• DocumentCode
    3398609
  • Title

    Fault Attacks on AES with Faulty Ciphertexts Only

  • Author

    Fuhr, Thomas ; Jaulmes, Eliane ; Lomne, Victor ; Thillard, Adrian

  • Author_Institution
    ANSSI, Paris, France
  • fYear
    2013
  • fDate
    20-20 Aug. 2013
  • Firstpage
    108
  • Lastpage
    118
  • Abstract
    Classical Fault Attacks often require the ability to encrypt twice the same plaintext, in order to get one or several pairs of correct and faulty cipher texts corresponding to the same message. This observation led some designers to think that a randomized mode of operation may be sufficient to protect block cipher encryption against this kind of threat. In this paper, we consider the case where the adversary neither chooses nor knows the input messages, and has only access to the faulty cipher texts. In this context, we are able to describe several attacks against AES-128 by using non uniform fault models. Our attacks target the last 4 rounds and allow to recover the correct key with practical time complexity, using a limited number of faulty cipher texts. This work highlights the need for dedicated fault attack countermeasures in secure embedded systems.
  • Keywords
    cryptography; embedded systems; AES-128; block cipher encryption; fault attacks; faulty ciphertexts only; plaintext; secure embedded systems; Ciphers; Computational modeling; Context; Encryption; Mathematical model; Protocols; AES; Fault Attacks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Fault Diagnosis and Tolerance in Cryptography (FDTC), 2013 Workshop on
  • Conference_Location
    Santa Barbara, CA
  • Print_ISBN
    978-0-7695-5059-6
  • Type

    conf

  • DOI
    10.1109/FDTC.2013.18
  • Filename
    6623561
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3398609