Exploiting Bitflip Detector for Non-invasive Probing and its Application to Ineffective Fault Analysis

2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) Pub Date : 2017-09-01 DOI:10.1109/FDTC.2017.17

T. Sugawara, Natsu Shoji, K. Sakiyama, Kohei Matsuda, N. Miura, M. Nagata

{"title":"Exploiting Bitflip Detector for Non-invasive Probing and its Application to Ineffective Fault Analysis","authors":"T. Sugawara, Natsu Shoji, K. Sakiyama, Kohei Matsuda, N. Miura, M. Nagata","doi":"10.1109/FDTC.2017.17","DOIUrl":null,"url":null,"abstract":"Matsuda et al. proposed a countermeasure against laser fault injection that uses distributed on-chip sensors. The sensor raises an alarm by detecting an electrical phenomenon caused in conjunction with a bitflip. A cryptographic module can stop releasing a faulty ciphertext by using the alarm. In this paper, security and limitation of the countermeasure by Matsuda et al. is rigorously evaluated. We show that an attacker can get side-channel information by observing how the sensors react to laser fault injection. That enables the attacker to probe intermediate values in a chip non-invasively. On the one hand, under a chosen-plaintext setting, the laser-based probing enables to run the conventional probing attack on AES by Schmidt and Kim. On the other hand, under a ciphertextonly setting, the laser-based probing raises a new challenge: the attacker is given correct ciphertexts and corresponding singlebit probing results. We propose a new ineffective fault analysis against AES based on linear cryptanalysis that can be used in the above setting.","PeriodicalId":227188,"journal":{"name":"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FDTC.2017.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Matsuda et al. proposed a countermeasure against laser fault injection that uses distributed on-chip sensors. The sensor raises an alarm by detecting an electrical phenomenon caused in conjunction with a bitflip. A cryptographic module can stop releasing a faulty ciphertext by using the alarm. In this paper, security and limitation of the countermeasure by Matsuda et al. is rigorously evaluated. We show that an attacker can get side-channel information by observing how the sensors react to laser fault injection. That enables the attacker to probe intermediate values in a chip non-invasively. On the one hand, under a chosen-plaintext setting, the laser-based probing enables to run the conventional probing attack on AES by Schmidt and Kim. On the other hand, under a ciphertextonly setting, the laser-based probing raises a new challenge: the attacker is given correct ciphertexts and corresponding singlebit probing results. We propose a new ineffective fault analysis against AES based on linear cryptanalysis that can be used in the above setting.

查看原文本刊更多论文

利用位翻转检测器进行无创探测及其在无效故障分析中的应用

Matsuda等人提出了一种利用分布式片上传感器对抗激光故障注入的对策。传感器通过检测由位翻转引起的电现象来发出警报。加密模块可以通过告警停止释放故障的密文。本文对Matsuda等人的对策的安全性和局限性进行了严格的评价。我们证明了攻击者可以通过观察传感器对激光故障注入的反应来获取侧信道信息。这使得攻击者能够非侵入性地探测芯片中的中间值。一方面，在选择明文设置下，基于激光的探测可以对Schmidt和Kim的AES进行传统的探测攻击。另一方面，在纯密文设置下，激光探测提出了一个新的挑战:攻击者必须得到正确的密文和相应的单比特探测结果。我们提出了一种新的基于线性密码分析的针对AES的无效故障分析方法，可用于上述设置。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)

自引率

0.00%

发文量