• Title/Summary/Keyword: Fault Attack

Search Result 88, Processing Time 0.021 seconds

Realistic Multiple Fault Injection System Based on Heterogeneous Fault Sources (이종(異種) 오류원 기반의 현실적인 다중 오류 주입 시스템)

  • Lee, JongHyeok;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1247-1254
    • /
    • 2020
  • With the advent of the smart home era, equipment that provides confidentiality or performs authentication exists in various places in real life. Accordingly security against physical attacks is required for encryption equipment and authentication equipment. In particular, fault injection attack that artificially inject a fault from the outside to recover a secret key or bypass an authentication process is one of the very threatening attack methods. Fault sources used in fault injection attacks include lasers, electromagnetic, voltage glitches, and clock glitches. Fault injection attacks are classified into single fault injection attacks and multiple fault injection attacks according to the number of faults injected. Existing multiple fault injection systems generally use a single fault source. The system configured to inject a single source of fault multiple times has disadvantages that there is a physical delay time and additional equipment is required. In this paper, we propose a multiple fault injection system using heterogeneous fault sources. In addition, to show the effectiveness of the proposed system, the results of a multiple fault injection attack against Riscure's Piñata board are shown.

A Differential Fault Attack against Block Cipher HIGHT (블록 암호 HIGHT에 대한 차분 오류 공격)

  • Lee, Yu-Seop;Kim, Jong-Sung;Hong, Seok-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.485-494
    • /
    • 2012
  • The block cipher HIGHT is designed suitable for low-resource hardware implementation. It established as the TTA standard and ISO/IEC 18033-3 standard. In this paper, we propose a differentail fault attack against the block cipher HIGHT. In the proposed attack, we assume that an attacker is possible to inject a random byte fault in the input value of the 28-th round. This attack can recover the secret key by using the differential property between the original ciphertext and fault cipher text pairs. Using 7 and 12 error, our attack recover secret key within a few second with success probability 87% and 51%, respectively.

Security Analysis of AES-CMAC Applicable to Various Environments (다양한 환경에 적용 가능한 AES-CMAC에 대한 안전성 분석)

  • Jeong, Ki-Tae
    • Journal of Advanced Navigation Technology
    • /
    • v.16 no.2
    • /
    • pp.211-218
    • /
    • 2012
  • In this paper, we propose a fault injection attack on AES-CMAC, which is defined by IETF. The fault assumption used in this attack is based on that introduced at FDTC'05. This attack can recover the 128-bit secret key of AES-CMAC by using only small number of fault injections. This result is the first known key recovery attack result on AES-CMAC.

An Improved Dual-mode Laser Probing System for Fault Injecton Attack (오류주입공격에 대한 개선된 이중모드 레이저 프로빙 시스템)

  • Lee, Young Sil;Non, Thiranant;Lee, HoonJae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.453-460
    • /
    • 2014
  • Fault injection attack is the process of attempting to acquire the information on-chip through inject artificially generated error code into the cryptographic algorithms operation (or perform) which is implemented in hardware or software. From the details above, the laser-assisted failure injection attacks have been proven particularly successful. In this paper, we propose an improved laser probing system for fault injection attack which is called the Dual-Laser FA tool set, a hybrid approach of the Flash-pumping laser and fiber laser. The main concept of the idea is to improve the laser probe through utilizing existing equipment. The proposed laser probe can be divided into two parts, which are Laser-I for laser cutting, and Laser-II for fault injection. We study the advantages of existing equipment, and consider the significant parameters such as energy, repetition rate, wavelength, etc. In this approach, it solves the high energy problem caused by flash-pumping laser in higher repetition frequency from the fiber laser.

A Late-Round Reduction Attack on the AES Encryption Algorithm Using Fault Injection (AES 암호 알고리듬에 대한 반복문 뒷 라운드 축소 공격)

  • Choi, Doo-Sik;Choi, Yong-Je;Choi, Doo-Ho;Ha, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.439-445
    • /
    • 2012
  • Since an attacker can extract secret key of cryptographic device by occurring an error during encryption operation, the fault injection attack have become a serious threat in cryptographic system. In this paper, we show that an attacker can retrieve the 128-bits secret key in AES implementation adopted iterative statement for round operations using fault injection attack. To verify the feasibility of our attack, we implement the AES algorithm on ATmega128 microcontroller and try to inject a fault using laser beam. As a result, we can extract 128-bits secret key by obtaining just two pairs of correct and faulty ciphertexts.

