Top

Published in:

2019 | OriginalPaper | Chapter

13. Optimizing Electromagnetic Fault Injection with Genetic Algorithms

Authors : Antun Maldini, Niels Samwel, Stjepan Picek, Lejla Batina

Published in: Automated Methods in Cryptographic Fault Analysis

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Fault injection is a serious threat for implementations of cryptography, especially on small embedded devices. In particular, electromagnetic fault injection (EMFI) is a powerful active attack, requiring minimal modifications on the device under attack while having excellent penetration capabilities. The challenge is in finding the right combination of the attack parameters and their values. Namely, the number of possible combinations (for all the values of relevant parameters) is typically huge and rendering exhaustive search impossible.

In this chapter, we introduce this problem and we survey some previous attempts for solving it. We also present a novel evolutionary algorithm for optimizing the parameters search for EM fault injection that outperforms all known search methods for EMFI. The results are widely applicable as the cryptographic device under attack is considered a black box, with only a few very general assumptions on its inner workings.

We test our novel evolutionary algorithm by attacking the SHA-3 algorithm. Our results leverage 40 times more faulty measurements and 20 times more distinct fault measurements than one could obtain with a random search. When this methodology is coupled with the algebraic fault attack, we get 25% more exploitable faults per individual measurement.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Fault Analysis Assisted by Simulation

next chapter Automated Profiling Method for Laser Fault Injection in FPGAs

Github: https://github.com/geneticemfaults/geneticemfaults.

WolfSSL, an embedded SSL/TLS library. Available at: https://www.wolfssl.com/.

The parent points define an axis-aligned parallelepiped in parameter-space; the parents are placed on the diagonally opposite vertices. In a Hamming cube, these would be the all-zeros and all-ones vertices. The first crossover variant corresponds to picking one of its vertices, whereas the second crossover variant corresponds to picking a point within it.

A. Aghaie, A. Moradi, S. Rasoolzadeh, F. Schellenberg, T. Schneider, Impeccable circuits, Cryptology ePrint Archive, Report 2018/203, 2018. https://eprint.iacr.org/2018/203

C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, J.-P. Seifert, Fault attacks on RSA with CRT: concrete results and practical countermeasures, in CHES, pp. 260–275 (2002)

T. Bäck, D.B. Fogel, Z. Michalewicz (eds.), Evolutionary Computation 1: Basic Algorithms and Operators (Institute of Physics Publishing, Bristol, 2000)MATH

N. Bagheri, N. Ghaedi, S.K. Sanadhya, Differential fault analysis of SHA-3, in Progress in Cryptology–INDOCRYPT 2015 (Springer, Cham, 2015), pp. 253–269

G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, The Keccak reference, January 2011. http://keccak.noekeon.org/

D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of checking cryptographic protocols for faults (extended abstract), in Advances in Cryptology - Proceeding of the EUROCRYPT ‘97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, May 11–15 (1997), pp. 37–51

E. Cagli, C. Dumas, E. Prouff, Convolutional neural networks with data augmentation against jitter-based countermeasures - profiling attacks without pre-processing, in Cryptographic Hardware and Embedded Systems - CHES 2017 - Proceedings of the 19th International Conference, 2017, Taipei, September 25–28 (2017), pp. 45–68

R.B. Carpi, S. Picek, L. Batina, F. Menarini, D. Jakobovic, M. Golub, Glitch it if you can: parameter search strategies for successful fault injection, in Smart Card Research and Advanced Applications, ed. by A. Francillon, P. Rohatgi (Springer, Cham, 2014), pp. 236–252

A.E. Eiben, J.E. Smith, Introduction to Evolutionary Computing (Springer, Berlin, 2003)CrossRef

10.

J.H. Holland, Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence (The MIT Press, Cambridge, 1992)CrossRef

11.

P.C. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in CRYPTO ‘96: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (Springer, London, 1996), pp. 104–113MATH

12.

P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Annual International Cryptology Conference (Springer, Berlin, 1999), pp. 388–397MATH

13.

O. Kömmerling, M.G. Kuhn, Design principles for tamper-resistant smartcard processors, in Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology (USENIX Association, Berkeley, 1999), pp. 2–2

14.

L. Lerman, G. Bontempi, O. Markowitch, Side channel attack: an approach based on machine learning, in Second International Workshop on Constructive SideChannel Analysis and Secure Design, pp. 29–41 (Center for Advanced Security Research, Darmstadt, 2011)

15.

P. Luo, Y. Fei, L. Zhang, A.A. Ding, Differential fault analysis of SHA3-224 and SHA3-256, in 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 4–15 (2016)

16.

P. Luo, Y. Fei, L. Zhang, A.A. Ding, Differential fault analysis of SHA-3 under relaxed fault models. J. Hardware Syst. Secur. 1(2), 156–172 (2017)CrossRef

17.

P. Luo, K. Athanasiou, Y. Fei, T. Wahl, Algebraic fault analysis of SHA-3 under relaxed fault models. IEEE Trans. Inf. Forensics Secur. 13, 1752–1761 (2018)CrossRef

18.

M. Madau, M. Agoyan, P. Maurine, An EM fault injection susceptibility criterion and its application to the localization of hotspots, in International Conference on Smart Card Research and Advanced Applications (Springer, Cham, 2017), pp. 180–195

19.

H. Martín, T. Korak, E.S. Millán, M. Hutter, Fault attacks on STRNGs: impact of glitches, temperature, and underpowering on randomness. IEEE Trans. Inf. Forensics Secur. 10(2), 266–277 (2015)CrossRef

20.

C. O’Flynn, Fault injection using crowbars on embedded systems, Cryptology ePrint Archive, Report 2016/810 (2016). https://eprint.iacr.org/2016/810

21.

S. Ordas, L. Guillaume-Sage, P. Maurine, EM injection: fault model and locality, in Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2015 (IEEE, Piscataway, 2015), pp. 3–13

22.

S. Picek, L. Batina, D. Jakobovic, R.B. Carpi, Evolving genetic algorithms for fault injection attacks, in 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), May (2014), pp. 1106–1111

23.

S. Picek, L. Batina, P. Buzing, D. Jakobovic, Fault injection with a new flavor: memetic algorithms make a difference, in Constructive Side-Channel Analysis and Secure Design, ed. by S. Mangard, A.Y. Poschmann (Springer, Cham, 2015), pp. 159–173CrossRef

24.

S. Picek, A. Heuser, A. Jovic, S.A. Ludwig, S. Guilley, D. Jakobovic, N. Mentens, Side-channel analysis and machine learning: a practical perspective, in 2017 International Joint Conference on Neural Networks, IJCNN 2017, Anchorage, AK, May 14–19 (2017), pp. 4095–4102

25.

J.-J. Quisquater, D. Samyde, Electromagnetic analysis (EMA): measures and counter-measures for smart cards, in Smart Card Programming and Security, ed. by I. Attali, T. Jensen (Springer, Berlin, 2001), pp. 200–210CrossRef

26.

N. Samwel, L. Batina, Practical fault injection on deterministic signatures: the case of EdDSA, in Progress in Cryptology – AFRICACRYPT 2018, ed. by A. Joux, A. Nitaj, T. Rachidi (Springer, Cham, 2018), pp. 306–321CrossRef

Title: Optimizing Electromagnetic Fault Injection with Genetic Algorithms
Authors: Antun Maldini
Niels Samwel
Stjepan Picek
Lejla Batina
Publisher: Springer International Publishing
Book: Automated Methods in Cryptographic Fault Analysis
Print ISBN: 978-3-030-11332-2

Electronic ISBN: 978-3-030-11333-9

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-11333-9_13