Cryptology ePrint Archive: Report 2015/663
Analyzing the Efficiency of Biased-Fault Based Attacks
Nahid Farhady Ghalaty, Bilgiday Yuce, Patrick Schaumont
Abstract: The traditional fault analysis techniques developed over the past decade rely on a fault
model, a rigid assumption about the nature of the fault. A practical challenge for all faults attacks is to identify a fault injection method that achieves the presumed fault model.
In this paper, we analyze a class of more recently proposed fault analysis techniques,
which adopt a biased fault model. Biased fault attacks enable
a more flexible fault model, and are therefore easier to adopt to practice.
The purpose of our analysis is to evaluate the relative efficiency of several recently proposed biased-fault attacks, including Fault Sensitivity Analysis (FSA), Non-Uniform Error Value Analysis (NUEVA), Non-Uniform Faulty Value Analysis (NUFVA), and Differential Fault Intensity Analysis (DFIA).
We compare the relative performance of each technique in a common framework, using a common circuit and using a common fault injection method. We show that, for an identical circuit and an identical fault injection method, the number of faults per attack greatly varies according with the analysis technique.
In particular, DFIA is more efficient than FSA, and FSA is more efficient than both NUEVA and NUFVA. In terms of number of fault injections until full key disclosure, for a typical case, FSA uses 8x more faults than DFIA, and NUEVA uses 33x more faults than DFIA. Hence, the post-processing technique selected in a biased-fault attack has a significant impact on the probability of a successful attack.
Category / Keywords: applications / Differential Attack, Fault Intensity, Biased Fault, Fault Intensity
Date: received 2 Jul 2015
Contact author: farhady at vt edu
Available format(s): PDF | BibTeX Citation
Note: This paper is submitted to the Sicientific World Journal 2015.
Version: 20150703:063130 (All versions of this report)
Short URL: ia.cr/2015/663
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]