201 research outputs found
Integrated Evaluation Platform for Secured Devices
International audienceIn this paper, we describe the structure of a FPGAsmart card emulator. The aim of such an emulator is to improvethe behaviour of the whole architecture when faults occur. Withinthis card, an embedded Advanced Encryption Standard (AES)protected against DFA is inserted as well as a fault injectionblock. We also present the microprocessor core which controlsthe whole card
Design and evaluation of countermeasures against fault injection attacks and power side-channel leakage exploration for AES block cipher
Differential Fault Analysis (DFA) and Power Analysis (PA) attacks, have become the main
methods for exploiting the vulnerabilities of physical implementations of block ciphers, currently used in
a multitude of applications, such as the Advanced Encryption Standard (AES). In order to minimize these
types of vulnerabilities, several mechanisms have been proposed to detect fault attacks. However, these
mechanisms can have a signi cant cost, not fully covering the implementations against fault attacks or not
taking into account the leakage of the information exploitable by the power analysis attacks. In this paper,
four different approaches are proposed with the aim of protecting the AES block cipher against DFA. The
proposed solutions are based on Hamming code and parity bits as signature generators for the internal state of
the AES cipher. These allow to detect DFA exploitable faults, from bit to byte level. The proposed solutions
have been applied to a T-box based AES block cipher implemented on Field Programmable Gate Array
(FPGA). Experimental results suggest a fault coverage of 98.5% and 99.99% with an area penalty of 9%
and 36% respectively, for the parity bit signature generators and a fault coverage of 100% with an area
penalty of 18% and 42% respectively when Hamming code signature generator is used. In addition, none
of the proposed countermeasures impose a frequency degradation, in respect to the unprotected cipher. The
proposed work goes further in the evaluation of the proposed DFA countermeasures by evaluating the impact
of these structures in terms of power side-channel. The obtained results suggest that no extra information
leakage is produced that can be exploited by PA. Overall, the proposed DFA countermeasures provide a
high fault coverage protection with a low cost in terms of area and power consumption and no PA security
degradation
Algorithmic Security is Insufficient: A Comprehensive Survey on Implementation Attacks Haunting Post-Quantum Security
This survey is on forward-looking, emerging security concerns in post-quantum
era, i.e., the implementation attacks for 2022 winners of NIST post-quantum
cryptography (PQC) competition and thus the visions, insights, and discussions
can be used as a step forward towards scrutinizing the new standards for
applications ranging from Metaverse, Web 3.0 to deeply-embedded systems. The
rapid advances in quantum computing have brought immense opportunities for
scientific discovery and technological progress; however, it poses a major risk
to today's security since advanced quantum computers are believed to break all
traditional public-key cryptographic algorithms. This has led to active
research on PQC algorithms that are believed to be secure against classical and
powerful quantum computers. However, algorithmic security is unfortunately
insufficient, and many cryptographic algorithms are vulnerable to side-channel
attacks (SCA), where an attacker passively or actively gets side-channel data
to compromise the security properties that are assumed to be safe
theoretically. In this survey, we explore such imminent threats and their
countermeasures with respect to PQC. We provide the respective, latest
advancements in PQC research, as well as assessments and providing visions on
the different types of SCAs
A Comprehensive Survey on the Implementations, Attacks, and Countermeasures of the Current NIST Lightweight Cryptography Standard
This survey is the first work on the current standard for lightweight
cryptography, standardized in 2023. Lightweight cryptography plays a vital role
in securing resource-constrained embedded systems such as deeply-embedded
systems (implantable and wearable medical devices, smart fabrics, smart homes,
and the like), radio frequency identification (RFID) tags, sensor networks, and
privacy-constrained usage models. National Institute of Standards and
Technology (NIST) initiated a standardization process for lightweight
cryptography and after a relatively-long multi-year effort, eventually, in Feb.
