Fault intensity map analysis with neural network key distinguisher
- PDF / 3,001,166 Bytes
- 16 Pages / 595.276 x 790.866 pts Page_size
- 55 Downloads / 179 Views
REGULAR PAPER
Fault intensity map analysis with neural network key distinguisher Keyvan Ramezanpour1
· Paul Ampadu1 · William Diehl1
Received: 14 April 2020 / Accepted: 7 November 2020 © Springer-Verlag GmbH Germany, part of Springer Nature 2020
Abstract Physical cryptographic implementations are vulnerable to side-channel attacks, including fault attacks, which can be used to recover a secret key. Using a deep neural network (NN) with fault intensity map analysis (FIMA), we present a new highly efficient statistical fault injection analysis (FIA) technique called FIMA-NN. This technique employs a convolutional neural network to rank the key candidates based on multiple features in data distribution under fault with varying intensities and generalizes most existing statistical techniques including fault sensitivity analysis, differential fault intensity analysis, statistical ineffective fault analysis, and FIMA. As FIMA-NN does not rely on a single feature of data distribution, it is successful even in the presence of a wide variety of countermeasures against FIA. We introduce a generic statistical model for timing failure attacks using dynamic timing analysis of an AES S-box implemented in TSMC 65 nm technology with standard ASIC design flow. Using the simulated fault mechanism, we demonstrate that, in terms of required amount of collected ciphertexts, FIMA-NN is 12.6 times more efficient than statistical techniques using bias alone, when faulty and fault-free values are not filtered. Further, in the presence of error detection and infective countermeasures, FIMA-NN is 4.8 and 5 times more efficient than bias-alone techniques, respectively. Keywords Convolutional neural network (CNN) · Dynamic timing analysis · Fault image · Fault injection analysis (FIA) · FIMA · AES
1 Introduction Cryptography is an important component of robust end-toend cybersecurity. Standardized cryptographic algorithms are generally secure against cryptanalysis or brute force attacks, but are subject to implementation vulnerabilities resulting from physical manifestation in hardware or software, called side-channel analysis (SCA). Fault injection analysis (FIA) has emerged as a powerful active SCA technique used to compromise the security of many ciphers implemented in hardware or software [7,23,30,37]. Fault injection mechanisms may induce various properties in faulty or even fault-free data that can be exploited to recover a secret key. FIA techniques can be
B
Keyvan Ramezanpour [email protected] Paul Ampadu [email protected] William Diehl [email protected]
1
The Bradley Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg, VA 24061, USA
divided into the two broad categories of differential fault analysis (DFA) and statistical fault injection analysis (SFIA). In differential fault analysis, fault-free and faulty outputs of the cipher for the same plaintext and initial state are used to calculate the error in an intermediate variable. Certain properties of the error are exploited to identify the correct key among al
Data Loading...
