Cryptography Reference
In-Depth Information
successfully inject a fault, an adversary has to induce the same fault several times.
On the one hand, this requires a strong adversary. On the other hand, the costs of the
countermeasures are quite high.
The first method, repeating the computation, increases the time a computation
takes; therefore it is referred to as time redundancy. The second method, cloning
the function, is called space redundancy. It implies a hardware overhead of at least
100 %.
Space redundancy has the advantage of using different circuits. Therefore, also
permanent errors can be detected, which tend to remain unnoticed when time redun-
dancy is applied. Furthermore, if the other circuits have different layouts than the
original one, this frustrates the efforts of an adversary who tries to inject the same
fault in all circuits.
The most common form of modular redundancy for error detection is double
modular redundancy (DMR).
5.2.4 Dual Rail Implementations
Besides using the traditional approaches to protect an algorithm, it is also possible to
use a different way to implement the circuit in hardware to protect it from malicious
adversaries. One approach is to use an (m-of-n) encoding . Each bit is represented by
n wires, from which exactly m carry a 1. In [189], Ishai et al. discussed the security
of bits represented by multiple wires.
A special form of this encoding, i.e. (1-of-2) encoding, is a dual rail implementa-
tion, which is also used for asynchronous circuits and for DPA-resistant logic styles.
One wire always carries the inverted value of the other one. Thus, an adversary has
to target two wires to flip one bit. If an undefined state is induced by the adversary, it
spreads throughout the circuit due to early propagation detection mechanisms [327].
5.2.5 Randomization and Masking
In order to make an attack as difficult as possible to conduct, an implementation can
make use of random delays during its execution. While this does not directly prevent
an adversary from injecting a fault, it limits the precision an adversary can hope to
achieve. Thus, attacks that can only exploit a special set of faults become harder.
Masking the data and operations has a similar effect. In [188] masking is realized
by linear secret sharing and prevents an adversary from gathering information by
probing wires of the device. Also, due to the mask, an adversary can hardly predict
the effect of the injected fault, e.g. setting the value that passes by to 0 does not
imply that the processed value is zeroed, but only that it is set to a random value that
depends on the mask. However, Boscher et al. have shown that masking is not suited
to preventing fault attacks [60].
Search WWH ::




Custom Search