2023, the competition ended with ASCON as the winner. This lightweight
cryptographic standard will be used in deeply-embedded architectures to provide
security through confidentiality and integrity/authentication (the dual of the
legacy AES-GCM block cipher which is the NIST standard for symmetric key
cryptography). ASCON's lightweight design utilizes a 320-bit permutation which
is bit-sliced into five 64-bit register words, providing 128-bit level
security. This work summarizes the different implementations of ASCON on
field-programmable gate array (FPGA) and ASIC hardware platforms on the basis
of area, power, throughput, energy, and efficiency overheads. The presented
work also reviews various differential and side-channel analysis attacks (SCAs)
performed across variants of ASCON cipher suite in terms of algebraic,
cube/cube-like, forgery, fault injection, and power analysis attacks as well as
the countermeasures for these attacks. We also provide our insights and visions
throughout this survey to provide new future directions in different domains.
This survey is the first one in its kind and a step forward towards
scrutinizing the advantages and future directions of the NIST lightweight
cryptography standard introduced in 2023
Differential Behavioral Analysis
International audienceThis paper describes an attack on cryptographic devices calledDifferential Behavioral Analysis (or DBA). This is an hybrid attackbetween two already powerful attacks: differential power analysis(DPA) for the statistical treatment and safe-error attack for the fault type. DBA, simulated on an algorithmic model of AES appears to be very efficient. The attacker is able to recover the entire secret keywith byte-wise \textquotedblleft stuck-at'' faults injected repetitively. A theorical as well as a more realistic approach are presented
On the Duality of Probing and Fault Attacks
In this work we investigate the problem of simultaneous privacy and integrity
protection in cryptographic circuits. We consider a white-box scenario with a
powerful, yet limited attacker. A concise metric for the level of probing and
fault security is introduced, which is directly related to the capabilities of
a realistic attacker. In order to investigate the interrelation of probing and
fault security we introduce a common mathematical framework based on the
formalism of information and coding theory. The framework unifies the known
linear masking schemes. We proof a central theorem about the properties of
linear codes which leads to optimal secret sharing schemes. These schemes
provide the lower bound for the number of masks needed to counteract an
attacker with a given strength. The new formalism reveals an intriguing duality
principle between the problems of probing and fault security, and provides a
unified view on privacy and integrity protection using error detecting codes.
Finally, we introduce a new class of linear tamper-resistant codes. These are
eligible to preserve security against an attacker mounting simultaneous probing
and fault attacks
ASSESSING AND IMPROVING THE RELIABILITY AND SECURITY OF CIRCUITS AFFECTED BY NATURAL AND INTENTIONAL FAULTS
The reliability and security vulnerability of modern electronic systems have emerged as concerns due to the increasing natural and intentional interferences. Radiation of high-energy charged particles generated from space environment or packaging materials on the substrate of integrated circuits results in natural faults. As the technology scales down, factors such as critical charge, voltage supply, and frequency change tremendously that increase the sensitivity of integrated circuits to natural faults even for systems operating at sea level. An attacker is able to simulate the impact of natural faults and compromise the circuit or cause denial of service. Therefore, instead of utilizing different approaches to counteract the effect of natural and intentional faults, a unified countermeasure is introduced. The unified countermeasure thwarts the impact of both reliability and security threats without paying the price of more area overhead, power consumption, and required time.
This thesis first proposes a systematic analysis method to assess the probability of natural faults propagating the circuit and eventually being latched. The second part of this work focuses on the methods to thwart the impact of intentional faults in cryptosystems. We exploit a power-based side-channel analysis method to analyze the effect of the existing fault detection methods for natural faults on fault attack. Countermeasures for different security threats on cryptosystems are investigated separately. Furthermore, a new micro-architecture is proposed to thwart the combination of fault attacks and side-channel attacks, reducing the fault bypass rate and slowing down the key retrieval speed. The third contribution of this thesis is a unified countermeasure to thwart the impact of both natural faults and attacks. The unified countermeasure utilizes dynamically alternated multiple generator polynomials for the cyclic redundancy check (CRC) codec to resist the reverse engineering attack
- …