Statistical Ineffective Fault Attacks on Masked AES with Fault - - PowerPoint PPT Presentation

statistical ineffective fault attacks on masked aes with
SMART_READER_LITE
LIVE PREVIEW

Statistical Ineffective Fault Attacks on Masked AES with Fault - - PowerPoint PPT Presentation

Feb 22, 2023 223 likes •1.02k views

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, Robert Primas ASIACRYPT 2018 IAIK - Graz University of Technology www.tugraz.at

slide-1
SLIDE 1

Statistical Ineffective Fault Attacks

  • n Masked AES with Fault Countermeasures

Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, Robert Primas ASIACRYPT 2018

IAIK - Graz University of Technology

slide-2
SLIDE 2

Motivation

www.tugraz.at

Building cryptographic implementations is challenging:

1 Robert Primas — IAIK - Graz University of Technology

slide-3
SLIDE 3

Motivation

www.tugraz.at

Building cryptographic implementations is challenging:

  • Requires usage of proper cryptographic primitives

1 Robert Primas — IAIK - Graz University of Technology

slide-4
SLIDE 4

Motivation

www.tugraz.at

Building cryptographic implementations is challenging:

  • Requires usage of proper cryptographic primitives
  • But often also the usage of additional defenses ...
  • Microcontroller
  • FPGAs
  • ASICs

1 Robert Primas — IAIK - Graz University of Technology

slide-5
SLIDE 5

Motivation

www.tugraz.at

Building cryptographic implementations is challenging:

  • Requires usage of proper cryptographic primitives
  • But often also the usage of additional defenses ...
  • Microcontroller
  • FPGAs
  • ASICs
  • ... because of implementation attacks

1 Robert Primas — IAIK - Graz University of Technology

slide-6
SLIDE 6

Motivation

www.tugraz.at

  • Proper cryptography does not mean practical security

2 Robert Primas — IAIK - Graz University of Technology

slide-7
SLIDE 7

Motivation

www.tugraz.at

  • Proper cryptography does not mean practical security
  • Every cryptographic implementation stores a secret

2 Robert Primas — IAIK - Graz University of Technology

slide-8
SLIDE 8

Motivation

www.tugraz.at

  • Proper cryptography does not mean practical security
  • Every cryptographic implementation stores a secret
  • Secrets can be extracted by:

Power Analysis Fault Attacks

2 Robert Primas — IAIK - Graz University of Technology

slide-9
SLIDE 9

Fault Attacks

3 Robert Primas — IAIK - Graz University of Technology

slide-10
SLIDE 10

Fault Attacks

www.tugraz.at

  • Get physical access to target device:
  • Set plaintexts
  • Observe ciphertexts

ENC P C

4 Robert Primas — IAIK - Graz University of Technology

slide-11
SLIDE 11

Fault Attacks

www.tugraz.at

  • Get physical access to target device:
  • Set plaintexts
  • Observe ciphertexts
  • Cause erroneous computations via:
  • Clock glitches
  • Voltage glitches
  • Lasers

P ENC C

4 Robert Primas — IAIK - Graz University of Technology

slide-12
SLIDE 12

Fault Attacks

www.tugraz.at

  • Get physical access to target device:
  • Set plaintexts
  • Observe ciphertexts
  • Cause erroneous computations via:
  • Clock glitches
  • Voltage glitches
  • Lasers
  • Observe faulty and correct ciphertext

ENC P C ENC C

4 Robert Primas — IAIK - Graz University of Technology

slide-13
SLIDE 13

Fault Attacks

www.tugraz.at

  • Get physical access to target device:
  • Set plaintexts
  • Observe ciphertexts
  • Cause erroneous computations via:
  • Clock glitches
  • Voltage glitches
  • Lasers
  • Observe faulty and correct ciphertext
  • Recover key

ENC P C ENC C

4 Robert Primas — IAIK - Graz University of Technology

slide-14
SLIDE 14

Fault Attacks

www.tugraz.at

  • Get physical access to target device:
  • Set plaintexts
  • Observe ciphertexts
  • Cause erroneous computations via:
  • Clock glitches
  • Voltage glitches
  • Lasers
  • Observe faulty and correct ciphertext
  • Recover key

