Fault attacks on AES and their countermeasures

Subidh Ali, Xiaofei Guo, Ramesh Karri, Debdeep Mukhopadhyay

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Fault Attacks exploit malicious or accidental faults injected during the computation of a cryptographic algorithm. Combining the seminal idea by Boneh, DeMillo and Lipton with Differential Cryptanalysis, a new field of Differential Fault Attacks (DFA) has emerged. DFA has shown that several ciphers can be compromised if the faults can be suitably controlled. DFA is not restricted to old ciphers, but can be a powerful attack vector even for modern ciphers, like the Advanced Encryption Standard (AES). In this book chapter, we present an overview on the history of fault attacks and their general principle. The chapter subsequently concentrates on the AES algorithm and explains the developed fault attacks. The chapter covers the entire range of attacks finally showing that a single random byte fault can reduce the AES key to 28 values, with a time complexity of 230. Further extensions of the fault attack to multiple byte fault models and attacks targeting the AES key schedule are also presented in the chapter. These attacks emphasize the requirement of counter-measures to detect the underlying faults and accordingly suppress the invalid output. The chapter then presents a survey of existing DFA countermeasures, concluding with the efficient Concurrent Error Detection (CED) schemes which have been developed utilizing the invariance properties in AES. Such a strategy provides near 100%fault coverage at a less overhead. The combined chapter shows that DFA against AES are practical, and can be prevented using suitable techniques.

Original languageEnglish (US)
Title of host publicationSecure System Design and Trustable Computing
PublisherSpringer International Publishing
Pages163-208
Number of pages46
ISBN (Print)9783319149714, 9783319149707
DOIs
StatePublished - Sep 17 2015

Fingerprint

Electronic crime countermeasures
Cryptography
Side channel attack
Error detection
Invariance

ASJC Scopus subject areas

  • Engineering(all)
  • Computer Science(all)

Cite this

Ali, S., Guo, X., Karri, R., & Mukhopadhyay, D. (2015). Fault attacks on AES and their countermeasures. In Secure System Design and Trustable Computing (pp. 163-208). Springer International Publishing. https://doi.org/10.1007/978-3-319-14971-4_5

Fault attacks on AES and their countermeasures. / Ali, Subidh; Guo, Xiaofei; Karri, Ramesh; Mukhopadhyay, Debdeep.

Secure System Design and Trustable Computing. Springer International Publishing, 2015. p. 163-208.

Research output: Chapter in Book/Report/Conference proceedingChapter

Ali, S, Guo, X, Karri, R & Mukhopadhyay, D 2015, Fault attacks on AES and their countermeasures. in Secure System Design and Trustable Computing. Springer International Publishing, pp. 163-208. https://doi.org/10.1007/978-3-319-14971-4_5
Ali S, Guo X, Karri R, Mukhopadhyay D. Fault attacks on AES and their countermeasures. In Secure System Design and Trustable Computing. Springer International Publishing. 2015. p. 163-208 https://doi.org/10.1007/978-3-319-14971-4_5
Ali, Subidh ; Guo, Xiaofei ; Karri, Ramesh ; Mukhopadhyay, Debdeep. / Fault attacks on AES and their countermeasures. Secure System Design and Trustable Computing. Springer International Publishing, 2015. pp. 163-208
@inbook{6355775992c344f893a599e1b7862422,
title = "Fault attacks on AES and their countermeasures",
abstract = "Fault Attacks exploit malicious or accidental faults injected during the computation of a cryptographic algorithm. Combining the seminal idea by Boneh, DeMillo and Lipton with Differential Cryptanalysis, a new field of Differential Fault Attacks (DFA) has emerged. DFA has shown that several ciphers can be compromised if the faults can be suitably controlled. DFA is not restricted to old ciphers, but can be a powerful attack vector even for modern ciphers, like the Advanced Encryption Standard (AES). In this book chapter, we present an overview on the history of fault attacks and their general principle. The chapter subsequently concentrates on the AES algorithm and explains the developed fault attacks. The chapter covers the entire range of attacks finally showing that a single random byte fault can reduce the AES key to 28 values, with a time complexity of 230. Further extensions of the fault attack to multiple byte fault models and attacks targeting the AES key schedule are also presented in the chapter. These attacks emphasize the requirement of counter-measures to detect the underlying faults and accordingly suppress the invalid output. The chapter then presents a survey of existing DFA countermeasures, concluding with the efficient Concurrent Error Detection (CED) schemes which have been developed utilizing the invariance properties in AES. Such a strategy provides near 100{\%}fault coverage at a less overhead. The combined chapter shows that DFA against AES are practical, and can be prevented using suitable techniques.",
author = "Subidh Ali and Xiaofei Guo and Ramesh Karri and Debdeep Mukhopadhyay",
year = "2015",
month = "9",
day = "17",
doi = "10.1007/978-3-319-14971-4_5",
language = "English (US)",
isbn = "9783319149714",
pages = "163--208",
booktitle = "Secure System Design and Trustable Computing",
publisher = "Springer International Publishing",

