Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Introduction to Fault Analysis in Cryptography Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

2. ExpFault: An Automated Framework for Block Cipher Fault Analysis

verfasst von : Sayandeep Saha, Debdeep Mukhopadhyay, Pallab Dasgupta

Erschienen in: Automated Methods in Cryptographic Fault Analysis

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Intentional or unintentional faults in computation or control flow of modern computing systems can be catastrophic if they are exploited maliciously. One of the primary targets of malicious faults are the modern cryptographic primitives—especially the block ciphers. Designing precise countermeasures against such threats is desirable, but that requires comprehensive knowledge about the attack space of the cryptographic algorithm as well as the implementation. Although manual efforts for vulnerability analysis of fault attacks is quite widespread, it becomes infeasible with the fact that the number of existing ciphers is quite large today. Formidable size of fault spaces and their diversity further highlights the need for automation in this context. Since fault attacks for block ciphers are critically dependent on the mathematical properties of the cipher, a comprehensive understanding of the attack space thus should begin with automated algorithmic analysis. This chapter lays the foundations for automated fault analysis of ciphers and presents a framework called ExpFault for automated algorithm-level fault analysis.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Introduction to Fault Analysis in Cryptography
Nächstes Kapitel Exploitable Fault Space Characterization: A Complementary Approach
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
In fact, recently there is a call from National Institute of Standards and Technology (NIST) for standardizing lightweight cipher designs (available online at https://​csrc.​nist.​gov/​Projects/​Lightweight-Cryptography).
 
2
Fault attack countermeasures, in general, are resource-hungry.
 
3
This claim is certainly not restricted to DFAs only and is valid for other classes of fault attacks as well.
 
4
We refer to [20] for the proof of optimality.
 
5
In the next chapter, we shall present another framework which fully utilizes the aforementioned advantage of AFA while making it fairly scalable.
 
6
z = 1, 2, …, l.
 
7
Values of \(w^{ij}_z\) belongs to the set {0, 1, …2m − 1}.
 
8
\({p {'}}^{~w^{ij}_z}_q := \frac {\#q}{|T_{w^{ij}_z}|}\), where #q denote the frequency of q ∈{0, 1, …2m − 1} in \(T_{w^{ij}_z}\).
 
9
VarCount returns the number of variables in a variable set.
 
10
Calculate the probability distribution of each variable set.
 
11
Calculate the entropy of variable sets.
 
12
This is in contrast to the last subsection, where they (the states) were represented as vectors of variables of size m bits.
 
13
We have described the distinguisher corresponding to this attack in Example 2.2.
 
14
The IDFA distinguisher was described in Example 2.1.
 
15
Note that we have used the term “group” to differentiate it from the variable sets. From this point onwards, we shall use variable set and variable group to identify these two separate entities. Variable sets can be members of variable groups.
 
16
The distinguisher here simultaneously extracts round keys from the last two rounds of PRESENT. Total 128 key bits are extracted which can uniquely determine the 80 bit master key by using key scheduling equations.
 
17
BitCount returns the number of bit variables in (MKS h).
 
18
Following the terminology used in this chapter, here we have |MKS h| = 8 and |VG h| = 4.
 
19
For each choice of 28th and 27th round keys we have 23.53 choices for 26th and 25 round keys combined.
 
20
In fact, all the itemsets found for GIFT were spurious and the cipher does not have variable associations. In such cases, the support can be increased to stop spurious itemset generation.
 
21
One should note that the tool is still in its initial phase and we shall try to address all the above-mentioned issues before making it open source.
 
22
Refer to Table 2.4 for the description of the distinguishers.
 
23
The round constant bits of GIFT cipher are not shown in the graphs as they are found to have no effect on the DFA complexity calculation.
 