⇒ Differential Fault Attack (DFA)

ENC P C ENC C

4 Robert Primas — IAIK - Graz University of Technology

slide-15
SLIDE 15

Fault Countermeasures - Detection

www.tugraz.at

  • Use redundancy to detect faults

ENC P C ENC C ENC C ENC P C C

ENC-DETECT

5 Robert Primas — IAIK - Graz University of Technology

slide-16
SLIDE 16

Fault Countermeasures - Detection

www.tugraz.at

  • Use redundancy to detect faults
  • Fault detected → No ciphertext

ENC P C ENC C ENC C ENC P C ...

ENC-DETECT

5 Robert Primas — IAIK - Graz University of Technology

slide-17
SLIDE 17

Fault Countermeasures - Detection

www.tugraz.at

  • Use redundancy to detect faults
  • Fault detected → No ciphertext
  • 2 identical faults necessary for attack

ENC P C ENC C ENC C ENC P C C

ENC-DETECT

5 Robert Primas — IAIK - Graz University of Technology

slide-18
SLIDE 18

Fault Countermeasures - Detection

www.tugraz.at

  • Use redundancy to detect faults
  • Fault detected → No ciphertext
  • 2 identical faults necessary for attack

→ More redundancy, Enc-Dec, etc...

ENC P C ENC C ENC C ENC P C C

ENC-DETECT

5 Robert Primas — IAIK - Graz University of Technology

slide-19
SLIDE 19

Statistical Ineffective Fault Attacks (SIFA)

www.tugraz.at

  • We presented SIFA at CHES 2018:
  • Breaks detection countermeasures (any degree of redundancy)
  • Breaks infection countermeasures
  • Requires just a single fault injection per encryption
  • Require no precise knowledge about location and effect of the fault

6 Robert Primas — IAIK - Graz University of Technology

slide-20
SLIDE 20

Statistical Ineffective Fault Attacks (SIFA)

www.tugraz.at

  • We presented SIFA at CHES 2018:
  • Breaks detection countermeasures (any degree of redundancy)
  • Breaks infection countermeasures
  • Requires just a single fault injection per encryption
  • Require no precise knowledge about location and effect of the fault
  • We demonstrated applicability to AE schemes at SAC 2018

6 Robert Primas — IAIK - Graz University of Technology

slide-21
SLIDE 21

Statistical Ineffective Fault Attacks (SIFA)

www.tugraz.at

  • We presented SIFA at CHES 2018:
  • Breaks detection countermeasures (any degree of redundancy)
  • Breaks infection countermeasures
  • Requires just a single fault injection per encryption
  • Require no precise knowledge about location and effect of the fault
  • We demonstrated applicability to AE schemes at SAC 2018
  • What about power analysis countermeasures?

6 Robert Primas — IAIK - Graz University of Technology

slide-22
SLIDE 22

SIFA on AES in Pictures

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

C P

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

?

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN KEY ADD 10 KEY ADD 10 KEY ADD 10

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C2 CN KEY ADD 10

7 Robert Primas — IAIK - Graz University of Technology

slide-23
SLIDE 23

SIFA on AES in Pictures

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

C P

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

?

P1...N C C C C CN

7 Robert Primas — IAIK - Graz University of Technology

slide-24
SLIDE 24

SIFA on AES in Pictures

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

C P

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

?

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN KEY ADD 10 KEY ADD 10 KEY ADD 10

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C2 CN KEY ADD 10

7 Robert Primas — IAIK - Graz University of Technology

slide-25
SLIDE 25

SIFA on AES in Pictures

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

C P

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

?

P1...N C C C C CN

7 Robert Primas — IAIK - Graz University of Technology

slide-26
SLIDE 26

SIFA on AES in Pictures

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

C P

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C C C C CN

?

