T. Sugawara, Natsu Shoji, K. Sakiyama, Kohei Matsuda, N. Miura, M. Nagata
{"title":"利用位翻转检测器进行无创探测及其在无效故障分析中的应用","authors":"T. Sugawara, Natsu Shoji, K. Sakiyama, Kohei Matsuda, N. Miura, M. Nagata","doi":"10.1109/FDTC.2017.17","DOIUrl":null,"url":null,"abstract":"Matsuda et al. proposed a countermeasure against laser fault injection that uses distributed on-chip sensors. The sensor raises an alarm by detecting an electrical phenomenon caused in conjunction with a bitflip. A cryptographic module can stop releasing a faulty ciphertext by using the alarm. In this paper, security and limitation of the countermeasure by Matsuda et al. is rigorously evaluated. We show that an attacker can get side-channel information by observing how the sensors react to laser fault injection. That enables the attacker to probe intermediate values in a chip non-invasively. On the one hand, under a chosen-plaintext setting, the laser-based probing enables to run the conventional probing attack on AES by Schmidt and Kim. On the other hand, under a ciphertextonly setting, the laser-based probing raises a new challenge: the attacker is given correct ciphertexts and corresponding singlebit probing results. We propose a new ineffective fault analysis against AES based on linear cryptanalysis that can be used in the above setting.","PeriodicalId":227188,"journal":{"name":"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Exploiting Bitflip Detector for Non-invasive Probing and its Application to Ineffective Fault Analysis\",\"authors\":\"T. Sugawara, Natsu Shoji, K. Sakiyama, Kohei Matsuda, N. Miura, M. Nagata\",\"doi\":\"10.1109/FDTC.2017.17\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Matsuda et al. proposed a countermeasure against laser fault injection that uses distributed on-chip sensors. The sensor raises an alarm by detecting an electrical phenomenon caused in conjunction with a bitflip. A cryptographic module can stop releasing a faulty ciphertext by using the alarm. In this paper, security and limitation of the countermeasure by Matsuda et al. is rigorously evaluated. We show that an attacker can get side-channel information by observing how the sensors react to laser fault injection. That enables the attacker to probe intermediate values in a chip non-invasively. On the one hand, under a chosen-plaintext setting, the laser-based probing enables to run the conventional probing attack on AES by Schmidt and Kim. On the other hand, under a ciphertextonly setting, the laser-based probing raises a new challenge: the attacker is given correct ciphertexts and corresponding singlebit probing results. We propose a new ineffective fault analysis against AES based on linear cryptanalysis that can be used in the above setting.\",\"PeriodicalId\":227188,\"journal\":{\"name\":\"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FDTC.2017.17\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FDTC.2017.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Exploiting Bitflip Detector for Non-invasive Probing and its Application to Ineffective Fault Analysis
Matsuda et al. proposed a countermeasure against laser fault injection that uses distributed on-chip sensors. The sensor raises an alarm by detecting an electrical phenomenon caused in conjunction with a bitflip. A cryptographic module can stop releasing a faulty ciphertext by using the alarm. In this paper, security and limitation of the countermeasure by Matsuda et al. is rigorously evaluated. We show that an attacker can get side-channel information by observing how the sensors react to laser fault injection. That enables the attacker to probe intermediate values in a chip non-invasively. On the one hand, under a chosen-plaintext setting, the laser-based probing enables to run the conventional probing attack on AES by Schmidt and Kim. On the other hand, under a ciphertextonly setting, the laser-based probing raises a new challenge: the attacker is given correct ciphertexts and corresponding singlebit probing results. We propose a new ineffective fault analysis against AES based on linear cryptanalysis that can be used in the above setting.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
