Countermeasures against fault attacks on software implemented AES: effectiveness and cost

Authors:
Alessandro Barenghi;Luca Breveglieri;Israel Koren;Gerardo Pelosi;Francesco Regazzoni
Affiliations:
Politecnico di Milano, Milano, Italy;Politecnico di Milano, Milano, Italy;University of Massachusetts, Amherst, MA;Politecnico di Milano, Milano, Italy;Université Catholique de Louvain, ALaRI -- University of Lugano, Lugano, Switzerland
Venue:
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Year:
2010

Citing 10
Cited 1

The Design of Rijndael

The Design of Rijndael
Low Cost Attacks on Tamper Resistant Devices

Proceedings of the 5th International Workshop on Security Protocols
Optical Fault Induction Attacks

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard

IEEE Transactions on Computers
Practical Setup Time Violation Attacks on AES

EDCC-7 '08 Proceedings of the 2008 Seventh European Dependable Computing Conference
A Practical Fault Attack on Square and Multiply

FDTC '08 Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography
Efficient Cache Attacks on AES, and Countermeasures

Journal of Cryptology
Low Voltage Fault Attacks on the RSA Cryptosystem

FDTC '09 Proceedings of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography
A generalized method of differential fault attack against AES cryptosystem

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
DFA on AES

AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard

A fault induction technique based on voltage underfeeding with application to attacks against AES and RSA

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we present software countermeasures specifically designed to counteract fault injection attacks during the execution of a software implementation of a cryptographic algorithm and analyze the efficiency of these countermeasures. We propose two approaches based on the insertion of redundant computations and checks, which in their general form are suitable for any cryptographic algorithm. In particular, we focus on selective instruction duplication to detect single errors, instruction triplication to support error correction, and parity checking to detect corruption of a stored value. We developed a framework to automatically add the desired countermeasure, and we support the possibility to apply the selected redundancy to either all the instructions of the cryptographic routine or restrict it to the most sensitive ones, such as table lookups and key fetching. Considering an ARM processor as a target platform and AES as a target algorithm, we evaluate the overhead of the proposed countermeasures while keeping the robustness of the implementation high enough to thwart most or all of the known fault attacks. Experimental results show that in the considered architecture, the solution with the smallest overhead is per-instruction selective doubling and checking, and that the instruction triplication scheme is a viable alternative if very high levels of injected fault resistance are required.