Security analysis of concurrent error detection against differential fault analysis

Xiaofei Guo, Debdeep Mukhopadhyay, Chenglu Jin, Ramesh Karri

Research output: Contribution to journalArticle

Abstract

Differential fault analysis (DFA) poses a significant threat to advanced encryption standard (AES). Only a single faulty ciphertext is required to extract the secret key. Concurrent error detection (CED) is widely used to protect AES against DFA. Traditionally, these CEDs are evaluated with uniformly distributed faults, the resulting fault coverage indicates the security of CEDs against DFA. However, DFA-exploitable faults, which are a small subspace of the entire fault space, are not uniformly distributed. Therefore, fault coverage does not accurately measure the security of the CEDs against DFA. We provide a systematic study of DFA of AES and show that an attacker can inject biased faults to improve the success rate of the attacks. We propose fault entropy (FE) and fault differential entropy (FDE) to evaluate CEDs. We show that most CEDs with high fault coverage are not secure when evaluated with FE and FDE. This work challenges the traditional use of fault coverage for uniformly distributed faults as a metric for evaluating the security of CEDs against DFA.

Original languageEnglish (US)
Pages (from-to)153-169
Number of pages17
JournalJournal of Cryptographic Engineering
Volume5
Issue number3
DOIs
StatePublished - Sep 10 2015

Fingerprint

Error detection
Entropy
Cryptography
Side channel attack

Keywords

  • Advanced encryption standard
  • Block cipher
  • Concurrent error detection
  • Differential fault analysis
  • Fault attack

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Cite this

Security analysis of concurrent error detection against differential fault analysis. / Guo, Xiaofei; Mukhopadhyay, Debdeep; Jin, Chenglu; Karri, Ramesh.

In: Journal of Cryptographic Engineering, Vol. 5, No. 3, 10.09.2015, p. 153-169.

Research output: Contribution to journalArticle

Guo, Xiaofei ; Mukhopadhyay, Debdeep ; Jin, Chenglu ; Karri, Ramesh. / Security analysis of concurrent error detection against differential fault analysis. In: Journal of Cryptographic Engineering. 2015 ; Vol. 5, No. 3. pp. 153-169.
@article{ab70f91dc4a04888845f3fb22c23063f,
title = "Security analysis of concurrent error detection against differential fault analysis",
abstract = "Differential fault analysis (DFA) poses a significant threat to advanced encryption standard (AES). Only a single faulty ciphertext is required to extract the secret key. Concurrent error detection (CED) is widely used to protect AES against DFA. Traditionally, these CEDs are evaluated with uniformly distributed faults, the resulting fault coverage indicates the security of CEDs against DFA. However, DFA-exploitable faults, which are a small subspace of the entire fault space, are not uniformly distributed. Therefore, fault coverage does not accurately measure the security of the CEDs against DFA. We provide a systematic study of DFA of AES and show that an attacker can inject biased faults to improve the success rate of the attacks. We propose fault entropy (FE) and fault differential entropy (FDE) to evaluate CEDs. We show that most CEDs with high fault coverage are not secure when evaluated with FE and FDE. This work challenges the traditional use of fault coverage for uniformly distributed faults as a metric for evaluating the security of CEDs against DFA.",
keywords = "Advanced encryption standard, Block cipher, Concurrent error detection, Differential fault analysis, Fault attack",
author = "Xiaofei Guo and Debdeep Mukhopadhyay and Chenglu Jin and Ramesh Karri",
year = "2015",
month = "9",
day = "10",
doi = "10.1007/s13389-014-0092-8",
language = "English (US)",
volume = "5",
pages = "153--169",
journal = "Journal of Cryptographic Engineering",
issn = "2190-8508",
publisher = "Springer Science + Business Media",
number = "3",

}

TY - JOUR

T1 - Security analysis of concurrent error detection against differential fault analysis

AU - Guo, Xiaofei

AU - Mukhopadhyay, Debdeep

AU - Jin, Chenglu

AU - Karri, Ramesh

PY - 2015/9/10

Y1 - 2015/9/10

N2 - Differential fault analysis (DFA) poses a significant threat to advanced encryption standard (AES). Only a single faulty ciphertext is required to extract the secret key. Concurrent error detection (CED) is widely used to protect AES against DFA. Traditionally, these CEDs are evaluated with uniformly distributed faults, the resulting fault coverage indicates the security of CEDs against DFA. However, DFA-exploitable faults, which are a small subspace of the entire fault space, are not uniformly distributed. Therefore, fault coverage does not accurately measure the security of the CEDs against DFA. We provide a systematic study of DFA of AES and show that an attacker can inject biased faults to improve the success rate of the attacks. We propose fault entropy (FE) and fault differential entropy (FDE) to evaluate CEDs. We show that most CEDs with high fault coverage are not secure when evaluated with FE and FDE. This work challenges the traditional use of fault coverage for uniformly distributed faults as a metric for evaluating the security of CEDs against DFA.

AB - Differential fault analysis (DFA) poses a significant threat to advanced encryption standard (AES). Only a single faulty ciphertext is required to extract the secret key. Concurrent error detection (CED) is widely used to protect AES against DFA. Traditionally, these CEDs are evaluated with uniformly distributed faults, the resulting fault coverage indicates the security of CEDs against DFA. However, DFA-exploitable faults, which are a small subspace of the entire fault space, are not uniformly distributed. Therefore, fault coverage does not accurately measure the security of the CEDs against DFA. We provide a systematic study of DFA of AES and show that an attacker can inject biased faults to improve the success rate of the attacks. We propose fault entropy (FE) and fault differential entropy (FDE) to evaluate CEDs. We show that most CEDs with high fault coverage are not secure when evaluated with FE and FDE. This work challenges the traditional use of fault coverage for uniformly distributed faults as a metric for evaluating the security of CEDs against DFA.

KW - Advanced encryption standard

KW - Block cipher

KW - Concurrent error detection

KW - Differential fault analysis

KW - Fault attack

UR - http://www.scopus.com/inward/record.url?scp=84938772552&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84938772552&partnerID=8YFLogxK

U2 - 10.1007/s13389-014-0092-8

DO - 10.1007/s13389-014-0092-8

M3 - Article

AN - SCOPUS:84938772552

VL - 5

SP - 153

EP - 169

JO - Journal of Cryptographic Engineering

JF - Journal of Cryptographic Engineering

SN - 2190-8508

IS - 3

ER -