Masking Does Not Protect Against Differential Fault Attacks

Author

Boscher, Arnaud ; Handschuh, Helena

Author_Institution

Spansion, Levallois-Perret

fYear

2008

fDate

10-10 Aug. 2008

Firstpage

35

Lastpage

40

Abstract

Over the past ten years, cryptographic algorithms have been found to be vulnerable against side-channel attacks such as power analysis attacks, timing attacks, electromagnetic radiation attacks and fault attacks. These attacks capture leaking information from an implementation of the algorithm in software or in hardware and apply cryptanalytical and statistical tools to recover the secret keys. A very well-known countermeasure against these attacks is to randomize every execution of the algorithm and every intermediate piece of data with a so-called masking method. In this paper we demonstrate that traditional countermeasures such as masking methodsfor symmetric cryptosystems are completely inefficient against fault attacks. In other words, differential fault attacks still apply on masked data. As an example we show how to recover secret keys from two masked AES implementations using a basic differential fault attack.

Keywords

cryptography; cryptographic algorithms; differential fault attacks; masking method; secret keys recovery; symmetric cryptosystems; Algorithm design and analysis; Electromagnetic analysis; Electromagnetic radiation; Elliptic curve cryptography; Fault diagnosis; Hardware; Protection; Public key cryptography; Software algorithms; Timing; AES; Fault Attacks; Masking Schemes;

fLanguage

English

Publisher

ieee

Conference_Titel

Fault Diagnosis and Tolerance in Cryptography, 2008. FDTC '08. 5th Workshop on

Conference_Location

Washington, DC

Print_ISBN

978-0-7695-3314-8

Type

conf

DOI

10.1109/FDTC.2008.12

Filename

4599555