ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Differential Fault Analysis for Round-Reduced AES by Fault Injection

  • Park, Jea-Hoon (Graduate School of Electrical Engineering and Computer Science, Kyungpook National University) ;
  • Moon, Sang-Jae (School of Electronics Engineering, Kyungpook National University) ;
  • Choi, Doo-Ho (Software Research Laboratory, ETRI) ;
  • Kang, You-Sung (Software Research Laboratory, ETRI) ;
  • Ha, Jae-Cheol (Department of Information Security, Hoseo University)
  • Received : 2010.08.11
  • Accepted : 2010.11.18
  • Published : 2011.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

This paper presents a practical differential fault analysis method for the faulty Advanced Encryption Standard (AES) with a reduced round by means of a semi-invasive fault injection. To verify our proposal, we implement the AES software on the ATmega128 microcontroller as recommended in the standard document FIPS 197. We reduce the number of rounds using a laser beam injection in the experiment. To deduce the initial round key, we perform an exhaustive search for possible key bytes associated with faulty ciphertexts. Based on the simulation result, our proposal extracts the AES 128-bit secret key in less than 10 hours with 10 pairs of plaintext and faulty ciphertext.

Keywords

References

  1. E. Biham and A. Shamir, "Differential Fault Analysis of Secret Key Cryptosystems," Proc. CRYPTO, LNCS, vol. 1294, 1997, pp. 513-525.
  2. L. Hemme, "A Differential Fault Analysis Against Early Rounds of (Triple-) DES," Proc. CHES, LNCS, vol. 3156, 2004, pp. 254- 267.
  3. J. BlÄomer and J. Seifert, "Fault Based Cryptanalysis of the Advanced Encryption Standard (AES)," Proc. FC, LNCS, vol. 2742, 2003, pp. 162-181.
  4. P. Dusart, G. Letourneux, and O. Vivolo, "Differential Fault Analysis on AES," Proc. ACNS, LNCS, vol. 2846, 2003, pp. 293- 306.
  5. G. Piret and J. Quisquater, "A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD," Proc. CHES, LNCS, vol. 2779, 2003, pp. 77-88.
  6. A. Moradi, M. Shalmani, and M. Salmasizadeh, "A Generalized Method of Differential Fault Attack against AES Cryptosystem," Proc. CHES, LNCS, vol. 4249, 2006, pp. 91-100.
  7. C. Chen and S. Yen, "Differential Fault Analysis on AES Key Schedule and Some Countermeasures," Proc. ACISP'03, LNCS, vol. 2727, 2003, pp. 118-129.
  8. C. Giraud, "DFA on AES," Proc. AES, LNCS, vol. 3373, 2005, pp. 27-41.
  9. J. Takahashi, T. Fikunaga, and K. Yamakoshi, "DFA Mechanism on the AES Key Schedule," Proc. FDTC, 2007, pp. 62-72.
  10. C. Kim and J. Quisquater, "New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough," Proc. CARDIS, LNCS, vol. 5189, 2008, pp. 48-60.
  11. H. Choukri and M. Tunstall, "Round Reduction Using Faults," Proc. FDTC, 2005, pp.13-24.
  12. H. Chen, W. Wu, and D. Feng, "Differential Fault Analysis on CLEFIA," Proc. ICICS, LNCS, vol. 4861, 2007, pp. 284-295.
  13. T. Shirai et al., "The 128-Bit Block Cipher CLEFIA (Extended Abstract)," Proc. FSE, LNCS, vol. 4953, 2007, pp. 181-195.
  14. W. Li, D. Gu, and J. Li, "Differential Fault Analysis on the ARIA Algorithm," Information Sciences, Elsevier, vol. 178, no. 19, Oct. 2008, pp. 3727-3737. https://doi.org/10.1016/j.ins.2008.05.031
  15. NIST, "Announcing the Advanced Encryption Standard," FIPS 197, 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  16. Atmel Corp. Available: http://www.atmel.com/dyn/resources/ prod documents/doc2467.pdf
  17. New Wave Research Available: http://www.new-wave.com/ 1nwrProducts/EZLaze3.htm

Cited by

  1. Development and evaluation of a microstep DFA vulnerability estimation method vol.8, pp.22, 2011, https://doi.org/10.1587/elex.8.1899
  2. AES 암호 알고리듬에 대한 반복문 뒷 라운드 축소 공격 vol.22, pp.3, 2011, https://doi.org/10.13089/jkiisc.2012.22.3.439
  3. Round Addition Using Faults for Generalized Feistel Network vol.ed96, pp.1, 2011, https://doi.org/10.1587/transinf.e96.d.146
  4. Round Addition DFA on SPN Block Ciphers vol.ea97, pp.12, 2011, https://doi.org/10.1587/transfun.e97.a.2671
  5. Improved Shamir's CRT-RSA Algorithm: Revisit with the Modulus Chaining Method vol.36, pp.3, 2011, https://doi.org/10.4218/etrij.14.0113.0317
  6. Double Counting in $2^{t}$-ary RSA Precomputation Reveals the Secret Exponent vol.10, pp.7, 2015, https://doi.org/10.1109/tifs.2015.2411213
  7. Frontside Versus Backside Laser Injection : A Comparative Study vol.13, pp.1, 2011, https://doi.org/10.1145/2845999
  8. 함수 생략 오류를 이용하는 AES에 대한 신규 차분 오류 공격 vol.30, pp.6, 2011, https://doi.org/10.13089/jkiisc.2020.30.6.1263