On-line testing for differential fault attacks in cryptographic circuits

Abstract

Faults have been found to be catastrophic for the security of ciphers. Random faults inside a cipher implementation, trigger intentionally or accidentally, can be shown to reduce the key space of ciphers drastically. Even world-wide standard ciphers, like the Advanced Encryption Standard (AES) can be shown to be cryptanalyzed when the faulty ciphertexts are exposed to the outside world. Our recent findings show that fluctuations of the operating conditions of a circuit introduces circuit marginalities, which are manifested as exploitable multiple byte faults. The paper subsequently deals with a natural follow up question, how to test these faults? Can we adopt classical fault tolerance methods to detect these malicious faults? We show that while classical fault tolerance assumes uniform distribution of faults, the fault attacker introduces biased faults. On the other hand, while classical fault tolerance attempts to target all faults, most of the attacks exploit a small subspace of the entire fault space. This hiatus implies the necessity of the emergence of novel on-line methodologies for fault detection. The paper concludes with the requirement of proofs for 100% fault coverage of the attack-exploitable space, vs the simulation based approaches of classical fault tolerance.