Cryptography Reference
In-Depth Information
5.3
Simulation Results
In order to verify the proposed attack and evaluate the number of correct and
faulty outputs needed to recover the secret key, we implement the attack in
C code and execute it on a PC with an Intel Core2duo 3.0 GHz CPU. In the
simulation, we use a randomly chosen secret key and initial vector, and we assume
that a random fault is injected into 8 bytes of
a
(
i
)
2
,
5). We execute the
attack simulations 1,000,000 times. Figure 6 shows the histogram of the numbers
of correct and faulty outputs for 1,000,000 samples. The simulation result shows
that we need 12 pairs of correct and faulty outputs in the best cases and 18
pairs of them in the worst cases for the proposed attack. The average number of
correct and faulty outputs is 12.55 pairs. This result agrees with the theoretical
result that 12.54 pairs of them are required. In the simulation, we can recover
all states and buffers and the 128-bit secret key within 1 sec.
(
i
=0
,
···
6 Evaluation of Proposed Attack
In this section, we evaluate the proposed attack regarding aspects of the fault
injection area, the number of the faulty bytes needed for a successful attack,
the attacker's ability to control the fault injection, and the number of pairs of
correct and faulty outputs needed for a successful attack.
6.1
Fault Injection Area
The proposed attack requires that 8 bytes of state
a
2
are corrupted by some
fault injections. Therefore, any fault injection that corrupts
a
2
and does not
affect intermediate values used in the attack can be used. We find that the fault
injection that corrupts either 8 bytes of state
a
0
or buffer
b
i
(
i
=8
,
···
,
13) can
also be used for the attack.
For example, if 8 bytes of state
a
(
t
)
0
are corrupted, the fault is only propagated
to 8 bytes of state
a
(
t
+1
2
in the next round. This is absolutely the same situation
as a fault injection that directly corrupts
a
(
t
+1)
2
. Another example is if 8 bytes of
buffer
b
(
t
)
13
are corrupted. The fault is propagated in the
λ
-function and corrupts
b
(
t
+1)
10
10
corrupts
a
(
t
+2
2
and this situation is the
same as the attack assumption. In this case, another fault is propagated via
b
(
t
+1)
and
b
(
t
+1)
14
. The corrupted
b
(
t
+1)
14
. The next round that this fault affects the
ρ
-function is round (
t
+7) as
b
(
t
+7
4
. Because of this timing delay, this fault propagation does not affect the
attack procedure. Therefore, this fault injection can also be used for the attack.
6.2
Number of Faulty Bytes
By analyzing the differences between correct and faulty outputs, we can know
the number of bytes affected by the fault injections. In the proposed attack, a
total of 8 bytes of state or buffer is needed to be corrupted because there is no
Search WWH ::
Custom Search