nach oben

Journal of Cryptographic Engineering

Erschienen in:

28.10.2016 | Special Section On Proofs 2015

Using linear codes as a fault countermeasure for nonlinear operations: application to AES and formal verification

verfasst von: Sabine Azzi, Bruno Barras, Maria Christofi, David Vigilant

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 1/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recently, Bringer et al. [10] introduced a new countermeasure based on linear codes. This elegant design aims at protecting advanced encryption standard against both side-channel attacks and fault attacks (FA). However, the fault detection during nonlinear operations (for example SubBytes operation) was left as an open question. The present work studies how linear systematic error correcting codes can simply be used to detect fault injections during nonlinear operations in a symmetric block cipher. In particular, for the faults that cause errors with limited Hamming weight, this method can lead to interesting detection capabilities. Considering this way of protecting AES encryption against FA, a concrete implementation is presented. For a given fault model, a methodology of formal verification is applied to some parts of this implementation, assessing the fault resistance of one linear operation AddRoundKey and one nonlinear operation SubBytes.

Vorheriger Artikel SMASHUP: a toolchain for unified verification of hardware/software co-designs

Nächster Artikel Multi-level formal verification

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

A list and analysis of existing CED techniques can be found in [20].

known as CIS code [11].

ACSL. http://frama-c.com/acsl.html

Anderson, R., Kuhn, M.: Low cost attacks on tamper-resistant devices. In: Security Protocols 5th International Workshop, pp. 125–136 (1997)

Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P., Grégoire, B., Strub, P.: Verified proofs of higher-order masking. In: Advances in Cryptology—EUROCRYPT 2015, 457–485 (2015)

Berthomé, P., Heydemann, K., Kauffmann-Tourkestansky, X., Lalande, J.F.: High level model of control flow attacks for smart card functional security. In: 7th International Conference on Availability, Reliability and Security, pp. 224–229. IEEE Computer Society (2012). doi:10.1109/ARES.2012.79. http://hal.archives-ouvertes.fr/hal-00721111

Betsumiya, K., Harada, M.: Binary optimal odd formally self-dual codes. Des. Codes Cryptogr. 23(1), 11–22 (2001). doi:10.1023/A:1011203416769

Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO ’97, pp. 513–525 (1997)

Blöemer, J., Seifert, J.P.: Fault based cryptanalysis of the aes. Cryptology ePrint Archive, Report 2002/075 (2002). http://eprint.iacr.org/

Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)MathSciNetCrossRefMATH

Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems—CHES 2004, CHES ’04, pp. 16–29 (2004)

10.

Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking—a smartcard friendly computation paradigm in a code, with builtin protection against side-channel and fa. In: Information Security Theory and Practice. Securing the Internet of Things, pp. 40–56 (2014)

11.

Carlet, C., Gaborit, P., Kim, J., Solé, P.: A new class of codes for boolean masking of cryptographic computations. IEEE Trans. Inf. Theory 58(9), 6000–6011 (2012)MathSciNetCrossRef

12.

Christofi, M.: Security proofs of cryptographic implementations. Thesis report (2013)

13.

Christofi, M., Chetali, B., Goubin, L., Vigilant, D.: Formal verification of a CRT-RSA implementation against fault attacks. J. Cryptogr. Eng. 3(3), 157–167 (2013). doi:10.1007/s13389-013-0049-3 CrossRef

14.

Coron, J.S., Roy, A., Vivek, S.: Fast evaluation of polynomials over binary finite fields and application to side-channel countermeasures. In: Cryptographic Hardware and Embedded Systems—CHES 2014, pp. 170–187 (2014)

15.

Courbon, F., Loubet-Moundi, P., Fournier, J., Tria, A.: Adjusting laser injections for fully controlled faults. In: COSADE 2014, Lecture Notes in Computer Science, vol. 8622, pp. 229–242. Springer International Publishing (2014)

16.

Floissac, N., L’Hyver, Y.: From aes-128 to aes-192 and aes-256, how to adapt DFA attacks. Cryptology ePrint Archive, Report 2010/396 (2010). http://eprint.iacr.org/

17.

frama-c. http://frama-c.com/

18.

Gierlichs, B., Schmidt, J.M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. Cryptology ePrint Archive, Report 2012/678 (2012)

19.

Giraud, C., Thillard, A.: Piret and quisquater’s DFA on AES revisited. Cryptology ePrint Archive, Report 2010/440 (2010). http://eprint.iacr.org/

20.

Guo, X., Mukhopadhyay, D., Karri, K.: Provably secure concurrent error detection against differential fault analysis. Cryptology ePrint Archive, Report 2012/552 (2012). http://eprint.iacr.org/

21.

H.-K., C.: Improved DFA on AES key schedule. IEEE Trans. Inf. Forensics Secur. 7(1), 41–50 (2012). doi:10.1109/TIFS.2011.2161289

22.

