• Title/Summary/Keyword: Fault injection attack

Search Result 32, Processing Time 0.018 seconds

A Physical Combined Attack and its Countermeasure on BNP Exponentiation Algorithm (BNP 멱승 알고리듬에 대한 물리적인 조합 공격 및 대응책)

  • Kim, Hyung-Dong;Ha, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.585-591
    • /
    • 2013
  • Recently, the combined attack which is a combination of side channel analysis and fault attack has been developed to extract the secret key during the cryptographic processes using a security device. Unfortunately, an attacker can find the private key of RSA cryptosystem through one time fault injection and power signal analysis. In this paper, we diagnosed SPA/FA resistant BNP(Boscher, Naciri, and Prouff) exponentiation algorithm as having threats to a similar combined attack. And we proposed a simple countermeasure to resist against this combined attack by randomizing the private key using error infective method.

Differential Fault Attack on SSB Cipher (SSB 암호 알고리즘에 대한 차분 오류 공격)

  • Kang, HyungChul;Lee, Changhoon
    • Journal of Advanced Navigation Technology
    • /
    • v.19 no.1
    • /
    • pp.48-52
    • /
    • 2015
  • In this paper, we propose a differential fault analysis on SSB having same structure in encryption and decryption proposed in 2011. The target algorithm was designed using advanced encryption standard and has advantage about hardware implementations. The differential fault analysis is one of side channel attacks, combination of the fault injection attacks with the differential cryptanalysis. Because SSB is suitable for hardware, it must be secure for the differential fault analysis. However, using proposed differential fault attack in this paper, we can recover the 128 bit secret key of SSB through only one random byte fault injection and an exhausted search of $2^8$. This is the first cryptanalytic result on SSB having same structure in encryption and decryption.

Novel Differential Fault Attack Using Function-Skipping on AES (함수 생략 오류를 이용하는 AES에 대한 신규 차분 오류 공격)

  • Kim, Ju-Hwan;Lee, JongHyeok;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1263-1270
    • /
    • 2020
  • The differential fault attacks (DFA) are cryptoanalysis methods that reveal the secret key utilizing differences between the normal and faulty ciphertexts, which occurred when artificial faults are injected into an encryption device. The conventional DFA methods use faults to falsify intermediate values. Meanwhile, we propose the novel DFA method that uses a fault to skip a function. The proposed method has a very low attack complexity that reveals the secret key using one fault injected ciphertext within seconds. Also, we proposed a method that filters out ciphertexts where the injected faults did not occur the function-skipping. It makes our method realistic. To demonstrate the proposed method, we performed fault injection on the Riscure's Piñata board. As a result, the proposed method can filter out and reveal the secret key within seconds on a real device.

Cryptanalysis using Fault Injection and Countermeasures on DSA (오류주입을 이용한 DSA 서명 알고리즘 공격 및 대응책)

  • Jung, Chul-Jo;Oh, Doo-Hwan;Choi, Doo-Sik;Kim, Hwan-Koo;Ha, Jae-Cheol
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.11 no.8
    • /
    • pp.3045-3052
    • /
    • 2010
  • The international standard signature algorithm DSA has been guaranteed its security based on discrete logarithm problem. Recently, the DSA was known to be vulnerable to some fault analysis attacks in which the secret key stored inside of the device can be extracted by occurring some faults when the device performs signature algorithm. After analyzing an existing fault attack presented by Bao et al., this paper proposed a new fault analysis attack by disturbing the random number. Furthermore, we presented a countermeasure to compute DSA signature that has its immunity in the two types of fault attacks. The security and efficiency of the proposed countermeasure were verified by computer simulations.

Improved Shamir's CRT-RSA Algorithm: Revisit with the Modulus Chaining Method

  • Lee, Seungkwang;Choi, Dooho;Choi, Yongje
    • ETRI Journal
    • /
    • v.36 no.3
    • /
    • pp.469-478
    • /
    • 2014
  • RSA signature algorithms using the Chinese remainder theorem (CRT-RSA) are approximately four-times faster than straightforward implementations of an RSA cryptosystem. However, the CRT-RSA is known to be vulnerable to fault attacks; even one execution of the algorithm is sufficient to reveal the secret keys. Over the past few years, several countermeasures against CRT-RSA fault attacks have tended to involve additional exponentiations or inversions, and in most cases, they are also vulnerable to new variants of fault attacks. In this paper, we review how Shamir's countermeasure can be broken by fault attacks and improve the countermeasure to prevent future fault attacks, with the added benefit of low additional costs. In our experiment, we use the side-channel analysis resistance framework system, a fault injection testing and verification system, which enables us to inject a fault into the right position, even to within $1{\mu}s$. We also explain how to find the exact timing of the target operation using an Atmega128 software board.

