Fully automated differential fault analysis on software implementations of block ciphers

被引:0
作者
Hou X. [1 ]
Breier J. [2 ]
Zhang F. [2 ]
Liu Y. [2 ]
机构
[1] School of Computer Science and Engineeering, Nanyang Technological University
来源
IACR Transactions on Cryptographic Hardware and Embedded Systems | 2019年 / 2019卷 / 03期
关键词
Assembly; Automation; Differential fault analysis; Fault attacks;
D O I
10.13154/tches.v2019.i3.1-29
中图分类号
学科分类号
摘要
Differential Fault Analysis (DFA) is considered as the most popular fault analysis method. While there are techniques that provide a fault analysis automation on the cipher level to some degree, it can be shown that when it comes to software implementations, there are new vulnerabilities, which cannot be found by observing the cipher design specification. This work bridges the gap by providing a fully automated way to carry out DFA on assembly implementations of symmetric block ciphers. We use a customized data flow graph to represent the program and develop a novel fault analysis methodology to capture the program behavior under faults. We establish an effective description of DFA as constraints that are passed to an SMT solver. We create a tool that takes assembly code as input, analyzes the dependencies among instructions, automatically attacks vulnerable instructions using SMT solver and outputs the attack details that recover the last round key (and possibly the earlier keys). We support our design with evaluations on lightweight ciphers SIMON, SPECK, and PRIDE, and a current NIST standard, AES. By automated assembly analysis, we were able to find new efficient DFA attacks on SPECK and PRIDE, exploiting implementation specific vulnerabilities, and previously published DFA on SIMON and AES. Moreover, we present a novel DFA on multiplication operation that has never been shown for symmetric block ciphers before. Our experimental evaluation also shows reasonable execution times that are scalable to current cipher designs and can easily outclass the manual analysis. Moreover, we present a method to check the countermeasure-protected implementations in a way that helps implementers to decide how many rounds should be protected. We note that this is the first work that automatically carries out DFA on cipher implementations without any plaintext or ciphertext information and therefore, can be generally applied to any input data to the cipher. © 2019, Ruhr-University of Bochum. All rights reserved.
引用
收藏
页码:1 / 29
页数:28
相关论文
共 51 条
[1]  
Agosta Giovanni, Barenghi Alessandro, Pelosi Gerardo, Scandale Michele, Differential fault analysis for block ciphers: An automated conservative analysis, Proceedings of the 7th International Conference on Security of Information and Networks, SIN ’14, (2014)
[2]  
Albrecht Martin R, Driessen Benedikt, Kavun Elif Bilge, Leander Gregor, Paar Christof, Yalcin Tolga, Block ciphers–focus on the linear layer (feat. pride), International Cryptology Conference, pp. 57-76, (2014)
[3]  
Bringer Julien, Carlet Claude, Chabanne HervAl, Guilley Sylvain, Maghrebi Houssem, Orthogonal direct sum masking: A smartcard friendly computation paradigm in a code, with builtin protection against side-channel and fault attacks, Cryptology ePrint Archive, (2014)
[4]  
Barthe Gilles, Dupressoir Francois, Fouque Pierre-Alain, Gregoire Benjamin, Zapalowicz Jean-Christophe, Synthesis of fault attacks on cryptographic implementations, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1016-1027, (2014)
[5]  
Bar-El H., Choukri H., Naccache D., Tunstall M., Whelan C., The Sorcerer’s Apprentice Guide to Fault Attacks, Proceedings of the IEEE, 94, 2, pp. 370-382, (2006)
[6]  
Bernstein Daniel J, Chacha, a variant of salsa20, Workshop Record of SASC, 8, (2008)
[7]  
Beckers Arthur, Gierlichs Benedikt, Verbauwhede Ingrid, Fault analysis of the chacha and salsa families of stream ciphers, Lecture Notes in Computer Science, (2017)
[8]  
Breier Jakub, Hou Xiaolu, Feeding two cats with one bowl: On designing a fault and side-channel resistant software encoding scheme (extended version), Cryptology ePrint Archive, (2016)
[9]  
Breier Jakub, Hou Xiaolu, Bhasin Shivam, Automated Methods in Cryptographic Fault Analysis, (2019)
[10]  
Breier Jakub, Hou Xiaolu, Liu Yang, Fault attacks made easy: Differential fault analysis automation on assembly code, IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018, 2, pp. 96-122, (2018)
123456