Heydemann, K., Moro, N., Encrenaz, E., Robisson, B.: Formal verification of a software countermeasure against instruction skip attacks. IACR Cryptology ePrint Archive 2013, 679 (2013). http://eprint.iacr.org/2013/679

23.

Jessie. http://krakatoa.lri.fr/#jessie

24.

Karpovsky, M., Kulikowski, K., Taubin, A.: Robust protection against fault-injection attacks on smart cards implementing the aes. In: 2004 International Conference on Dependable Systems and Networks, pp. 93–101 (2004). doi:10.1109/DSN.2004.1311880

25.

Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers. IEEE Trans. CAD Integr. Circuits Syst. 21(12), 1509–1517 (2002). doi:10.1109/TCAD.2002.804378 CrossRef

26.

Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Conference on Advances in Cryptology, CRYPTO ’99, pp. 388–397. Springer-Verlag, London, UK (1999). http://portal.acm.org/citation.cfm?id=646764.703989

27.

Leveugle, R., Ammari, A., Maingot, V., Teyssou, E., Moitrel, P., Mourtel, C., Feyt, N., Rigaud, J.B., Tria, A.: Experimental evaluation of protections against laser-induced faults and consequences on fault modeling. In: Design, Automation Test in Europe Conference Exhibition, 2007. DATE ’07, pp. 1–6 (2007)

28.

Malkin, T., Standaert, F.X., Yung, M.: A comparative cost/security analysis of fa countermeasures. In: Workshop FDTC 2006. Lecture Notes in Computer Science, vol. 4236, pp. 159–172. Springer, Berlin Heidelberg (2006)

29.

Mayer-Sommer, R.: Smartly analyzing the simplicity and the power of simple power analysis on smartcards. In: Cryptographic Hardware and Embedded Systems—CHES 2000, CHES ’00, pp. 78–92. Springer-Verlag, London, UK (2000). http://portal.acm.org/citation.cfm?id=648253.752540

30.

Meola, M.L., Walker, D.: Faulty logic: Reasoning about fault tolerant programs. In: Programming Languages and Systems, ESOP 2010, Lecture Notes in Computer Science, vol. 6012, pp. 468–487. Springer (2010)

31.

Moradi, A., Shalmani, M., Salmasizadeh, M.: A generalized method of DFA against AES cryptosystem. In: Cryptographic Hardware and Embedded Systems—CHES 2006, pp. 91–100 (2006)

32.

Mukhopadhyay, D.: An improved fault based attack of the advanced encryption standard. In: AFRICACRYPT 2009. Lecture Notes in Computer Science, vol. 5580, pp. 421–434. Springer, Berlin Heidelberg (2009)

33.

NIST: FIPS 197. National Institute of Standards and Technology, November pp. 1–51 (2001). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

34.

P. Dusart, G.L., Vivolo, O.: Differential fault analysis on a.e.s. Cryptology ePrint Archive, Report 2003/010 (2003). http://eprint.iacr.org/

35.

Piret, G., Quisquater, J.J.: A differential fault attack technique against spn structures, with application to the aes and khazad. In: Cryptographic Hardware and Embedded Systems—CHES 2003. Lecture Notes in Computer Science, vol. 2779, pp. 77–88. Springer, Berlin Heidelberg (2003)

36.

Rauzy, P., Guilley, S.: A formal proof of countermeasures against fault injection attacks on CRT-RSA. J. Cryptogr. Eng. 4(3), 173–185 (2014). doi:10.1007/s13389-013-0065-3 CrossRef

37.

Rivain, M., Prouff, E.: Provably secure higher-order masking of aes. Cryptology ePrint Archive, Report 2010/441 (2010). http://eprint.iacr.org/

38.

Tunstall, M., Whitnall, C., Oswald, E.: Masking tables - an underestimated security risk. In: Fast Software Encryption—FSE 2013, 425–444 (2013)

39.

Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Destroying fault invariant with randomization - A countermeasure for AES againstDFA. In: Cryptographic Hardware and Embedded Systems—CHES 2014, 93–111 (2014)

40.

Why3. http://why3.lri.fr/

Titel: Using linear codes as a fault countermeasure for nonlinear operations: application to AES and formal verification
verfasst von: Sabine Azzi
Bruno Barras
Maria Christofi
David Vigilant
Publikationsdatum: 28.10.2016
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 1/2017
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-016-0138-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2017

Buffer overflow attack with multiple fault injection and a proven countermeasure

Smart security management in secure devices

Mutual information analysis: higher-order statistical moments, efficiency and efficacy

SMASHUP: a toolchain for unified verification of hardware/software co-designs

Multi-level formal verification

Trust can be misplaced

Premium Partner