Title :
Fault Sensitivity Analysis Meets Zero-Value Attack
Author :
Mischke, Oliver ; Moradi, Amir ; Guneysu, Tim
Author_Institution :
Horst Gortz Inst. for IT-Security, Ruhr-Univ. Bochum Bochum, Bochum, Germany
Abstract :
Previous works have shown that the combinatorial path delay of a cryptographic function, e.g., The AES S-box, depends on its input value. Since the relation between critical path delay and input value seems to be relatively random and highly dependent on the routing of the circuit, up to now only template or some collision attacks could reliably extract the used secret key of implementations not protected against fault attacks. Here we present a new attack which is based on the fact that, because of the zero-to-zero mapping of the AES Sbox inversion circuit, the critical path when processing the zero input is notably shorter than for all other inputs. Applying the attack to an AES design protected by an state-of-the-art fault detection scheme, we are able to fully recover the secret key in less than eight hours. Note that we neither require a known key measurement step (template case) nor a high similarity between different S-box instances (collision case). The only information gathered from the device is whether a fault occurred when processing a chosen plaintext.
Keywords :
cryptography; fault diagnosis; telecommunication network routing; AES S-box; AES Sbox inversion circuit; collision attacks; combinatorial path delay; cryptographic function; fault detection scheme; fault sensitivity analysis; zero-to-zero mapping; zero-value attack; Circuit faults; Clocks; Computer architecture; Delays; Hardware; Redundancy; AES; Fault Attack; Fault Collision; Fault Sensitivity; Zero Value;
Conference_Titel :
Fault Diagnosis and Tolerance in Cryptography (FDTC), 2014 Workshop on
Conference_Location :
Busan
DOI :
10.1109/FDTC.2014.16