P1...N C C C C CN

7 Robert Primas — IAIK - Graz University of Technology

slide-27
SLIDE 27

SIFA on AES in Pictures

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN KEY ADD 10 KEY ADD 10 KEY ADD 10

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C2 CN KEY ADD 10

7 Robert Primas — IAIK - Graz University of Technology

slide-28
SLIDE 28

SIFA on AES in Pictures

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN KEY ADD 10 KEY ADD 10 KEY ADD 10

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C2 CN KEY ADD 10

7 Robert Primas — IAIK - Graz University of Technology

slide-29
SLIDE 29

SIFA on AES in Pictures

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN KEY ADD 10 KEY ADD 10 KEY ADD 10

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C2 CN KEY ADD 10

7 Robert Primas — IAIK - Graz University of Technology

slide-30
SLIDE 30

What about fault countermeasures?

8 Robert Primas — IAIK - Graz University of Technology

slide-31
SLIDE 31

SIFA in Pictures

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN KEY ADD 10 KEY ADD 10 KEY ADD 10

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N CN CN CN CN CN

ROUND 10 ROUND 9 ROUND 8

SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

P1...N C2 CN KEY ADD 10

*only correct computations are considered

9 Robert Primas — IAIK - Graz University of Technology

slide-32
SLIDE 32

Ineffective Faults on AND

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

Ciphertext Ciphertext Ciphertext Ciphertext Ciphertext

X Y

*

Z

Bitflip

X Y

*

Z ~

0 1 0 1

~

10 Robert Primas — IAIK - Graz University of Technology

slide-33
SLIDE 33

Ineffective Faults on AND

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

Ciphertext Ciphertext Ciphertext Ciphertext Ciphertext

X Y

*

Z

Bitflip

X Y

*

Z ~

0 1 0 1

~

10 Robert Primas — IAIK - Graz University of Technology

slide-34
SLIDE 34

Ineffective Faults on AND

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

Ciphertext Ciphertext Ciphertext Ciphertext Ciphertext

X Y

*

Z

Bitflip

X Y

*

Z ~

0 1 0 1

~

*only correct computations are considered

10 Robert Primas — IAIK - Graz University of Technology

slide-35
SLIDE 35

Ineffective Faults on AND

www.tugraz.at

Also works with:

  • Other instructions:

LOAD, STORE, XOR

  • Other fault types:

Random, Stuck-at, Skip ROUND 10 ROUND 9 ROUND 8

KEY ADD 10 SHIFT ROWS SUB BYTES KEY ADD 9 SHIFT ROWS SUB BYTES MIX COLUMNS KEY ADD 8 MIX COLUMNS SHIFT ROWS

:

Ciphertext Ciphertext Ciphertext Ciphertext Ciphertext

X Y

*

Z

Bitflip

X Y

*

Z ~

0 1 0 1

~

*only correct computations are considered

10 Robert Primas — IAIK - Graz University of Technology

slide-36
SLIDE 36

Power Analysis

11 Robert Primas — IAIK - Graz University of Technology

slide-37
SLIDE 37

Power Analysis

www.tugraz.at

  • Circuits leak information via side-channels,

e.g. power consumption

P C ENC P C ENC 01101... P C ENC %&$§... P C ENC 01101...

12 Robert Primas — IAIK - Graz University of Technology

slide-38
SLIDE 38

Power Analysis

www.tugraz.at

  • Circuits leak information via side-channels,

e.g. power consumption

  • CMOS circuits draw power almost only in case of “events”

P C ENC P C ENC 01101... P C ENC %&$§... P C ENC 01101...

12 Robert Primas — IAIK - Graz University of Technology

slide-39
SLIDE 39

Power Analysis

www.tugraz.at

  • Circuits leak information via side-channels,

e.g. power consumption

  • CMOS circuits draw power almost only in case of “events”
  • Correlation between processed data and power consumption

P C ENC P C ENC 01101... P C ENC %&$§... P C ENC 01101...

12 Robert Primas — IAIK - Graz University of Technology

slide-40
SLIDE 40

Power Analysis

www.tugraz.at

  • Circuits leak information via side-channels,

e.g. power consumption

  • CMOS circuits draw power almost only in case of “events”
  • Correlation between processed data and power consumption
  • Problematic if processed data contains secrets

P C ENC P C ENC 01101... P C ENC %&$§... P C ENC 01101...

