Optimized Lightweight Hardware Trojan-based Fault Attack on DES

An optimized lightweight Hardware Trojan (HT) based fault attack is proposed, especially for those resource constrained environments such as IoT networks. Firstly, Algebraic fault analysis (AFA) is introduced to evaluate different fault models and search for the optimal one. Next, considering the limited resource, a lightweight HT is carefully designed which only flips one bit of the circuit in IoT device. Finally, AFA is applied again to exploit the fault and recover the secret key. An illustrative attack is demonstrated on DES implemented on an FPGA platform, SASEBO-GII. This paper shows that, for single bit fault injection at different rounds or different indexes in the same round, the reduced key search space of DES varies. The proposed technique can search for the optimal fault model, guide the lightweight Hardware Trojan design and automatically recover the secret key. Only one fault is required to recover the secret key of DES, which improves the stealthiness of the designed Hardware Trojan in IoT networks. The entire attack framework can also be applied to other block ciphers such as AES and PRESENT.