Cryptography Reference
In-Depth Information
[223, 369] where faults were induced by under-powering the circuit, and showed
that approximately 16 % of the corrected ciphertexts were suitable for application
to Piret and Quisquater's attack [324] (see Sect.
4.2.2
. for a thorough description),
which needs two faulty ciphertexts caused by faults that affect one byte. They suc-
ceeded in recovering an AES key by applying Piret and Quisquater's attack with the
faulty ciphertexts obtained in their experiments. Another method of fault injection
and key retrieval that has been introduced is global faults, detailed in Sect.
17.3
.
There are many experimental results of fault analysis. However, it is difficult to
standardize the evaluation of fault analysis and describe an experimental environ-
ment that anyone can construct. In order to unify the testing environment and obtain
uniform experimental results, the Side-channel Attack Standard Evaluation Board
(SASEBO) was developed by the Research Center for Information Security (RCIS)
of Advanced Industrial Science and Technology (AIST) in Japan in 2007 [342]. The
evaluation boards are distributed to research institutes with detailed documentation as
a common experimental platform. There are currently five types of SASEBOs, four
of which (SASEBO, SASEBO-G, SASEBO-B, SASEBO-GII) are FPGA versions
and one (SASEBO-R) is an evaluation board on which LSI can be mounted for the
evaluation of ASIC LSIs. Three kinds of LSIs which are compliant with SASEBO-R
were developed [340]. Recently, the evaluations of various side-channel analyses
including the fault analysis using SASEBO have been reported [148, 254, 353].
In this chapter, we present the experimental results of fault injection into LSIs
mounted on a SASEBO-R board. We describe an experimental environment that
supplies a clock signal with a clock glitch to the target device. In these experiments,
faults could be injected into any desired point in time during the computation of a
cipher. We also demonstrate the key retrieval of the de facto standard ciphers, AES
and RSA, as an example, using the faulty outputs obtained from the experiments.
We succeed in retrieving the AES or RSA key by applying the relevant theoretical
fault analysis [56, 324, 429].
The rest of this chapter is organized as follows. We describe the fault injec-
tion mechanism in Sect.
18.2
. We describe a way to construct an experimental
environment using SASEBO-R in Sect.
18.3
and present the experimental results
in Sect.
18.4
. We show the key retrieval using the actual faulty outputs in Sect.
18.5
.
Finally, we conclude this chapter in Sect.
18.6
.
18.2 Fault Injection Mechanism
Various fault injection techniques have been proposed, such as supplying under-
power voltage [223, 369], supplying an irregular clock frequency [148, 353] to the
target devices and irradiating the target device with a laser beam [361, 378, 379],
to induce a wrong calculation in order to apply fault analysis. In our case, we use
an irregular clock frequency, referred to as a clock glitch, in order to induce faults
because the sets of equipment are inexpensive and we can easily experiment with fault
injection. Using a clock glitch, faults can be induced precisely during the computation
