Security characterisation of a hardened AES cryptosystem using a laser

• Autorzy: Roscian C. , Praden F. , Dutertre J. M. , Fournier J. , Tria A.

Warianty tytułu

PL

Określanie poziomu bezpieczeństwa sprzętowego modułu AES z wykorzystaniem lasera

• Języki publikacji: EN

Abstrakty

EN

The AES is a standard encryption algorithm used in numerous cryptographic systems like smart cards, TPMs as well as in protocols like WPA2 or OpenSSL. Measuring the robustness of AES implementations against physical attacks is of utmost import-ance in order to guarantee the security of the system into which the AES is used. In this article, we describe how a hardware AES, embedding countermeasures against physical attacks, has been characterized using a laser. With the latter, we tried to implement a class of physical attacks called fault attacks which, when successful, allows an attacker to retrieve the secret key used by the AES module. Our experiments have allowed us to validate the efficiency of some of the countermeasures implemented in this AES implementation and have given us hints on how to further improve them.

PL

AES to standardowy algorytm szyfrowania stosowany w wielu systemach kryptograficznych, np. kartach elektronicznych, TPM, oraz takich protokołach, jak WPA2 czy OpenSSL. Pomiar odporności implementacji algorytmu AES na ataki fizyczne jest najważniejszy do zapewnienia bezpieczeństwa systemowi opartemu na AES. W artykule opisano, jak sprzętowa implementacja AES z wbudowanymi zabezpieczeniami przeciwko fizycznym atakom była badana z wykorzystaniem lasera. Następnie podjęto próby zaimplementowania ataków fizycznych polegających na wstrzykiwaniu błędów; ataki te - zakończone sukcesem - pozwalają atakującemu na przechwycenie tajnego klucza wykorzystywanego w module AES. Przeprowadzone eksperymenty pozwoliły na sprawdzenie efektywności zabezpieczeń zaimplementowanych w module sprzętowym AES oraz wskazały możliwości dalszego podniesienia poziomu bezpieczeństwa.

Słowa kluczowe

EN

advanced encryption standard; AES; fault attacks; laser; security characterization; DFA

PL

Advanced Encryption Standard; AES; wstrzykiwanie błędów; laser; badanie bezpieczeństwa; DFA

• Wydawca: Wydawnictwo Uniwersytetu Warmińsko-Mazurskiego w Olsztynie
• Czasopismo: Technical Sciences / University of Warmia and Mazury in Olsztyn
• Rocznik: 2012
• Tom: nr 15(1)
• Strony: 139--154
• Opis fizyczny: Bibliogr. 32 poz., rys.

Twórcy

autor

Roscian C.

autor

Praden F.

autor

Dutertre J. M.

autor

Fournier J.

autor

Tria A.

