Statistical Fault Attacks on Nonce-Based Authenticated Encryption - - PowerPoint PPT Presentation

▶

Jan 04, 2023 320 likes •607 views

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M. Eichlseder 1 , T. Korak 1 , V. Lomn e 2 , F. Mendel 1 AsiaCrypt 2016 1 Graz University of Technology, Austria 2 ANSSI, Paris, France

SLIDE 1

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes

C. Dobraunig1, M. Eichlseder1, T. Korak1, V. Lomn´

e2, F. Mendel1 AsiaCrypt 2016

1 Graz University of Technology, Austria 2 ANSSI, Paris, France

SLIDE 2

www.iaik.tugraz.at

Overview

Fault attacks on AES-based AE-schemes

Nonce does not preclude fault attacks Based on Fuhr et al. (FDTC 2013) Faults influence distribution

Experiments to show practical relevance

1 / 21

SLIDE 3

www.iaik.tugraz.at

Statistical Fault Attack

SB SR AKequ SB SR AK MC C

2 / 21

SLIDE 4

www.iaik.tugraz.at

Application to Authenticated Encryption

Requirements for the Attack 1 The inputs need to be different for each fault 2 The block cipher output needs to be known

3 / 21

SLIDE 5

www.iaik.tugraz.at

Application to Authenticated Encryption

Authenticated encryption modes for block ciphers (ISO/IEC) CCM EAX GCM OCB

4 / 21

SLIDE 6

www.iaik.tugraz.at

Attack on CCM

NCTR0 ⊞ CTR1 · · · ⊞ CTRd 1 1 Ek Ek Ek S P1 ⊕ · · · Pd ⊕ C1 · · · Cd S V ⊕ · · · ⊕ ⊕ Ek Ek trunc T

5 / 21

SLIDE 7

www.iaik.tugraz.at

Attack on CCM

NCTR0 ⊞ CTR1 · · · ⊞ CTRd 1 1 Ek Ek Ek S P1 ⊕ · · · Pd ⊕ C1 · · · Cd S V ⊕ · · · ⊕ ⊕ Ek Ek trunc T

5 / 21

SLIDE 8

www.iaik.tugraz.at

Attack on OCB

P1 ∆1 ⊕ Ek ∆1 ⊕ C1 Pd−1 ∆d−1 ⊕ Ek ∆d−1 ⊕ Cd−1 . . . . . . . . . Pd0∗ ∆∗ Ek ⊕ Cd Mi ∆$ ⊕ Ek V ⊕ T

6 / 21

SLIDE 9

www.iaik.tugraz.at

Attack on OCB

P1 ∆1 ⊕ Ek ∆1 ⊕ C1 Pd−1 ∆d−1 ⊕ Ek ∆d−1 ⊕ Cd−1 . . . . . . . . . Pd0∗ ∆∗ Ek ⊕ Cd Mi ∆$ ⊕ Ek V ⊕ T

6 / 21

SLIDE 10

www.iaik.tugraz.at

Application to other schemes

rand rand rand ∆k ⊕ Ek Ek Et

∆k ⊕ C C C

7 / 21

SLIDE 11

www.iaik.tugraz.at

XEX-like Construction

Output masked by ∆k

∆k := δk ∆k := δk + δn ∆k := δk,n

Example: COPA rand ∆k ⊕ Ek ∆k ⊕ C

8 / 21

SLIDE 12

www.iaik.tugraz.at

Attack on COPA

P1 P2 Pd Pi 3L ⊕ 2 · 3L ⊕ 2d−13L ⊕ 2d−132L ⊕ Ek Ek Ek Ek V ⊕ ⊕ · · · ⊕ ⊕ L Ek Ek Ek Ek 2L ⊕ 22L ⊕ 2dL ⊕ 2d7L ⊕ C1 C2 Cd T L = Ek(0)

9 / 21

SLIDE 13

www.iaik.tugraz.at

Attack on COPA

P1 P2 Pd Pi 3L ⊕ 2 · 3L ⊕ 2d−13L ⊕ 2d−132L ⊕ Ek Ek Ek Ek V ⊕ ⊕ · · · ⊕ ⊕ L Ek Ek Ek Ek 2L ⊕ 22L ⊕ 2dL ⊕ 2d7L ⊕ C1 C2 Cd T L = Ek(0)

