nach oben

Journal of Cryptographic Engineering

Erschienen in:

01.04.2016 | Regular Paper

AES T-Box tampering attack

verfasst von: Alejandro Cabrera Aldaya, Alejandro J. Cabrera Sarmiento, Santiago Sánchez-Solano

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 1/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The use of embedded block memories (BRAMs) in Xilinx FPGA devices makes it possible to store the T-Boxes that are employed to implement the AES block cipher’s SubBytes and MixColumns operations. Several studies into BRAM resistance to side-channel attacks have been reported in the literature, whereas this paper presents a novel attack based on tampering the BRAMs storing the T-Boxes. This approach allows recovering the key using a ciphertext-only attack for all AES key sizes. The complexity of the attack makes it completely feasible. The attack was mounted against previously reported FPGA-based AES implementations, taking into account the different design criteria used in each case and focusing mainly on the implementation of the final round of the AES algorithm, which plays a crucial role in the analysis. Three different final round implementations extracted from well-known existing architectures are analyzed in this work. The paper also discusses some countermeasures with regard to security, performance and FPGA resource utilization. The attack is presented against FPGA-based implementations but it can be extended to software architectures as well.

Vorheriger Artikel Automated teller machines: their history and authentication protocols

Nächster Artikel When organized crime applies academic results: a forensic analysis of an in-card listening device

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

In the AES specification the round keys are represented as an array of words \(W\). In this paper, for the sake of notational simplicity in later sections, we use \(K_{r}(w)\) to represent the word \(w\) of \(K_{r}\) round key.

Actually only two tables (\(T'_{0}\) and \(T'_{2}\)) are stored for the final round and \(T'_{1}\) and \(T'_{3}\) are derived from them. But this implementation detail does not affect the proposed attack for this MEB (see Sect. 4.3).

Considering that \(S^{Nr-2}\) contains the state after the ShiftRows transformation.

The notation \((x,y)\rightarrow z\) should be read: \((x,y)\) points to \(z\).

The step 21 of Algorithm 2 must ensure that the new value of \(d\) is different to zero.

Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Kaliski, B.S., Jr., Koç, C.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, vol. 2523, pp. 29–45. Springer (2003)

Bhasin, S., Guilley, S., Heuser, A., Danger, Jl: From cryptography to hardware: analyzing and protecting embedded Xilinx BRAM for cryptographic applications. J. Cryptogr. Eng. 3(4), 213–225 (2013). doi:10.1007/s13389-013-0048-4 CrossRef

Bulens, P., Standaert, F.X., Quisquater, J.J., Pellegrin, P., Rouvroy, G.: Implementation of the AES-128 on Virtex-5 FPGAs. In: S. Vaudenay (ed.) Progress in Cryptology—AFRICACRYPT 2008, No. 5023 in Lecture Notes in Computer Science, pp. 16–26. Springer, Berlin, Heidelberg (2008)

Campbell, S., Grinchenko, M., Smith, W.: Linear cryptanalysis of simplified AES under change of S-Box. Cryptologia 37(2), 120–138 (2013). doi:10.1080/01611194.2012.660236 CrossRef

Canright, D.: A very compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, vol. 3659, pp. 441–455. Springer (2005)

Chang, K.H., Chen, Y.C., Hsieh, C.C., Huang, C.W., Chang, C.J.: Embedded a low area 32-bit AES for image encryption/decryption application. In: 2009 IEEE International Symposium on Circuits and Systems, pp. 1922–1925. IEEE (2009). doi:10.1109/ISCAS.2009.5118159

Daemen, J., Rijmen, V.: AES proposal: Rijndael. In: First Advanced Encryption Standard (AES) Conference (1998)

Devic, F., Torres, L., Crenne, J., Badrignans, B., Benoit, P.: SecURe DPR: Secure update preventing replay attacks for dynamic partial reconfiguration. In: Field Programmable Logic and Applications, 2012. FPL 2012. International Conference on, pp. 57–62. IEEE, Oslo (2012). doi:10.1109/FPL.2012.6339241

Drimer, S., Tim, G., Paar, C., Horst, G., Guneysu, T.: DSPs, BRAMs and a pinch of logic: new recipes for AES on FPGAs. In: Field-Programmable Custom Computing Machines, 2008. FCCM’08. 16th International Symposium, pp. 99–108. IEEE (2008)

10.

Dworkin, M.J.: SP 800-38F. Recommendation for block cipher modes of operation: methods for key wrapping. National Institute of Standards and Technology (2012)

11.

Dworkin, M.J.: SP 800-38A. Recommendation for block cipher modes ofoperation: methods and techniques. National Institute of Standards and Technology (2001)

12.

Dworkin, M.J.: SP 800-38C Recommendation for block cipher modes of operation: the CCM mode for authentication and confidentiality. National Institute of Standards and Technology (2004)

13.

Dworkin, M.J.: SP 800-38B. Recommendation for block cipher modes of operation: the CMAC mode for Authentication. National Institute of Standards and Technology (2005)

14.

Dworkin, M.J.: SP 800-38D. Recommendation for block cipher modes of operation: Galois/Counter mode (GCM) and GMAC. National Institute of Standards and Technology (2007)

15.

Fischer, V., Drutarovský, M.: Two methods of Rijndael implementation in reconfigurable hardware. In: Koç, C.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, vol. 2162, pp. 77–92. Springer (2001)

16.

