• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.195-200
• /
• 2009

CRT-based RSA algorithm, which was implemented on smartcard, microcontroller and so on, leakages secret primes p and q by fault attacks using laser injection, EM radiation, ion beam injection, voltage glitch injection and so on. Among the many fault injection methods, voltage glitch can be injected to target device without any modification, so more practical. In this paper, we made an experiment on the fault injection attack using abnormal source voltage. As a result, CRT-RSA's secret prime p and q are disclosed by fault attack with voltage glitch injection which was introduced by several previous papers, and also succeed the fault attack with source voltage blocking for proper period.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.965-973
• /
• 2022

As IoT(Internet of Things) devices become common, many algorithms have been developed to protect users' personal information. The laser fault injection attack that threatens those algorithms is a side-channel analysis that intentionally injects a laser beam to the outside of a device to acquire confidential information or abnormal privileges of the system. There are many studies to determine the timing of fault injection to reduce the number of necessary fault injections, but the location to inject faults is only repeatedly searched for the entire area of the device. However, when fault injection is performed in an algorithm-independent area, the attacker cannot obtain the intended faulted statement or attempt to bypass authentication, so finding areas vulnerable to fault injection and performing an attack is an important consideration in achieving a high attack success rate. In this paper, we show that a 100% attack success rate can be achieved by determining the vulnerable areas for fault injection by using electromagnetic and thermal information generated from the device's chip. Based on this, we propose an efficient fault injection attack system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1247-1254
• /
• 2020

With the advent of the smart home era, equipment that provides confidentiality or performs authentication exists in various places in real life. Accordingly security against physical attacks is required for encryption equipment and authentication equipment. In particular, fault injection attack that artificially inject a fault from the outside to recover a secret key or bypass an authentication process is one of the very threatening attack methods. Fault sources used in fault injection attacks include lasers, electromagnetic, voltage glitches, and clock glitches. Fault injection attacks are classified into single fault injection attacks and multiple fault injection attacks according to the number of faults injected. Existing multiple fault injection systems generally use a single fault source. The system configured to inject a single source of fault multiple times has disadvantages that there is a physical delay time and additional equipment is required. In this paper, we propose a multiple fault injection system using heterogeneous fault sources. In addition, to show the effectiveness of the proposed system, the results of a multiple fault injection attack against Riscure's Piñata board are shown.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.3-10
• /
• 2012

In this paper, we propose a fault injection attack on stream cipher A5/3 used in GSM. The fault assumption of this attack is based on that of fault injection attacks proposed in FDTC'05 and CISC-W'10. This attack is applicable to A5/3 supporting 64/128-bit session key, respectively, and can recover the session key by using a small number of fault injections. These works are the first known key recovery attack results on A5/3.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.11-25
• /
• 2011

The Miller algorithm is employed in the typical pairing computation such as Weil, Tate and Ate for implementing ID based cryptosystem. By analyzing the Mrabet's attack that is one of fault attacks against the Miller algorithm, this paper presents au efficient fault attack in Affine coordinate system, it is the most basic coordinates for construction of elliptic curve. The proposed attack is the effective model of a count check fault attack, it is verified to work well by practical fault injection experiments and can omit the probabilistic analysis that is required in the previous counter fault model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.453-460
• /
• 2014

Fault injection attack is the process of attempting to acquire the information on-chip through inject artificially generated error code into the cryptographic algorithms operation (or perform) which is implemented in hardware or software. From the details above, the laser-assisted failure injection attacks have been proven particularly successful. In this paper, we propose an improved laser probing system for fault injection attack which is called the Dual-Laser FA tool set, a hybrid approach of the Flash-pumping laser and fiber laser. The main concept of the idea is to improve the laser probe through utilizing existing equipment. The proposed laser probe can be divided into two parts, which are Laser-I for laser cutting, and Laser-II for fault injection. We study the advantages of existing equipment, and consider the significant parameters such as energy, repetition rate, wavelength, etc. In this approach, it solves the high energy problem caused by flash-pumping laser in higher repetition frequency from the fiber laser.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.59-65
• /
• 2010

Since an attacker can occur an error in cryptographic device during encryption process and extract secret key, the fault injection attack has become a serious threat in chip security. In this paper, we show that an attacker can retrieve the 128-bits secret key using fault injection attack on the for statement of final round key addition in AES implementation. To verify possibility of our proposal, we implement the AES system on ATmega128 microcontroller and try to inject a fault using laser beam. As a result, we can extract 128-bits secret key through just one success of fault injection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.439-445
• /
• 2012

Since an attacker can extract secret key of cryptographic device by occurring an error during encryption operation, the fault injection attack have become a serious threat in cryptographic system. In this paper, we show that an attacker can retrieve the 128-bits secret key in AES implementation adopted iterative statement for round operations using fault injection attack. To verify the feasibility of our attack, we implement the AES algorithm on ATmega128 microcontroller and try to inject a fault using laser beam. As a result, we can extract 128-bits secret key by obtaining just two pairs of correct and faulty ciphertexts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1009-1017
• /
• 2012

The fault injection attack has been developed to extract the secret key which is embedded in a crypto module by injecting errors during the encryption process. Especially, an attacker can find master key of AES using injection of just one byte. In this paper, we proposed a countermeasure resistant to the these fault attacks by checking the differences between input and output. Using computer simulation, we also verified that the proposed AES implementation resistant to fault attack shows better fault detection ratio than previous other methods and has small computational overheads.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.371-381
• /
• 2013

An encryption algorithm is executed to supply data confidentiality using a secret key which is embedded in a crypto device. However, the fault injection attack has been developed to extract the secret key by injecting errors during the encryption processes. Especially, an attacker can find the secret key of block cipher ARIA using about 33 faulty outputs. In this paper, we proposed a countermeasure resistant to the these fault injection attacks by checking the difference value between input and output informations. Using computer simulation, we also verified that the proposed countermeasure has excellent fault detection rate and negligible computational overhead.