Cryptology ePrint Archive: Report 2015/595
Differential Fault Intensity Analysis
Nahid Farhady Ghalaty and Bilgiday Yuce and Mostafa Taha and Patrick Schaumont
Abstract: —Recent research has demonstrated that there is
no sharp distinction between passive attacks based on sidechannel
leakage and active attacks based on fault injection.
Fault behavior can be processed as side-channel information,
offering all the benefits of Differential Power Analysis including
noise averaging and hypothesis testing by correlation. This paper
introduces Differential Fault Intensity Analysis, which combines
the principles of Differential Power Analysis and fault injection.
We observe that most faults are biased - such as single-bit,
two-bit, or three-bit errors in a byte - and that this property
can reveal the secret key through a hypothesis test. Unlike
Differential Fault Analysis, we do not require precise analysis
of the fault propagation. Unlike Fault Sensitivity Analysis, we do
not require a fault sensitivity profile for the device under attack.
We demonstrate our method on an FPGA implementation of
AES with a fault injection model. We find that with an average
of 7 fault injections, we can reconstruct a full 128-bit AES key
Category / Keywords: applications / Fault Analysis; AES; Fault Injection; Fault Intensity
Original Publication (in the same form): 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography
DOI: 10.1109/FDTC.2014.15
Date: received 15 Jun 2015, withdrawn 22 Jun 2015
Contact author: farhady at vt edu
Available format(s): (-- withdrawn --)
Version: 20150622:105148 (All versions of this report)
Short URL: ia.cr/2015/595
[ Cryptology ePrint archive ]