Template-based Fault Injection Analysis of Block Ciphers

We present the first template-based fault injection analysis of FPGA-based block cipher implementations. While template attacks have been a popular form of side-channel analysis in the cryptographic literature, the use of templates in the context of fault attacks has not yet been explored to the best of our knowledge. Our approach involves two phases. The first phase is a profiling phase where we build templates of the fault behavior of a cryptographic device for different secret key segments under different fault injection intensities. This is followed by a matching phase where we match the observed fault behavior of an identical but black-box device with the pre-built templates to retrieve the secret key. We present a generic treatment of our template-based fault attack approach for SPN block ciphers, and illustrate the same with case studies on a Xilinx Spartan-6 FPGA-based implementation of AES-128

Taking into account indirect jumps or calls in continuous Control-Flow Checking

International audienceControl-flow checking (CFC) is one of the main approaches to monitor the behavior of a microprocessor-based system without specific assumptions on error models (e.g., single bit flips). Many approaches have been proposed and evaluated, but none takes explicitly into account the possibility of indirect jumps or calls for which destination addresses are not hard-coded. This paper discusses first the need for an approach taking care of such sequence breaks. Then an approach is proposed to enhance current control-flow checking schemes

A Frequency Leakage Model and its application to CPA and DPA

Abstract. This paper introduces a leakage model in the frequency domain to enhance the efficiency of Side Channel Attacks of CMOS circuits. While usual techniques are focused on noise removal around clock harmonics, we show that the actual leakage is not necessary located in those expected bandwidths as experimentally observed by E. Mateos and C.H. Gebotys in 2010. We start by building a theoretical modeling of power consumption and electromagnetic emanations before deriving from it a criterion to guide standard attacks. This criterion is then validated on real experiments, both on FPGA and ASIC, that show an impressive increase of the yield of SCA

A friendly framework for hidding fault enabled virus for Java based smartcard

Part 4: Smart Cards Security (Short Papers)International audienceSmart cards are the safer device to execute cryptographic algorithms. Applications are verified before being loaded into the card. Recently, the idea of combined attacks to bypass byte code verification has emerged. Indeed, correct and legitimate Java Card applications can be dynamically modified on-card using a laser beam to become mutant applications or fault enabled viruses. We propose a framework for manipulating binary applications to design viruses for smart cards. We present development, experimentation and an example of this kind of virus

Practical Fault Injection on Deterministic Signatures: The Case of EdDSA

Contains fulltext : 191724.pdf (Publisher’s version ) (Open Access

DFA on LS-Designs with a Practical Implementation on SCREAM

International audienceLS-Designs are a family of SPN-based block ciphers whose linear layer is based on the so-called interleaved construction. They will be dedicated to low-end devices with high performance and low-resource constraints, objects which need to be resistant to physical attacks. In this paper we describe a complete Differential Fault Analysis against LS-Designs and also on other families of SPN-based block ciphers. First we explain how fault attacks can be used against their implementations depending on fault models. Then, we validate the DFA in a practical example on a hardware implementation of SCREAM running on an FPGA. The faults have been injected using electromagnetic pulses during the execution of SCREAM and the faulty ciphertexts have been used to recover the key's bits. Finally, we discuss some countermeasures that could be used to thwart such attacks

Automatic Application of Software Countermeasures Against Physical Attacks

International audienceWhile the number of embedded systems is continuously increasing, securing software against physical attacks is costly and error-prone. Several works proposed solutions that automatically insert protections against these attacks in order to reduce this cost and this risk of error. In this chapter, we present a survey of existing approaches and classify them by the level at which they apply the countermeasure. We consider three different levels: the source code level, the compilation level, and the assembly/binary level. We explain the advantages and disadvantages of each level considering different criteria. Finally, we encourage future works to take compilation into account when designing tools, to consider the problem of combining countermeasures, as well as the interactions between countermeasures and compiler optimisations. Going one step further, we encourage future works to imagine how compilation could be modified or redesigned to optimise both performance and security