IEEE Access (Jan 2023)
Fault Template Attack Based on Fault Probability
Abstract
Template attack uses leaked information from various side channels and may break out the countermeasures embedded in the algorithm, which is considered a powerful side-channel attack method. However, the current template attack has the problems of a large amount of data required and poor portability. Aiming at the above problems, this paper proposes a fault template attack method based on fault probability. This method can recover the key with a small amount of data and without access to ciphertext. It applies to all cryptographic algorithms of the Substitution-Permutation Network (SPN) structure. In the template profiling stage, the search interval of points of interest is reduced by using the attack time window; the fault probability model of Hamming Weight is used to profile the highly discriminative template, and thus the key search space is reduced by 28 times. In the key recovery stage, the inverse operation is performed without traversing the key, significantly reducing the complexity of calculation. Finally, we carry out attacks based on the AES-128 algorithm of the Microcontroller Unit (MCU) and use 45 fault probability traces to profile 9 templates. The attacker can succeed in performing key recovery with only 10 attack traces obtained.
Keywords