Faults, Injection Methods, and Fault Attacks

Author

Chong Hee Kim ; Quisquater, Jean-Jacques

Author_Institution

Univ. Catholique de Louvain, Louvain

Volume

24

Issue

6

fYear

2007

Firstpage

544

Lastpage

545

Abstract

An active attacker can induce errors during the computation of the cryptographic algorithm and exploit the faulty results to extract information about the secret key in embedded systems. We call this kind of attack a fault attack. Fault attacks can break an unprotected system more quickly than any other kind of side-channel attack such as simple power analysis (SPA), differential power analysis (DPA), or electromagnetic analysis (EMA). For example, the attacker can break RSA-CRT (RSA with Chinese Remainder Theorem) with one faulty result, and Data Encryption Standard (DES) and Advanced Encryption Standard (AES) with two. Furthermore, the protection of fault attacks is more costly in terms of chip area. Here, we survey fault injection methods, types of faults, and fault attack models.

Keywords

cryptography; embedded systems; fault tolerant computing; Chinese remainder theorem; RSA-CRT; advanced encryption standard; cryptographic algorithm; differential power analysis; electromagnetic analysis; embedded systems; extract information; fault attacks; fault injection methods; sata encryption standard; secret key; side-channel attack; simple power analysis; unprotected system; Cameras; Circuit faults; Cryptography; Detectors; Electromagnetic analysis; Embedded computing; Magnetic shielding; Protection; Smart cards; Temperature; cryptographic algorithm; fault; fault attack; fault injection;

fLanguage

English

Journal_Title

Design & Test of Computers, IEEE

Publisher

ieee

ISSN

0740-7475

Type

jour

DOI

10.1109/MDT.2007.186

Filename

4397179