Fault Analysis Attacks on Control Statement of RSA Exponentiation Algorithm (RSA 멱승 알고리즘의 제어문에 대한 오류 주입 공격)

  • Gil, Kwang-Eun;Baek, Yi-Roo;Kim, Hwan-Koo;Ha, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.6
    • /
    • pp.63-70
    • /
    • 2009
  • Many research results show that RSA system mounted using conventional binary exponentiation algorithm is vulnerable to some physical attacks. Recently, Schmidt and Hurbst demonstrated experimentally that an attacker can exploit secret key using faulty signatures which are obtained by skipping the squaring operations. Based on similar assumption of Schmidt and Hurbst's fault attack, we proposed new fault analysis attacks which can be made by skipping the multiplication operations or computations in looping control statement. Furthermore, we applied our attack to Montgomery ladder exponentiation algorithm which was proposed to defeat simple power attack. As a result, our fault attack can extract secret key used in Montgomery ladder exponentiation.

A Countermeasure Against Fault Injection Attack on Block Cipher ARIA (블록 암호 ARIA에 대한 오류 주입 공격 대응 방안)

  • Kim, Hyung-Dong;Ha, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.3
    • /
    • pp.371-381
    • /
    • 2013
  • An encryption algorithm is executed to supply data confidentiality using a secret key which is embedded in a crypto device. However, the fault injection attack has been developed to extract the secret key by injecting errors during the encryption processes. Especially, an attacker can find the secret key of block cipher ARIA using about 33 faulty outputs. In this paper, we proposed a countermeasure resistant to the these fault injection attacks by checking the difference value between input and output informations. Using computer simulation, we also verified that the proposed countermeasure has excellent fault detection rate and negligible computational overhead.

A Fault Injection Attack on the For Statement in AES Implementation (AES에 대한 반복문 오류주입 공격)

  • Park, Jea-Hoon;Bae, Ki-Seok;Oh, Doo-Hwan;Moon, Sang-Jae;Ha, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.6
    • /
    • pp.59-65
    • /
    • 2010
  • Since an attacker can occur an error in cryptographic device during encryption process and extract secret key, the fault injection attack has become a serious threat in chip security. In this paper, we show that an attacker can retrieve the 128-bits secret key using fault injection attack on the for statement of final round key addition in AES implementation. To verify possibility of our proposal, we implement the AES system on ATmega128 microcontroller and try to inject a fault using laser beam. As a result, we can extract 128-bits secret key through just one success of fault injection.

Security Reconsideration on CRT-RSA Algorithm Against Fault Attacks using Opcode Modification (연산자 조작 공격에 대한 CRT-RSA 알고리듬의 안전성 재분석)

  • Ha, Jae-Cheol;Baek, Yi-Roo;Park, Jea-Hoon;Moon, Sang-Jae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.4
    • /
    • pp.155-160
    • /
    • 2010
  • Since the RSA cryptosystem based on Chinese Remainder Theorem is vulnerable to many fault insertion attacks, some countermeasures against them were proposed. Recently, Kim et al. or Ha et al. respectively proposed each countermeasure scheme based on fault propagation method. Unfortunately, Hur et al. insist that these countermeasures are vulnerable to their opcode modification fault attack. In this paper, we show that the proposed attack can not apply to almost CRT-RSA countermeasures which use multi-precision operations in long bit computation. Therefore, the countermeasure against fault attack proposed by Kim et al. or Ha et al. are still secure.

A Round Reduction Attack on Triple DES Using Fault Injection (오류 주입을 이용한 Triple DES에 대한 라운드 축소 공격)

  • Choi, Doo-Sik;Oh, Doo-Hwan;Bae, Ki-Seok;Moon, Sang-Jae;Ha, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.2
    • /
    • pp.91-100
    • /
    • 2011
  • The Triple Data Encryption Algorithm (Triple DES) is an international standard of block cipher, which composed of two encryption processes and one decryption process of DES to increase security level. In this paper, we proposed a Differential Fault Analysis (DFA) attack to retrieve secret keys using reduction of last round execution for each DES process in the Triple DES by fault injections. From the simulation result for the proposed attack method, we could extract three 56-bit secret keys using exhaustive search attack for $2^{24}$ candidate keys which are refined from about 9 faulty-correct cipher text pairs. Using laser fault injection experiment, we also verified that the proposed DFA attack could be applied to a pure microprocessor ATmega 128 chip in which the Triple DES algorithm was implemented.