12 Robert Primas — IAIK - Graz University of Technology

slide-41
SLIDE 41

Power Analysis Countermeasures

www.tugraz.at

  • Make power consumption independent of processed data

− Requires hardware support (filters, noise generators)

P C ENC P C ENC 01101... P C ENC %&$§... P C ENC %&$§...

13 Robert Primas — IAIK - Graz University of Technology

slide-42
SLIDE 42

Power Analysis Countermeasures

www.tugraz.at

  • Make power consumption independent of processed data

− Requires hardware support (filters, noise generators)

  • Make processed data independent of the actual data

+ “Masking” can be done on algorithmic level

P C ENC P C ENC 01101... P C ENC %&$§... P C ENC %&$§...

13 Robert Primas — IAIK - Graz University of Technology

slide-43
SLIDE 43

Masking Idea

www.tugraz.at

  • Split a value x into multiple “shares” s.t.:
  • The XOR-sum over all xi equals x
  • The distribution of each xi is independent from x

g X R

+

X1 X0 f f

+

f(X) 14 Robert Primas — IAIK - Graz University of Technology

slide-44
SLIDE 44

Masking Idea

www.tugraz.at

  • Split a value x into multiple “shares” s.t.:
  • The XOR-sum over all xi equals x
  • The distribution of each xi is independent from x
  • Linear function f is performed separately

g X R

+

X1 X0 f f

+

f(X) 14 Robert Primas — IAIK - Graz University of Technology

slide-45
SLIDE 45

Masking Idea

www.tugraz.at

  • Split a value x into multiple “shares” s.t.:
  • The XOR-sum over all xi equals x
  • The distribution of each xi is independent from x
  • Linear function f is performed separately
  • Nonlinear functions g need more attention:
  • g⋆ works on all shares
  • g⋆ avoids direct combinations of shares

g* X R

+

X1 X0

+

f(X) 14 Robert Primas — IAIK - Graz University of Technology

slide-46
SLIDE 46

Masking Idea

www.tugraz.at

  • Split a value x into multiple “shares” s.t.:
  • The XOR-sum over all xi equals x
  • The distribution of each xi is independent from x
  • Linear function f is performed separately
  • Nonlinear functions g need more attention:
  • g⋆ works on all shares
  • g⋆ avoids direct combinations of shares
  • Applied to AES →

ROUND 10 ROUND 9 ROUND 8

SUB BYTES* L

C1 P1 P2

L SUB BYTES* L L SUB BYTES* L L

C2 ROUND 10 ROUND 9 ROUND 8

SUB BYTES* L

C1 P1 P2

L SUB BYTES* L L SUB BYTES* L L

C2

14 Robert Primas — IAIK - Graz University of Technology

slide-47
SLIDE 47

Does our attack still work?

15 Robert Primas — IAIK - Graz University of Technology

slide-48
SLIDE 48

SIFA on Masked AES with Fault CM

www.tugraz.at

  • Faulting single shares in linear functions does not work...

f f

+

16 Robert Primas — IAIK - Graz University of Technology

slide-49
SLIDE 49

SIFA on Masked AES with Fault CM

www.tugraz.at

  • Faulting single shares in linear functions does not work...

f f

+

16 Robert Primas — IAIK - Graz University of Technology

slide-50
SLIDE 50

SIFA on Masked AES with Fault CM

www.tugraz.at

  • Faulting single shares in linear functions does not work...
  • Faulting all shares would work but is boring...

f f

+

16 Robert Primas — IAIK - Graz University of Technology

slide-51
SLIDE 51

SIFA on Masked AES with Fault CM

www.tugraz.at

  • Faulting single shares in linear functions does not work...
  • Faulting all shares would work but is boring...
  • Can faulting single shares in non-linear functions

lead to a bias in the unshared value?

g*

?

