Cryptography Reference
In-Depth Information
Chapter 18
Fault Injection and Key Retrieval Experiments
on an Evaluation Board
Junko Takahashi, Toshinori Fukunaga, Shigeto Gomisawa, Yang Li,
Kazuo Sakiyama and Kazuo Ohta
Abstract
This chapter presents fault injection experiments using a side-channel
evaluation board called SASEBO, which was developed to unify testing environ-
ments for side-channel analysis. We describe experiments where faults were injected
into a cryptographic LSI mounted on a SASEBO board using a clock glitch. In this
experiment, the faults can be induced at any desired point in time during the compu-
tation of an algorithm. We show the results of injecting faults into block cipher and
public key modules implemented on the LSI. We also show the key retrieval from
standard ciphers using the faulty outputs obtained in these experiments. This work
contributes to the study of how a fault is injected into a target device, such as an LSI
mounted on an evaluation board, and verifies various theoretical fault analyses using
an experimental environment.
18.1 Introduction
Fault analyses against various ciphers have been proposed [49, 55, 84, 127, 160, 296,
322, 324, 394, 395] and most of these studies are theoretical; therefore, the attack
assumptions are based on the capability of a likely attacker and the characteristics
of cryptographic devices. A fault model, in particular, in which fault properties such
as fault injection area and variation, is important to the discussion of the practicality
of these attacks. In order to evaluate the possibility of a fault attack in these theo-
retical studies, some practical fault attacks against actual hardware were proposed
[148, 223, 226, 353, 369]. As an example, Selmane et al. reported the results of
practical experiments of fault analysis on smart cards with an AES co-processor
