Cryptography Reference
In-Depth Information
5.4.3 Ring Embedding
In contrast to protecting every operation of the AES separately, extending all AES
operations to work on a larger redundant data structure was proposed in [281]. The
idea is to embed the AES field into a larger ring. This new ring has the form
,
where F D denotes the data algebra and F C the check algebra. The countermeasure
exploits the property that every operation applied to such a ring element affects the
data element and the check element (or signature) independently. On the other hand,
altering either of the embedded elements is difficult without altering the other one.
Similar techniques have been used for public key cryptography [155, 280, 329].
To protect the AES, the plaintext and the key are embedded into the ring together
with defined signature values. Since the signature values after the encryption depend
neither on the key nor on the plaintext, they can be checked against pre-calculated
values. The main advantage of this scheme is that every operations modifies the
signature. Thus, not only are data modifications detected, but also every manipulation
of the program flow results in an invalid signature.
Although every AES operation can be expressed as a function which works on
the AES field, such implementations are not very efficient. However, to implement
an AES operating on a larger ring, such implementations would be needed. To avoid
them the authors propose a ring which is especially suited for eight-bit arithmetic.
This way, ring multiplications can be implemented using logarithm tables and the
S-Box is implemented using redundant table lookups.
The countermeasure detects all first-order bit faults, byte faults and program flow
manipulations with certainty. For all other faults the upper success bound is 1
(
F D ×
F C )
/
256.
This probability holds for the entire algorithm.
5.4.4 Infective Computation
Instead of trying to detect faults, a possible strategy to prevent fault attacks is to make
the output look random to the adversary in the case of an error. This is referred to as
infective computation [432]. Thereby, the exploitable relation between the fault and
the output is cut, making a fault analysis attack impossible. The advantage of these
methods over detection is that they require no check procedures, which can be the
target of a second-order attack [226].
Joye et al. presented a method to use infective computation for AES [200]: The
main idea is to double the algorithm, while scrambling the data paths of the two imple-
mentations. The scrambling can be done byte-wise or bit-wise, while interleaving
the bits provides better protection. A possible method to implement bit scrambling
is depicted for a single operation in Fig. 5.5 .
This method increases the effort of an adversary, while creating no extra cost
for an already doubled hardware implementation. Thus, it could be implemented
in addition to DMR approaches, providing diffusion in case an adversary is able to
Search WWH ::




Custom Search