9 / 21

SLIDE 14

www.iaik.tugraz.at

Attack on COPA

Idea: Consider 2L as part of the last subkey

SK ′

10 := SK10 ⊕ 2L

Apply SFA to recover SK ′

Repeat attack to either recover

SK9 (in round 9) or SK ′′

10 := SK10 ⊕ 22L of the next block the get SK10

⇒ Attack complexity (number of needed faults) is doubled

10 / 21

SLIDE 15

www.iaik.tugraz.at

XEX-like Construction

Output masked by ∆k

∆k := δk ∆k := δk + δn ∆k := δk,n

rand ∆k ⊕ Ek ∆k ⊕ C

11 / 21

SLIDE 16

www.iaik.tugraz.at

Tweakable Block Cipher

TWEAKEY framework

Deoxys KIASU . . .

rand Et

C

12 / 21

SLIDE 17

www.iaik.tugraz.at

Attack on Deoxys=

P1 Pd Pi E0,N,0

· · · E0,N,d−1

E1,N,d−1

⊕ V C1 Cd T Similar to OCB

13 / 21

SLIDE 18

www.iaik.tugraz.at

Attack on Deoxys=

P1 Pd Pi E0,N,0

· · · E0,N,d−1

E1,N,d−1

⊕ V C1 Cd T Similar to OCB

13 / 21

SLIDE 19

www.iaik.tugraz.at

Attack on Deoxys=

Deoxys-BC-256

k h 2 h · · · h 2 t h h · · · h ⊕ RC0 ⊕ RC1 ⊕ RC13 ⊕ RC14 SK0 SK1 SK13 SK14 P ⊕ f ⊕ f · · · ⊕ f ⊕ C

14 / 21

SLIDE 20

www.iaik.tugraz.at

Summary of Results

Primitive Classification Comments CCM basic CTR GCM basic CTR EAX basic CTR OCB basic XE Cloc/Silc∗ basic CFB OTR∗ basic XE COPA∗ XEX ELmD∗ XEX SHELL∗ XEX KIASU∗ TBC Deoxys∗ TBC

∗ CAESAR candidates 15 / 21

SLIDE 21

www.iaik.tugraz.at

Practical Verification/Implementation

Clock glitches

General-purpose microcontroller AES software implementation AES hardware co-processor

Laser fault injection

Smartcard microcontroller AES hardware co-processor

⇒ Key-recovery with a small number of faulty ciphertexts

16 / 21

SLIDE 22

www.iaik.tugraz.at

ATxmega 256A3

10 20 30 40 50 60 70 80 2−5 2−4 2−3 2−2 2−1 number of faulty encryptions SEI correct key wrong keys Software implementation Single clock glitch

17 / 21

SLIDE 23

www.iaik.tugraz.at

ATxmega 256A3

10 20 30 40 50 60 70 80 2−5 2−4 2−3 2−2 2−1 number of faulty encryptions SEI correct key wrong keys Software implementation Multiple clock glitches

18 / 21

SLIDE 24

www.iaik.tugraz.at

Smartcard Microcontroller

10 20 30 40 50 60 70 80 2−5 2−4 2−3 2−2 2−1 number of faulty encryptions SEI correct key wrong keys AES co-processor Laser

19 / 21

SLIDE 25

www.iaik.tugraz.at

Summary

SFA is a powerful tool Nonce is not enough Attacks are not limited to AES-based modes

20 / 21

SLIDE 26

www.iaik.tugraz.at

Thank you

http://eprint.iacr.org/2016/616

21 / 21

SLIDE 27

www.iaik.tugraz.at

References

E. Biham and A. Shamir

Differential Fault Analysis of Secret Key Cryptosystems CRYPTO 1997

D. Boneh, R. A. DeMillo, and R. J. Lipton

On the Importance of Checking Cryptographic Protocols for Faults EUROCRYPT 1997

J. Bl¨
mer and V. Krummel

Fault Based Collision Attacks on AES FDTC 2006

T. Fuhr, ´
E. Jaulmes, V. Lomn´

e, and A. Thillard Fault Attacks on AES with Faulty Ciphertexts Only FDTC 2013

C. Dobraunig, M. Eichlseder, T. Korak, V. Lomn´