Cryptography Reference
In-Depth Information
Chapter 16
Injection Technologies for Fault Attacks
on Microprocessors
Alessandro Barenghi, Guido M. Bertoni, Luca Breveglieri, Mauro Pelliccioli
and Gerardo Pelosi
Abstract
The dependability of computing systems running cryptographic primitives
is a critical factor for evaluating the practical security of any cryptographic scheme.
Indeed, the observation of erroneous results produced by a computing device after
the artificial injection of transient faults is one of the most effective side-channel
attacks. This chapter reviews the (semi-)invasive fault injection techniques that have
been successfully used to recover the secret parameters of a cryptographic compo-
nent. Subsequently, a complete characterization of the fault model derived from the
constant underfeeding of a general-purpose microprocessor is described, in order to
infer how the faulty behavior causes exploitable software errors.
16.1 Introduction
Attacks on cryptographic components, both hardware accelerators and software rou-
tines, based on the injection of intentional faults, are the most recent trend in side-
channel attacks. It is sufficiently proved by the existing case studies [64, 65, 66,
69] that at least some devices can be very successfully attacked in this way, and,
therefore, the topic has gained considerable academic and industrial interest in the
last decade.
These attacks are based on two factors: First of all, the existence of a deterministic
or statistical procedure to exploit the erroneous results (typically ciphertexts) of the
faulty cryptographic computations in order to infer the whole key, or the plaintext,
or, more generally, of pieces of information that help the attacker infer the unknown
parameters of the cryptoscheme; second, the availability of suitable technologies
ยท
