Cryptography Reference
In-Depth Information
that it increases the difficulty of finding the time samples corresponding to certain
operations with DPA. A fault inserted on a byte of either the masked data or the mask
will propagate through the cipher as a fault inserted into the unprotected data [60].
Clearly, under specific fault models, e.g. inducing faults which set mask bytes to 0,
masking becomes ineffective. Another idea which uses faults to counter masking is
described in Sect.
2.2.6
.
Random Ordered Processing.
A countermeasure that complements data random-
ization is to process operations, as much as possible, in a random order. The operations
required to compute a block cipher will, by necessity, be
computed in a deterministic order. However, the individual commands required to
compute these operations can be computed in an arbitrary order. If, for example,
we consider the SubBytes function, there are 16
possible orders in which the 16
bytes can be treated. The side-channel information is then spread over 16 different
points in the trace, which reduces the amount of information available to an attacker.
The most common application of this countermeasure is to block ciphers; it has
also been shown to be applicable to group exponentiation, often used in public key
cryptographic algorithms [401]. This does not prevent an attacker from targeting a
particular operation, but will prevent a specific command within that operation with
any degree of certainty.
Random Delays.
Another countermeasure that affects the location of information
in acquired side-channel traces is the use of functions that pause for a random amount
of time before continuing. These functions can be inserted between operations to
reduce the amount of information available to an attacker. When conducting a side-
channel attack, this means that an attacker will have to synchronize the acquisitions
before applying a DPA attack. When attempting to inject a fault at a given point in an
algorithm, this becomes more of a problem, as the location of a target operation will
be distributed around a given point. An attacker will typically seek to inject a fault at
a given point and repeat the attack until the fault is injected in the desired operation.
Some proposals have been made to try a maximize the size of this distribution [105,
402]. However, given that this countermeasure slows rather than prevents an attacker,
it is debatable whether any complex operations are required.
Technology Scaling.
We note finally that, for any type of physical attack, tech-
nology scaling is likely to have a significant impact [192]. While they cannot be
considered as countermeasures in themselves, the resulting modifications of the
semiconductor physics (e.g. the increasing importance of static leakages, or vari-
ability issues) imply modifications of the typical leakage models and the types of
faults that can be assumed for the target devices.
Data Redundancy.
Adding redundancy to the data in order to detect faults during
the computation of a cryptographic operation is an appealing solution to preventing
fault attacks. As detailed in the later chapters of this topic, such redundancies can be
effective solutions to preventing various types of errors, with high detection rates. But
as data randomization only helps to prevent side-channel attacks, data redundancies
only help to prevent fault attacks. In fact, if the type of redundancy present in an
implementation is public, it can even be used by the adversary, in order to enhance
DPA attacks (to reject certain guesses for the intermediate values).
!