+

16 Robert Primas — IAIK - Graz University of Technology

slide-52
SLIDE 52

SIFA on Masked AES with Fault CM

www.tugraz.at

ROUND 10 ROUND 9 ROUND 8

SUB BYTES* L

C1 P1 P2

L SUB BYTES* L L SUB BYTES* L L

C2 ROUND 10 ROUND 9 ROUND 8

SUB BYTES* L

C1 P1 P2

L SUB BYTES* L L SUB BYTES* L L

C2

*masked AES, only correct computations are considered

17 Robert Primas — IAIK - Graz University of Technology

slide-53
SLIDE 53

Faults on Masked AND

www.tugraz.at X0 Y0 Y1 X1 R

+

Z0 Z1

+ + +

* * * *

18 Robert Primas — IAIK - Graz University of Technology

slide-54
SLIDE 54

Faults on Masked AND

www.tugraz.at X0 Y0 Y1 X1 R

+

Z0 Z1

+ + +

* * * *

+

Z

0 1

~

18 Robert Primas — IAIK - Graz University of Technology

slide-55
SLIDE 55

Faults on Masked AND

www.tugraz.at

Bitflip

X0 Y0 Y1 X1 R

+

Z0 Z1

+ + +

* * * *

+

Z

0 1

~

*only correct computations are considered

18 Robert Primas — IAIK - Graz University of Technology

slide-56
SLIDE 56

Faults on Masked AND

www.tugraz.at Y0 Y1 X1 R

+

Z0 Z1

+ + +

* * * *

+

Z

0 1

~

Bitflip

X0

*only correct computations are considered

18 Robert Primas — IAIK - Graz University of Technology

slide-57
SLIDE 57

Faults on Masked AND

www.tugraz.at

Also works with:

  • Other types of faults
  • Higher-order masking
  • Threshold

Implementations

Y0 Y1 X1 R

+

Z0 Z1

+ + +

* * * *

+

Z

0 1

~

Bitflip

X0

*only correct computations are considered

18 Robert Primas — IAIK - Graz University of Technology

slide-58
SLIDE 58

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

Target: First-order masked AES by Schwabe and Stoffelen et al.

  • Publicly available

19 Robert Primas — IAIK - Graz University of Technology

slide-59
SLIDE 59

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

Target: First-order masked AES by Schwabe and Stoffelen et al.

  • Publicly available
  • ARM Cortex M4, ASM optimized

19 Robert Primas — IAIK - Graz University of Technology

slide-60
SLIDE 60

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

Target: First-order masked AES by Schwabe and Stoffelen et al.

  • Publicly available
  • ARM Cortex M4, ASM optimized

→ Originally CTR mode encryption, we only use it as block cipher

19 Robert Primas — IAIK - Graz University of Technology

slide-61
SLIDE 61

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

Target: First-order masked AES by Schwabe and Stoffelen et al.

  • Publicly available
  • ARM Cortex M4, ASM optimized

→ Originally CTR mode encryption, we only use it as block cipher → Originally no fault countermeasures, we added “perfect” fault detection

19 Robert Primas — IAIK - Graz University of Technology

slide-62
SLIDE 62

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

For each individual instruction in the masked Sbox:

  • Simulated fault: Single bitflip in the result

20 Robert Primas — IAIK - Graz University of Technology

slide-63
SLIDE 63

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

For each individual instruction in the masked Sbox:

  • Simulated fault: Single bitflip in the result
  • 2000 faulted Sbox computations, random inputs

20 Robert Primas — IAIK - Graz University of Technology

slide-64
SLIDE 64

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

For each individual instruction in the masked Sbox:

  • Simulated fault: Single bitflip in the result
  • 2000 faulted Sbox computations, random inputs
  • Check if correct outputs are non-uniform,

i.e. if key recovery would work

20 Robert Primas — IAIK - Graz University of Technology

slide-65
SLIDE 65

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

For each individual instruction in the masked Sbox:

