Cryptography Reference
In-Depth Information
Chapter 6
On Countermeasures Against Fault Attacks
on the Advanced Encryption Standard
Kaouthar Bousselam, Giorgio Di Natale, Marie-Lise Flottes
and Bruno Rouzeyre
Abstract
This chapter presents redundancy-based error detection mechanisms
deployed in devices implementing the Advanced Encryption Standard for preventing
fault-based attacks. Different forms of redundancy are examined, highlighting
strengths and weaknesses with regard to cost, global error detection capabilities,
and ability to detect errors.
6.1 Introduction
Cipher algorithms are often integrated as coprocessors for performance reasons.
Hopefully, cryptanalysis on most recent algorithms is not practical.
Unfortunately, numerous types of attacks against secure devices rely on the
hardware implementation of the ciphers. These attacks take advantage of logical
or physical information naturally processed or leaked by the physical component.
Invasive attacks, which use probes and irreversible modifications of the chip, are very
powerful but destroy the package, and require the time of experts in well-equipped
laboratories and a large budget.
Conversely, non-invasive side-channel attacks use leakage information related to
the processed data such as the operational timing, the power consumption of the chip,
the electromagnetic emanations of signals. In the middle, active but semi- or non-
invasive fault-based attacks rely on perturbation of the circuit and use the (expected)
production of erroneous results for inferring secret information. Formally, the faults
reflect the physical conditions that cause a circuit to fail to perform in a required
manner. The error is the visible aspect of the fault, i.e. a wrong observable signal
ยท
