![Page 1: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/1.jpg)
Differential Fault Intensity Analysis
This research was supported in part by NSF Grant 1441710
FDTC 2014
N. F. Ghalaty, B. Yuce, M. Taha, P. Schaumont
ECE Department Virginia Tech
![Page 2: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/2.jpg)
Outline
1. DFIA vs DFA?2. Explaining Biased Faults3. An Attack Based on Fault Bias4. Experiments
•
Fault Bias Exists•
DFIA Demonstration
5. Related Work and Conclusions
2
![Page 3: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/3.jpg)
Differential Fault Analysis (DFA)
Cryptographic Algorithm Fault Model
Random Byte Random Bit Chosen Bit
DFAC, C’, C’’, .. → K
3
![Page 4: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/4.jpg)
Implementations and Actual Faults
Cryptographic Algorithm Fault Model
Random Byte Random Bit Chosen Bit
DFAC, C’, C’’, .. → K
Implementation Fault Injection
Cryptographic Architecture Fault Fault Bias
1-bit, 2-bit, ..
4
![Page 5: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/5.jpg)
Differential Fault Intensity Analysis (DFIA)
Cryptographic Algorithm Fault Model
Random Byte Random Bit Chosen Bit
DFAC, C’, C’’, .. → K
Implementation Fault Injection
Cryptographic Architecture Fault Fault Bias
1-bit, 2-bit, ..
DFIAC, C1
’, C2
’, .. → K
Variable Fault Intensity
5
![Page 6: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/6.jpg)
Where do Biased Faults come from?
B
A Q
Co
B
A Q
Co
Ci
B
A Q
Co
Ci
B
A Q
Co
Ci1
1
1
1
1
0
0
0
Q3
Q2
Q1
Q0
6
![Page 7: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/7.jpg)
Where do Biased Faults come from?
B
A Q
Co
B
A Q
Co
Ci
B
A Q
Co
Ci
B
A Q
Co
Ci1
1
1
1
1
0
0
0
Q3
Q2
Q1
Q0
TclkT3T2T1T0
Q0
Q1
Q2
Q3
CLK
7
![Page 8: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/8.jpg)
Where do Biased Faults come from?
B
A Q
Co
B
A Q
Co
Ci
B
A Q
Co
Ci
B
A Q
Co
Ci1
1
1
1
1
0
0
0
Q3
Q2
Q1
Q0
TclkT3T2T1T0
Q0
Q1
Q2
Q3
CLK
Clock Glitching
Pfault (Q3) > Pfault (Q2) > Pfault (Q1) > Pfault (Q0) 8
![Page 9: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/9.jpg)
Where do Biased Faults come from?
B
A Q
Co
B
A Q
Co
Ci
B
A Q
Co
Ci
B
A Q
Co
Ci1
1
1
1
1
0
0
0
Q3
Q2
Q1
Q0
TclkT3T2T1T0
Q0
Q1
Q2
Q3
CLK
Pfault (Q3) > Pfault (Q2) > Pfault (Q1) > Pfault (Q0)
Voltage Starving
9
![Page 10: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/10.jpg)
Biased Faults
•
Non-uniform propagation time results in non-uniform fault response.
•
Varying Fault Intensity [Li 2010] will trigger non-uniform faults. We call this Fault Bias.
•
Fault Bias is the basis of DFIA.
10
![Page 11: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/11.jpg)
Using Biased Faults for Cryptanalysis
SBOX(non-linear
function)
S State
ByteC
Cipher Byte
K Key Byte
Given: C, C’
for a given fault bias B (1-bit, 2-bit, ...)Find: number of keys that result in a solution for
C’
= SBOX(S’) xor K, C = SBOX(S) xor Kfor all S, S’
where HD(S, S’) <= B
11
![Page 12: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/12.jpg)
Key uncertainty for single biased fault
Distribution of Key Count for every possible Sunder a 2-bit Fault Injection
12
![Page 13: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/13.jpg)
Key uncertainty for dual biased fault
Key Count Distribution for every S
under a 1-bit Fault Injectionfollowed by 4-bit Fault Injection
13
![Page 14: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/14.jpg)
Key uncertainty for triple biased fault
Variable fault intensity removes the uncertainty on the key, even when we don’t know S
14
![Page 15: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/15.jpg)
Hypothesis Test with Biased Faults
SBOX(non-linear
function)
S’ State
ByteC’
Cipher Byte
K Key Byte
Given: C, C’
for a known fault bias BFind: most likely key byte K
For all K, find S’
= SBOX-1(C’
xor K)
Accumulate ρK
= Σ(HD(S’, S))Select K = argmin ρ
~ ~
~
15
![Page 16: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/16.jpg)
Experimental Setup
•
FPGA: Altera Cyclone IV (DE2-115)•
Agilent 81110A Pulse/Pattern Generator
![Page 17: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/17.jpg)
Biased Fault Behavior for Sbox
![Page 18: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/18.jpg)
Experimental Setup for AES
![Page 19: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/19.jpg)
DFIA on AES
![Page 20: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/20.jpg)
DFIA Steps on AES
![Page 21: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/21.jpg)
DFIA Steps on AES
![Page 22: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/22.jpg)
DFIA Results on AES
•
AES DFIA when injecting a single-byte fault in round 9•
4.6 fault injections to retrieve 1 key byte (90 exp)
•
68 fault injections to retrieve all key bytes (3 exp)•
AES DFIA when injecting multiple single- byte faults in round 9•
Fault analysis at 24 clock frequencies between 100MHz and 330 MHz
•
7 fault injections to retrieve AES key (1 exp)
![Page 23: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/23.jpg)
Related Work
•
DFIA is similar to DPA, uses fault bias as a source of side-channel leakage
•
Unlike FSA [Li], DFIA does not require data dependency on fault sensitivity. It uses fault bias and associated differential effects.
•
Several recent attacks [Fuhr FDTC 13, deSantis LightSec 14] use bias on the faulty state.•
DFIA does not require bias in the faulty state.
•
DFIA is experimentally demonstrated.
23
![Page 24: Differential Fault Intensity Analysisconferenze.dei.polimi.it/FDTC14/shared/FDTC-2014-session_2_3.pdf · under a 2-bit Fault Injection . 12. Key uncertainty for dual biased fault](https://reader036.vdocuments.us/reader036/viewer/2022062318/5fd42d25e641e52ff06b7a8f/html5/thumbnails/24.jpg)
Conclusions
•
DFIA requires slightly more faults than some other round-9 fault attacks
•
On the other hand, DFIA only uses a loose fault injection requirement, and assumes only the presence of fault bias
•
Future efforts:•
Apply DFIA to other Algorithms
•
Apply DFIA to Software Platforms•
DFIA Countermeasures
24