  • Simulated fault: Single bitflip in the result
  • 2000 faulted Sbox computations, random inputs
  • Check if correct outputs are non-uniform,

i.e. if key recovery would work

20 Robert Primas — IAIK - Graz University of Technology

slide-66
SLIDE 66

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

For each individual instruction in the masked Sbox:

  • Simulated fault: Single bitflip in the result
  • 2000 faulted Sbox computations, random inputs
  • Check if correct outputs are non-uniform,

i.e. if key recovery would work ⇒ 52 % of instruction are “susceptible” to single bitflips

20 Robert Primas — IAIK - Graz University of Technology

slide-67
SLIDE 67

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

For each individual instruction in the masked Sbox:

  • Simulated fault: Randomized 8 bits of the result
  • 2000 faulted Sbox computations, random inputs
  • Check if correct outputs are non-uniform,

i.e. if key recovery would work ⇒ 70 % of instruction are “susceptible” to random faults

21 Robert Primas — IAIK - Graz University of Technology

slide-68
SLIDE 68

Simulated Faults on Masked AES with Fault Detection

www.tugraz.at

Exact numbers for one of the susceptible instructions Fault Effect # Ineffective Faults # Faulted Encryptions # Recoverable Key Bits Flip one bit 194 386 32 Set one bit to zero 214 428 32 Randomize one bit 574 763 32 Flip one byte 192 2 940 128 Set one byte to zero 192 3 129 128 Randomize one byte 602 1 808 128 Instruction skip 400 45 527 128

22 Robert Primas — IAIK - Graz University of Technology

slide-69
SLIDE 69

Practical Results

www.tugraz.at

Target: POC higher-order masked AES by Rivain et al.

  • Setup: Clock glitches on ATXmega 128D4

23 Robert Primas — IAIK - Graz University of Technology

slide-70
SLIDE 70

Practical Results

www.tugraz.at

Target: POC higher-order masked AES by Rivain et al.

  • Setup: Clock glitches on ATXmega 128D4

→ We set masking order to 10

23 Robert Primas — IAIK - Graz University of Technology

slide-71
SLIDE 71

Practical Results

www.tugraz.at

Target: POC higher-order masked AES by Rivain et al.

  • Setup: Clock glitches on ATXmega 128D4

→ We set masking order to 10 → We added “perfect” fault detection

23 Robert Primas — IAIK - Graz University of Technology

slide-72
SLIDE 72

Practical Results

www.tugraz.at

Target: POC higher-order masked AES by Rivain et al.

  • Setup: Clock glitches on ATXmega 128D4

→ We set masking order to 10 → We added “perfect” fault detection ⇒ About 1000 faulted encryptions required ⇒ Thousands of possible fault locations

23 Robert Primas — IAIK - Graz University of Technology

slide-73
SLIDE 73

A word on other countermeasures

www.tugraz.at

  • Self Destruction
  • Frequent Re-keying
  • Multi Party Computation

24 Robert Primas — IAIK - Graz University of Technology

slide-74
SLIDE 74

Summing up

www.tugraz.at

SIFA is quite powerful...

  • Works for many ciphers and AE schemes

25 Robert Primas — IAIK - Graz University of Technology

slide-75
SLIDE 75

Summing up

www.tugraz.at

SIFA is quite powerful...

  • Works for many ciphers and AE schemes
  • Breaks both fault and power analysis countermeasures

25 Robert Primas — IAIK - Graz University of Technology

slide-76
SLIDE 76

Summing up

www.tugraz.at

SIFA is quite powerful...

  • Works for many ciphers and AE schemes
  • Breaks both fault and power analysis countermeasures
  • Attacker does not need to hit specific bits/bytes

25 Robert Primas — IAIK - Graz University of Technology

slide-77
SLIDE 77

Summing up

www.tugraz.at

SIFA is quite powerful...

  • Works for many ciphers and AE schemes
  • Breaks both fault and power analysis countermeasures
  • Attacker does not need to hit specific bits/bytes
  • Attacker does not need know how the faults influence the computation

25 Robert Primas — IAIK - Graz University of Technology

slide-78
SLIDE 78

Q?

26 Robert Primas — IAIK - Graz University of Technology