Persistent Fault Attack in Practice

Fan Zhang; Yiran Zhang; Huilong Jiang; Xiang Zhu; Shivam Bhasin; Xinjie Zhao; Zhe Liu; Dawu Gu; Kui Ren

doi:10.13154/tches.v2020.i2.172-195

Transactions on Cryptographic Hardware and Embedded Systems (Mar 2020)

Persistent Fault Attack in Practice

Fan Zhang,
Yiran Zhang,
Huilong Jiang,
Xiang Zhu ,
Shivam Bhasin,
Xinjie Zhao,
Zhe Liu,
Dawu Gu,
Kui Ren

Affiliations

Fan Zhang: College of Computer Science and Technology, Zhejiang University; State Key Laboratory of Cryptology, P.O.Box 5159, Beijing, China; Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies, Hangzhou, China
Yiran Zhang: College of Computer Science and Technology, Zhejiang University; College of Information Science & Electronic Engineering, Zhejiang University; Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies, Hangzhou, China
Huilong Jiang: Chinese Academy of Sciences, Beijing, China
Xiang Zhu: Chinese Academy of Sciences, Beijing, China
Shivam Bhasin: Nanyang Technological University, Singapore
Xinjie Zhao: Institute of North Electronic Equipment, Beijing, China
Zhe Liu: State Key Laboratory of Cryptology, P.O.Box 5159, Beijing; Nanjing University of Aeronautics and Astronautics, Nanjing, China
Dawu Gu: Shanghai Jiaotong University, Shanghai, China
Kui Ren: College of Computer Science and Technology, Zhejiang University; Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies, Hangzhou, China

DOI: https://doi.org/10.13154/tches.v2020.i2.172-195
Journal volume & issue: Vol. 2020, no. 2

Abstract

Read online

Persistence fault analysis (PFA) is a novel fault analysis technique proposed in CHES 2018 and demonstrated with rowhammer-based fault injections. However, whether such analysis can be applied to traditional fault attack scenario, together with its difficulty in practice, has not been carefully investigated. For the first time, a persistent fault attack is conducted on an unprotected AES implemented on ATmega163L microcontroller in this paper. Several critical challenges are solved with our new improvements, including (1) how to decide whether the fault is injected in SBox; (2) how to use the maximum likelihood estimation to pursue the minimum number of ciphertexts; (3) how to utilize the unknown fault in SBox to extract the key. Our experiments show that: to break AES with physical laser injections despite all these challenges, the minimum and average number of required ciphertexts are 926 and 1641, respectively. It is about 38% and 28% reductions of the ciphertexts required in comparison to 1493 and 2273 in previous work where both fault value and location have to be known. Furthermore, our analysis is extended to the PRESENT cipher. By applying the persistent fault analysis to the penultimate round, the full PRESENT key of 80 bits can be recovered. Eventually, an experimental validation is performed to confirm the accuracy of our attack with more insights. This paper solves the challenges in most aspects of practice and also demonstrates the feasibility and universality of PFA on SPN block ciphers.

Published in Transactions on Cryptographic Hardware and Embedded Systems

ISSN: 2569-2925 (Online)
Publisher: Ruhr-Universität Bochum
Country of publisher: Germany
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Electronics: Computer engineering. Computer hardware; Technology: Technology (General): Industrial engineering. Management engineering: Information technology
Website: https://tches.iacr.org

About the journal

Abstract

Keywords