Literatur
1.
S. Banik, S.K. Pandey, T. Peyrin, Y. Sasaki, S.M. Sim, Y. Todo, GIFT: a small PRESENT, in International Conference on Cryptographic Hardware and Embedded Systems (Springer, New York, 2017), pp. 321–345
2.
G. Barthe, F. Dupressoir, P.-A. Fouque, B. Grégoire, J.-C. Zapalowicz, Synthesis of fault attacks on cryptographic implementations, in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (ACM, New York, 2014), pp. 1016–1027
3.
R. Beaulieu, S. Treatman-Clark, D. Shors, B. Weeks, J. Smith, L. Wingers, The simon and speck lightweight block ciphers, in 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1–6, June 2015
4.
C. Beierle, J. Jean, S. Kölbl, G. Leander, A. Moradi, T. Peyrin, Y. Sasaki, P. Sasdrich, S.M. Sim, The SKINNY family of block ciphers and its low-latency variant MANTIS, in Annual Cryptology Conference (Springer, Berlin, 2016), pp. 123–153MATH
5.
E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in Advances in Cryptology - CRYPTO ’97, ed. by B.S. Kaliski Jr. Lecture Notes in Computer Science, vol. 1294 (Springer, Berlin, 1997), pp. 513–525
6.
A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J. Robshaw, Y. Seurin, C. Vikkelsoe, PRESENT: an ultra-lightweight block cipher, in Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems, CHES ’07 (Springer, Berlin, 2007), pp. 450–466MATH
7.
J. Breier, D. Jap, S. Bhasin, SCADPA: side-channel assisted differential-plaintext attack on bit permutation based ciphers, in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2018 (IEEE, Piscataway, 2018), pp. 1129–1134CrossRef
8.
J. Daemen, V. Rijmen, The Design of Rijndael (Springer, New York, 2002)CrossRef
9.
P. Derbez, P.-A. Fouque, D. Leresteux, Meet-in-the-middle and impossible differential fault analysis on AES, in International Workshop on Cryptographic Hardware and Embedded Systems (Springer, Berlin, 2011), pp. 274–291
10.
P. Dusart, G. Letourneux, O. Vivolo, Differential fault analysis on AES, in International Conference on Applied Cryptography and Network Security (Springer, Berlin, 2003), pp. 293–306MATH
11.
N.F. Ghalaty, B. Yuce, M. Taha, P. Schaumont, Differential fault intensity analysis, in Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2014 (IEEE, Piscataway, 2014), pp. 49–58
12.
J. Guo, T. Peyrin, A. Poschmann, M. Robshaw, The LED block cipher, in Cryptographic Hardware and Embedded Systems – CHES 2011 (Springer, Berlin, 2011), pp. 326–341CrossRef
13.
M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, I.H. Witten, The WEKA data mining software: an update. SIGKDD Explor. 11(1), 10–18 (2009)CrossRef
14.
K. Jeong, Y. Lee, J. Sung, S. Hong, Improved differential fault analysis on present-80/128. Int. J. Comput. Math. 90(12), 2553–2563 (2013)CrossRef
15.
P. Khanna, C. Rebeiro, A. Hazra, XFC: a framework for eXploitable fault characterization in block ciphers, in Proceedings of the 54th Annual Design Automation Conference 2017, DAC ’17 (ACM, New York, 2017), pp. 8:1–8:6
16.
C.H. Kim, Efficient methods for exploiting faults induced at AES middle rounds. IACR Cryptol. ePrint Arch. 2011, 349 (2011)
17.
Z. Liu, Y. Liu, Q. Wang, D. Gu, W. Li, Meet-in-the-middle fault analysis on word-oriented substitution-permutation network block ciphers. Secur. Commun. Netw. 8(4), 672–681 (2015)CrossRef
18.
S. Patranabis, J. Breier, D. Mukhopadhyay, S. Bhasin, One plus one is more than two: a practical combination of power and fault analysis attacks on PRESENT and PRESENT-like block ciphers, in Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2017 (IEEE, Piscataway, 2017), pp. 25–32
19.
D. Saha, D. Mukhopadhyay, D.R. Chowdhury, A diagonal fault attack on the advanced encryption standard. IACR Cryptol. ePrint Arch. 2009, 581 (2009)
20.
S. Saha, D. Mukhopadhyay, P. Dasgupta, ExpFault: an automated framework for exploitable fault characterization in block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 242–276 (2018)
21.
S. Saha, D. Jap, S. Patranabis, D. Mukhopadhyay, S. Bhasin, P. Dasgupta, Automatic characterization of exploitable faults: a machine learning approach. IEEE Trans. Inf. Forensics Secur. 14(4), 954–968 (2019)CrossRef
22.
M. Tunstall, D. Mukhopadhyay, S. Ali, Differential fault analysis of the advanced encryption standard using a single fault, in IFIP International Workshop on Information Security Theory and Practices (Springer, Berlin, 2011), pp. 224–233
23.
G. Wang, S. Wang, Differential fault analysis on PRESENT key schedule, in International Conference on Computational Intelligence and Security (CIS), 2010 (IEEE, Piscataway, 2010), pp. 362–366CrossRef
24.
F. Zhang, S. Guo, X. Zhao, T. Wang, J. Yang, F.-X. Standaert, D. Gu, A framework for the analysis and evaluation of algebraic fault attacks on lightweight block ciphers. IEEE Trans. Inf. Forensics Secur. 11(5), 1039–1054 (2016)CrossRef
25.
X. Zhao, S. Guo, T. Wang, F. Zhang, Z. Shi, Fault-propagate pattern based DFA on PRESENT and PRINT cipher. Wuhan Univ. J. Nat. Sci. 17(6), 485–493 (2012)MathSciNetCrossRef
Metadaten
Titel
ExpFault: An Automated Framework for Block Cipher Fault Analysis
verfasst von
Sayandeep Saha
Debdeep Mukhopadhyay
Pallab Dasgupta
Copyright-Jahr
2019
Buch
Automated Methods in Cryptographic Fault Analysis

Print ISBN: 978-3-030-11332-2

Electronic ISBN: 978-3-030-11333-9

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-11333-9_2

Neuer Inhalt

    Bildnachweise