Paper 2020/896

Fault Injection as an Oscilloscope: Fault Correlation Analysis

Albert Spruyt, Alyssa Milburn, and Lukasz Chmielewski

Abstract

Fault Injection (FI) attacks have become a practical threat to modern cryptographic implementations. Such attacks have recently focused more on exploitation of implementation-centric and device-specific properties of the faults. In this paper, we consider the parallel between SCA attacks and FI attacks; specifically, that many FI attacks rely on the data-dependency of activation and propagation of a fault, and SCA attacks similarly rely on data-dependent power usage. In fact, these are so closely related that we show that existing SCA attacks can be directly applied in a purely FI setting, by translating power FI results to generate FI 'probability traces' as an analogue of power traces. We impose only the requirements of the equivalent SCA attack (e.g., knowledge of the input plaintext for CPA on the first round), along with a way to observe the status of the target (whether or not it has failed and been "muted" after a fault). We also analyse existing attacks such as Fault Template Analysis in the light of this parallel, and discuss the limitations of our methodology. To demonstrate that our attacks are practical, we first show that SPA can be used to recover RSA private exponents using FI attacks. Subsequently, we show the generic nature of our attacks by performing DPA on AES after applying FI attacks to several different targets (with AVR, 32-bit ARM and RISC-V CPUs), using different software on each target, and do so with a low-cost (i.e., less than $50) power fault injection setup. We call this technique Fault Correlation Analysis (FCA), since we perform CPA on fault probability traces. To show that this technique is not limited to software, we also present FCA results against the hardware AES engine supported by one of our targets. Our results show that even without access to the ciphertext (e.g., where an FI redundancy countermeasure is in place, or where ciphertext is simply not exposed to an attacker in any circumstance) and in the presence of jitter, FCA attacks can successfully recover keys on each of these targets.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
fault injectionside channel analysis
Contact author(s)
a a milburn @ vu nl
lukchmiel @ gmail com
albert spruyt @ gmail com
History
2020-07-16: received
Short URL
https://ia.cr/2020/896
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/896,
      author = {Albert Spruyt and Alyssa Milburn and Lukasz Chmielewski},
      title = {Fault Injection as an Oscilloscope: Fault Correlation Analysis},
      howpublished = {Cryptology ePrint Archive, Paper 2020/896},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/896}},
      url = {https://eprint.iacr.org/2020/896}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.