
Yen, S.-M., Tseng, S.Y.: Differential power cryptanalysis of a Rijndael implementation. LCIS Technical Report TR-2K1-9, Dept. of Computer Science and Information Engineering, National Central University, Taiwan (2001)
Zheng, Y., Matsumoto, T.: Breaking real-world implementations of cryptosystems by manipulating their random number generation. In: Proc. of the 1997 Symposium on Cryptography and Information Security. LNCS. Springer, Heidelberg (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Blömer, J., Seifert, JP. (2003). Fault Based Cryptanalysis of the Advanced Encryption Standard (AES). In: Wright, R.N. (eds) Financial Cryptography. FC 2003. Lecture Notes in Computer Science, vol 2742. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45126-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-45126-6_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40663-1
Online ISBN: 978-3-540-45126-6
eBook Packages: Springer Book Archive