}

TY - CHAP

T1 - Fault attacks on AES and their countermeasures

AU - Ali, Subidh

AU - Guo, Xiaofei

AU - Karri, Ramesh

AU - Mukhopadhyay, Debdeep

PY - 2015/9/17

Y1 - 2015/9/17

N2 - Fault Attacks exploit malicious or accidental faults injected during the computation of a cryptographic algorithm. Combining the seminal idea by Boneh, DeMillo and Lipton with Differential Cryptanalysis, a new field of Differential Fault Attacks (DFA) has emerged. DFA has shown that several ciphers can be compromised if the faults can be suitably controlled. DFA is not restricted to old ciphers, but can be a powerful attack vector even for modern ciphers, like the Advanced Encryption Standard (AES). In this book chapter, we present an overview on the history of fault attacks and their general principle. The chapter subsequently concentrates on the AES algorithm and explains the developed fault attacks. The chapter covers the entire range of attacks finally showing that a single random byte fault can reduce the AES key to 28 values, with a time complexity of 230. Further extensions of the fault attack to multiple byte fault models and attacks targeting the AES key schedule are also presented in the chapter. These attacks emphasize the requirement of counter-measures to detect the underlying faults and accordingly suppress the invalid output. The chapter then presents a survey of existing DFA countermeasures, concluding with the efficient Concurrent Error Detection (CED) schemes which have been developed utilizing the invariance properties in AES. Such a strategy provides near 100%fault coverage at a less overhead. The combined chapter shows that DFA against AES are practical, and can be prevented using suitable techniques.

AB - Fault Attacks exploit malicious or accidental faults injected during the computation of a cryptographic algorithm. Combining the seminal idea by Boneh, DeMillo and Lipton with Differential Cryptanalysis, a new field of Differential Fault Attacks (DFA) has emerged. DFA has shown that several ciphers can be compromised if the faults can be suitably controlled. DFA is not restricted to old ciphers, but can be a powerful attack vector even for modern ciphers, like the Advanced Encryption Standard (AES). In this book chapter, we present an overview on the history of fault attacks and their general principle. The chapter subsequently concentrates on the AES algorithm and explains the developed fault attacks. The chapter covers the entire range of attacks finally showing that a single random byte fault can reduce the AES key to 28 values, with a time complexity of 230. Further extensions of the fault attack to multiple byte fault models and attacks targeting the AES key schedule are also presented in the chapter. These attacks emphasize the requirement of counter-measures to detect the underlying faults and accordingly suppress the invalid output. The chapter then presents a survey of existing DFA countermeasures, concluding with the efficient Concurrent Error Detection (CED) schemes which have been developed utilizing the invariance properties in AES. Such a strategy provides near 100%fault coverage at a less overhead. The combined chapter shows that DFA against AES are practical, and can be prevented using suitable techniques.

UR - http://www.scopus.com/inward/record.url?scp=84955345351&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84955345351&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-14971-4_5

DO - 10.1007/978-3-319-14971-4_5

M3 - Chapter

AN - SCOPUS:84955345351

SN - 9783319149714

SN - 9783319149707

SP - 163

EP - 208

BT - Secure System Design and Trustable Computing

PB - Springer International Publishing

ER -