Gaspar, L., Fischer, V., Bossuet, L., Fouquet, R.: Secure extension of FPGA general purpose processors for symmetric key cryptography with partial reconfiguration capabilities. ACM Trans. Reconfig. Technol. Syst. 5(3), 1–13 (2012). doi:10.1145/2362374.2362380 CrossRef

17.

Good, T., Benaissa, M.: AES on FPGA from the fastest to the smallest. In: Rao, J.R., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, vol. 3659, pp. 427–440. Springer (2005)

18.

Gullasch, D., Bangerter, E., Krenn, S.: Cache games—bringing access-based cache attacks on AES to practice. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP ’11, pp. 490–505. IEEE Computer Society, Washington, DC (2011). doi:10.1109/SP.2011.22

19.

Kerins, T., Kursawe, K.: A cautionary note on weak implementations of block ciphers. In: In 1st Benelux Workshop on Information and System Security (WISSec 2006) (2006)

20.

Koç, C.K. (ed.): Cryptographic Engineering. Springer, Boston (2009). doi:10.1007/978-0-387-71817-0

21.

Künnemann, R., Steel, G.: YubiSecure? formal security analysis results for the Yubikey and YubiHSM. In: Revised Selected Papers of the 8th Workshop on Security and Trust Management (STM’12), Lecture Notes in Computer Science, vol. 7783, pp. 257–272. Springer, Pisa (2012). doi:10.1007/978-3-642-38004-4_17

22.

Leander, G., Poschmann, A.: On the classification of 4 bit S-Boxes. In: Proceedings of the 1st International Workshop on Arithmetic of Finite Fields, WAIFI ’07, pp. 159–176. Springer, Berlin, Heidelberg (2007). doi:10.1007/978-3-540-73074-3_13

23.

Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM Conference on Computer and Communications Security (CCS 2011), pp. 111–124. Chicago (2011)

24.

Moradi, A., Kasper, M., Paar, C.: On the portability of side-channel attacks: an analysis of the Xilinx Virtex 4, Virtex 5, and Spartan 6 bitstream encryption mechanism. Cryptology ePrint Archive, Report 2011/391 (2011). http://eprint.iacr.org/2011/391

25.

Moradi, A., Kasper, M., Paar, C.: Black-box side-channel attacks highlight the importance of countermeasures. In: Topics in Cryptology-CT-RSA 2012, pp. 1–18. Springer, San Francisco (2012)

26.

Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A Generalized method of differential fault attack against AES cryptosystem. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, vol. 4249, pp. 91–100. Springer (2006)

27.

National Institute of Standards and Technology: Announcing the advanced encryption standard (AES), vol 197. Federal Information Processing Standards Publication (2001)

28.

Neve, M., Tiri, K.: On the complexity of side-channel attacks on AES-256—methodology and quantitative results on cache attacks. Cryptology ePrint Archive, Report 2007/318 (2007). http://eprint.iacr.org/2007/318

29.

OpenSSL Development Community: OpenSSL: The Open Source toolkit for SSL/TLS (2014)

30.

Piret, G., Quisquater, J.J.: A Differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Walter, C.D., Koç, C.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, vol. 2779, pp. 77–88. Springer (2003)

31.

Rouvroy, G., Standaert, F.X., Quisquater, J.J., Legat, J.D.: Compact and efficient encryption/decryption module for FPGA implementation of the AES Rijndael very well suited for small embedded applications. In: International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004, vol. 2, pp. 583–587. IEEE (2004). doi:10.1109/ITCC.2004.1286716

32.

Schlösser, A., Nedospasov, D., Krämer, J., Orlic, S., Seifert, J.P.: Simple photonic emission analysis of AES. J. Cryptogr. Eng. 3(1), 3–15 (2013). doi:10.1007/s13389-013-0053-7 CrossRef

33.

Shah, S., Velegalati, R., Kaps, J.p.J.P., Hwang, D.: Investigation of DPA resistance of block RAMs in cryptographic implementations on FPGAs. In: Reconfigurable Computing and FPGAs (ReConFig), 2010 International Conference, pp. 274–279. IEEE (2010)

34.

Swierczynski, P., Fyrbiak, M., Koppe, P., Paar, C.: FPGA Trojans through detecting and weakening of cryptographic primitives. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. (2015). doi:10.1109/TCAD.2015.2399455

35.

Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2009). doi:10.1007/s00145-009-9049-y MathSciNetCrossRefMATH

36.

Xilinx Inc.: Spartan-3E FPGA family data sheet (DS312). Technical Report, Xilinx Inc. (2005)

37.

Xilinx Inc.: Data2MEM user guide (UG658). Technical report, Xilinx Inc. (2010)

38.

Xilinx Inc.: Spartan-6 FPGA configurable logic block user guide (UG384). Technical Report, Xilinx Inc. (2010)

39.

Xilinx Inc.: Spartan-6 FPGA configuration user guide (UG380). Technical Report, Xilinx Inc. (2012)

Titel: AES T-Box tampering attack
verfasst von: Alejandro Cabrera Aldaya
Alejandro J. Cabrera Sarmiento
Santiago Sánchez-Solano
Publikationsdatum: 01.04.2016
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 1/2016
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-015-0103-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2016

Automated teller machines: their history and authentication protocols

Fault model of electromagnetic attacks targeting ring oscillator-based true random number generators

The BRUTUS automatic cryptanalytic framework

When organized crime applies academic results: a forensic analysis of an in-card listening device