A comparative cost/security analysis of fault attack countermeasures

Authors:
Tal G. Malkin;François-Xavier Standaert;Moti Yung
Affiliations:
Dept. of Computer Science, Columbia University;Dept. of Computer Science, Columbia University;Dept. of Computer Science, Columbia University
Venue:
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Year:
2006

Citing 17
Cited 12

The Design of Rijndael

The Design of Rijndael
Differential Fault Attacks on Elliptic Curve Cryptosystems

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Differential Fault Analysis of Secret Key Cryptosystems

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Low Cost Attacks on Tamper Resistant Devices

Proceedings of the 5th International Workshop on Security Protocols
Fast Primitives for Internal Data Scrambling in Tamper Resistant Hardware

CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Optical Fault Induction Attacks

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard

IEEE Transactions on Computers
On a New Way to Read Data from Memory

SISW '02 Proceedings of the First International IEEE Security in Storage Workshop
WHICH CONCURRENT ERROR DETECTION SCHEME TO CHOOSE?

ITC '00 Proceedings of the 2000 IEEE International Test Conference
Fault-tolerant computing for radiation environments

Fault-tolerant computing for radiation environments
Robust Protection against Fault-Injection Attacks on Smart Cards Implementing the Advanced Encryption Standard

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
An Efficient Hardware-Based Fault Diagnosis Scheme for AES: Performances and Cost

DFT '04 Proceedings of the Defect and Fault Tolerance in VLSI Systems, 19th IEEE International Symposium
Characterization of Soft Errors Caused by Single Event Upsets in CMOS Processes

IEEE Transactions on Dependable and Secure Computing
Low Cost Concurrent Error Detection for the Advanced Encryption Standard

ITC '04 Proceedings of the International Test Conference on International Test Conference
Tamper resistance: a cautionary note

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
On the importance of checking cryptographic protocols for faults

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Differential fault analysis on the ARIA algorithm

Information Sciences: an International Journal
High-Performance Concurrent Error Detection Scheme for AES Hardware

CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Programmable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Differential Fault Analysis on DES Middle Rounds

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Fault Detection Structures of the S-boxes and the Inverse S-boxes for the Advanced Encryption Standard

Journal of Electronic Testing: Theory and Applications
Design and characterisation of an AES chip embedding countermeasures

International Journal of Intelligent Engineering Informatics
Physical security bounds against tampering

ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Fault detection of the macguffin cipher against differential fault attack

INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Infective computation and dummy rounds: fault protection for block ciphers without check-before-output

LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
Error detecting AES using polynomial residue number systems

Microprocessors & Microsystems
Comprehensive analysis of software countermeasures against fault attacks

Proceedings of the Conference on Design, Automation and Test in Europe
Secure multipliers resilient to strong fault-injection attacks using multilinear arithmetic codes

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption algorithms. To protect cryptographic implementations (e.g. of the recent AES which will be our running example) against these attacks, a number of innovative countermeasures have been proposed, usually based on the use of space and time redundancies (e.g. error detection/correction techniques, repeated computations). In this paper, we take the next natural step in engineering studies where alternative methods exist, namely, we take a comparative perspective. For this purpose, we use unified security and efficiency metrics to evaluate various recent protections against fault attacks. The comparative study reveals security weaknesses in some of the countermeasures (e.g. intentional malicious fault injection that are unrealistically modelled). The study also demonstrates that, if fair performance evaluations are performed, many countermeasures are not better than the naive solutions, namely duplication or repetition. We finally suggest certain design improvements for some countermeasures, and further discuss security/efficiency tradeoffs.