j rn marc schmidt
play

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection - PowerPoint PPT Presentation

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty Ciphertext But how to inject a fault? Fault: Injection Model Exploitation Non-invasive Device is not altered physical Semi-invasive


  1. Jörn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at

  2. Fault Injection Plaintext Faulty Ciphertext But how to inject a fault?

  3. Fault: • Injection • Model • Exploitation

  4. Non-invasive Device is not altered physical Semi-invasive De-packaging, no electrical contact Invasive No limits

  5. Active Passive (Fault Attacks) (Observing Attacks) Glitch attacks, Power Side-Channel Non-Invasive Spikes, … Attacks Optical Fault Injection, Optical inspection Semi-Invasive … (ROM, …) Permanent circuit Invasive Probing, … changes, …

  6. Oscilloscope Microscope Probing station Focused Ion Beam (FIB)

  7.  Class I Clever Outsider  Class II Knowledgeable Insider  Class III Funded Company

  8. Decapsulation Procedure: 1. Mill a hole 2. Etch with Fuming Nitric Acid 3. Clean with Ultrasonic treatment in Acetone

  9. Light creates electron / hole pair • • Near np junction: hole moves to p, electron to n region • Results in current and maybe a transition of a transistor • Called Optical Beam Induced Current (OBIC) Light Electron Hole n region p region

  10. • Fault Type – Transient – Permanent – Destructive • Timing • Precision (Bit, Byte, Word) • Set, Flip, Program Flow..

  11. d d = Sig CRT ( M mod p , M mod q ) mod pq d = M mod pq a random fault d d = + δ Sig CRT ( M mod p , M mod q ) mod pq d = + ∆ M p mod pq = − p GCD ( Sig Sig , pq ) p, q: large primes M: message to sign d: secret key

  12. Manipulation of: – Loops – Checks � Repeat transmit (*MSG_address); MSG_length+ + ; MSG_address+ + ; until(MSG_length= = 5); �

  13. … MixColumns • Alter Ciphertext AddRoundKey • Set Bit before SB • Fault before MC SubBytes ( 𝜀 , 0,0,0) ShiftRows AddRoundKey Ciphertext

  14. Fault Injection Power Consumption Timing Electromagnetic Emanation Error Messages

  15. 0 = R 0

  16. • An adversary can inject more than a single fault. • Can we do better than doubling? • How to built efficient side-channel and fault countermeasures?

  17. • Fault attacks are powerful • Possible attacks depend on adversary • Stick to realistic fault models

Recommend


More recommend