Classical Countermeasures Against Differential Fault Analysis
In the preceding discussion, we have presented to the readers a variety of fault attacks on a wide range of cryptographic algorithms across hardware and software-based implementations. It is therefore established, by now, that fault attacks are a serious
- PDF / 524,690 Bytes
- 12 Pages / 439.37 x 666.142 pts Page_size
- 87 Downloads / 256 Views
Classical Countermeasures Against Differential Fault Analysis Sikhar Patranabis and Debdeep Mukhopadhyay
Abstract In the preceding discussion, we have presented to the readers a variety of fault attacks on a wide range of cryptographic algorithms across hardware and software-based implementations. It is therefore established, by now, that fault attacks are a serious threat to the security of hardware implementations, and consequently, sound countermeasures must be designed to tackle such threats. In this section, we present a classical approach popularly employed to resist such attacks, namely detection. Since most of the fault attacks described so far exploit transient faults during algorithm execution rather than permanent faults in the target device, the countermeasure strategy is to detect any such occurrence of faults during every execution of the cryptographic algorithm.
8.1 Introduction Detection mechanisms against fault attacks, also referred to as concurrent error detection (CED) techniques, rely on the identification of fault occurrences via specialized circuits using some form of spatial, temporal or even information redundancy. For example, a simple detection methodology could be to duplicate the computation steps of the cryptographic algorithm at various points during ts execution, and comparing the results of the two computations to detect a fault. If a fault is detected, the ciphertext is either suppressed, or is randomized so as to render it unexploitable for an adversary. We now explore some popular detection-based countermeasure techniques against DFA.
S. Patranabis (B) · D. Mukhopadhyay Secured Embedded Architecture Lab, IIT Kharagpur, Kharagpur, India e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2018 S. Patranabis and D. Mukhopadhyay (eds.), Fault Tolerant Architectures for Cryptography and Hardware Security, Computer Architecture and Design Methodologies, https://doi.org/10.1007/978-981-10-1387-4_8
171
172
S. Patranabis and D. Mukhopadhyay
8.2 Spatial Redundancy Spatial redundancy is perhaps the simplest and most intuitive detection-based countermeasure against DFA. It simply duplicates the algorithmic computation, with checks performed at regular intervals between the original and redundant computations to identify any faults, if present. An example of a spatial redundancy-based countermeasure is presented in [86], where an implementation of AES duplicates the original hardware circuit to detect faults that may have been injected during execution. As shown in Fig. 8.1, the countermeasure idea is to inter-mix state bytes between the original and redundant implementations in two separate pieces of hardware. Duplication of hardware results in an area overhead of approximately 200%, while the performance overhead is minimal as the original and redundant implementations operate in parallel within the same number of clock cycles. An alternative technique [136] that reduces the hardware overhead via partialredundancy is demonstrated in Fig. 8.2. The idea here is
Data Loading...