Security Analysis on Block Cipher XSB (블록 암호 XSB에 대한 안전성 분석)

  • Lee, Changhoon
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.7
    • /
    • pp.311-316
    • /
    • 2013
  • 256-bit block cipher XSB(eXtended Spn Block cipher) was proposed in 2012 and has a symmetric strucrure in encryption and decryption process. In this paper, we propose a differential fault analysis on XSB. Based on a random byte fault model, our attack can recover the secret key of XSB by using only two random byte fault injection. This result is the first known cryptanalytic result on the target algorithm.

A Data Fault Attack on the Miller Algorithm for Pairing Computation in Mobile Ad-Hoc Network Environments (이동 Ad-Hoc 네트워크 환경에서 페어링 연산의 밀러 알고리듬에 대한 데이터 오류 공격)

  • Bae, KiSeok;Sohn, GyoYong;Park, YoungHo;Moon, SangJae
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.50 no.2
    • /
    • pp.70-79
    • /
    • 2013
  • Recently, there has been introduced various types of pairing computations to implement ID based cryptosystem for mobile ad hoc network. The Miller algorithm is the most popular algorithm for the typical pairing computation such as Weil, Tate and Ate. In this paper, we analyze the feasibility of concrete data fault injection attack, which was proposed by Whelan and Scott, in terms of regardless of round positions during the execution of the Miller algorithm. As the simulation results, the proposed attack that can be employed to regardless of round positions and coordinate systems is effective and powerful.

Differential Fault Analysis on Lightweight Block Cipher LBlock (경량 블록 암호 LBlock에 대한 차분 오류 공격)

  • Jeong, Ki-Tae;Lee, Chang-Hoon
    • Journal of Advanced Navigation Technology
    • /
    • v.16 no.5
    • /
    • pp.871-878
    • /
    • 2012
  • LBlock is a 64-bit ultra-light block cipher suitable for the constrained environments such as wireless sensor network environments. In this paper, we propose a differential fault analysis on LBlock. Based on a random nibble fault model, our attack can recover the secret key of LBlock by using the exhaustive search of $2^{25}$ and five random nibble fault injection on average. It can be simulated on a general PC within a few seconds. This result is superior to known differential fault analytic result on LBlock.

Differential Fault Analysis of the Block Cipher LEA (블록 암호 LEA에 대한 차분 오류 공격)

  • Park, Myungseo;Kim, Jongsung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1117-1127
    • /
    • 2014
  • Differential Fault Analysis(DFA) is widely known for one of the most powerful method for analyzing block cipher. it is applicable to block cipher such as DES, AES, ARIA, SEED, and lightweight block cipher such as PRESENT, HIGHT. In this paper, we introduce a differential fault analysis on the lightweight block cipher LEA for the first time. we use 300 chosen fault injection ciphertexts to recover 128-bit master key. As a result of our attack, we found a full master key within an average of 40 minutes on a standard PC environment.

Hardware Fault Attack Resistant RSA-CRT with Parallel Support (오류주입 공격에 강건하며 병렬연산이 가능한 RSA-CRT)

  • Eun, Ha-Soo;Oh, Hee-Kuck;Kim, Sang-Jin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.5
    • /
    • pp.59-70
    • /
    • 2012
  • RSA-CRT is one of the commonly used techniques to speedup RSA operation. Since RSA-CRT performs its operations based on the modulus of two private primes, it is about four times faster than RSA. In RSA, the two primes are normally thrown away after generating the public key pair. However, in RSA-CRT, the two primes are directly used in RSA operations. This led to hardware fault attacks which can be used to factor the public modulus. The most common way to counter these attacks is based on error propagation. In these schemes, all the outputs of RSA are affected by the infected error which makes it difficult for an adversary to use the output to factor the public modulus. However, the error propagation has sequentialized the RSA operation. Moreover, these schemes have been found to be still vulnerable to hardware fault attacks. In this paper, we propose two new RSA-CRT schemes which are both resistant to hardware fault attack and support parallel execution: one uses common modulus and the other one perform operations in each prime modulus. Both proposed schemes takes about a time equal to two exponentiations to complete the RSA operation if parallel execution is fully used and can protect the two private primes from hardware fault attacks.