Cryptography Reference
In-Depth Information
Data Path A
Data Path B
Operation
Fig. 5.5
Example of bit-wise scrambling for a byte of one operation
bypass the check routine. However, an adversary who manages to induce the same
fault in both circuits circumvents checking and scrambling at once.
5.5 Protocol-Level Countermeasures
Protocol-level countermeasures are based on the fact that differential attacks need at
least two encryptions with the same key and plaintext. Thus, they either randomize
the key or the plaintext. Such countermeasures are not only very effective but also
low in cost when compared to the previously discussed methods. Additionally, some
of them even provide unified protection against DPA and fault attacks. Their main
disadvantages are that (1) changes in the protocol are needed, which is often diffi-
cult in widely established systems, and (2) that only one party within a two-party
communication can be protected.
In particular, we will look at three different approaches. The first one is based on
all-or-nothing transforms and was actually intended to protect against DPA attacks.
However, it automatically protects against fault attacks. The second technique is
also based on message randomization and is the cheapest of all approaches. The
disadvantage is that it only provides fault protection. Finally, the third countermeasure
is based on re-keying and thus provides a unified countermeasure against DPA and
fault attacks.
All three approaches can only protect one party in a two-party communication.
This is because only the encryption is probabilistic and an adversary could always
attack the decryption. The first approach can protect two parties against DPA but
requires a second pre-shared key to achieve this. However, the fact that only one
party can be protected is often not a concern in low-cost applications. This is because
if only one party has to be low-cost (this could be an RFID tag or a smart card), the
other party (e.g. an RFID or smart card reader) can be protected by different, more
expensive, means.
Search WWH ::




Custom Search