• ENSM.SE - École Nationale Supe´rieure des Mines de St-Étienne

Bibliografia

• AGOYAN M., DUTERTRE J-M., NACCACHE D, ROBISSON B., TRIA A. 2010. When Clocks Fail: On Critical Paths and Clock Faults. SPRINGER VERLAG ed. Smart Card Research and Advanced Application.
• AGOYAN M., BOUSQUET S., DUTERTRE J-Max., FOURNIER J., RIGAUD J-B., ROBISSON B., TRIA A. 2011. Design and characterisation of an AES chip embedding countermeasures. International Journal of Intelligent Engineering Informatics, 1, 3-4: 328-347.
• AMIEL F., CLAVIER C., TUNSTALL M. Collision fault analysis of DPA resistant algorithms. In the proceedings of Fault Diagnosis ąand Tolerance in Cryptography 2006 - FDTC 2006.
• ANDERSON R.J., KUHN M.G. 1998. Low Cost Attacks on Tamper Resistant Devices. In the Proceedings of the 5th International Workshop on Security Protocols.
• BAR-EL H., CHOUKRI, H., NACCACHE D, TUNSTALL M., WHELAN C. 2004. The Sorcerer’s Apprentice Guide to Fault Attacks. E-Print: 100.
• BIHAM E., SHAMIR A. 1997. Differential Fault Analysis of Secret Key Cryptosystems. In the proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology.
• BLO¨MER J., SEIFERT J. 2003. Fault Based Cryptanalysis of the Advanced Encryption Standard (AES). In the proceedings of Financial Cryptography.
• BONEH D., DEMILLO R.A., LIPTON R.J. 1997. On the Importance of Checking Cryptographic Protocols for Faults. Advances in Cryptology - EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11-15.
• GAMMEL B.M., MANGARD S. 2010. On the Duality of Probing and Fault Attacks. J. Electron. Test., 26(4): 483-493 ISSN 0923-8174. DOI 10.1007/s10836-010-5160-0.
• GIRAUD C. 2005. DFA on AES. In the proceedings of the 4th international conference on Advanced Encryption Standard. Bonn, Germany.
• GIRAUD C., THILLARD A. 2010. Piret and Quisquater’s DFA on AES Revisited. E-print: 440.
• HANDSCHUH H., PAILLIER P., STERN J. 1999. Probing Attacks on Tamper-Resistant Devices. In the Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems.
• KIM C.H., QUISQUATER J-J. 2008. New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough. In the proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card ąResearch and Advanced Applications. London, UK.
• KOCHER P.C., JAFFE J., JUN B. 1999. Differential Power Analysis. In the proceedings of CRYPTO.
• KOEUNE F., STANDAERT F. A Tutorial on Physical Security and Side-Channel Attacks. In Foundations of Security Analysis and Design III: FOSAD 2004/2005, Nov 2006, 3655, 78-108.
• KO¨MMERLING O., KUHN M.G. 1999. Design principles for tamper-resistant smartcard processors. In the Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology. Chicago, Illinois.
• LU J., PAN J., DEN HARTOG J. 2010. Principles on the security of AES against first and second-order differential power analysis. In the Proceedings of the 8th international conference on Applied cryptography and network security. Beijing, China.
• Micropacks. http://www.arcsis.org, last accessed 19 th of April 2012.
• MORADI A., MISCHKE O., PAAR C., LI Y., OHTA K., SAKIYAMA K. 2011. On the power of fault sensitivity analysis and collision side-channel attacks in a ącombined setting. In the proceedings of the 13 th international conference on Cryptographic hardware ąand embedded systems. Nara, Japan.
• MORADI A., SHALMANI M.T.M., SALMASIZADEH M. 2006. A generalized method of differential fault attack against AES cryptosystem. In the Proceedings of the 8 th international conference on Cryptographic Hardware and Embedded Systems. Yokohama, Japan.
• MUKHOPADHYAY D. 2009. An Improved Fault Based Attack of the Advanced Encryption Standard. In the Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology. Gammarth, Tunisia.
• NIST, National Institute of Standards and Technology. 2001. Announcing the advanced encryption standard (AES), Federal Inf. Processing Standards Pub., Vol. 197.
• DUSART P., LETOURNEUX G., VIVOLO O. 2003. Differential Fault Analysis on A.E.S, E-print: 010.
• PIRET G., QUISQUATER J-J. 2003. A Differential Fault Attack Technique Against SPN Structures, with Application to the AES and KHAZAD. In the proceedings of the 5 th international conference on Cryptographic hardware and embedded systems, LNCS 2779.
• SCHMIDT J., HUTTER M. 2007. Optical and EM Fault-Attacks on CRT-based RSA: Concrete Results. Ed. Austrochip 2007, 15 th Austrian Workhop on Microelectronics, 11 October 2007, Graz, Austria, Proceedings.
• SCHMIDT J., KIM C.H. 2009. Information Security Applications. Chung K., Sohn K., Yung M. eds., Berlin, Heidelberg: Springer-Verlag, pp. 256-265 ISBN 978-3-642-00305-9. DOI 10.1007/978-3-642-00306-6-19.
• SKOROBOGATOV S.P. 2005. Semi-Invasive Attacks - A New Approach to Hardware Security Analysis. PhD thesis, University of Cambridge, Computer Laboratory.
• TAKAHASHI J., FUKUNAGA T. 2007. Differential Fault Analysis on the AES Key Schedule. E-print: 480.
• TRICHINA E. 2003. Combinational Logic Design for AES SubByte Transformation on Masked Data. E-print: 236.
• TUNSTALL M., MUKHOPADHYAY D., ALI S. 2011. Differential fault analysis of the advanced encryption standard using a single fault. In the Proceedings of the 5 th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication. Heraklion, Crete, Greece.
• WANG F., AGRAWAL V.D. 2008. Single Event Upset: An Embedded Tutorial. Proc. of 21 st International Conference on VLSI Design.
• YEN C., WU B. 2006. Simple Error Detection Methods for Hardware Implementation of Advanced Encryption Standard. IEEE Trans.Comput., jun, 55(6): 720–731 ISSN 0018-9340. DOI 10.1109/TC.2006.90.