Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M. Eichlseder 1 , T. Korak 1 , V. Lomn´ e 2 , F. Mendel 1 AsiaCrypt 2016 1 Graz University of Technology, Austria 2 ANSSI, Paris, France
www.iaik.tugraz.at Overview Fault attacks on AES-based AE-schemes Nonce does not preclude fault attacks Based on Fuhr et al. (FDTC 2013) Faults influence distribution Experiments to show practical relevance 1 / 21
www.iaik.tugraz.at Statistical Fault Attack SB SR AK equ MC SB SR AK C 2 / 21
www.iaik.tugraz.at Application to Authenticated Encryption Requirements for the Attack 1 The inputs need to be different for each fault 2 The block cipher output needs to be known 3 / 21
www.iaik.tugraz.at Application to Authenticated Encryption Authenticated encryption modes for block ciphers (ISO/IEC) CCM EAX GCM OCB 4 / 21
www.iaik.tugraz.at Attack on CCM N � CTR 0 · · · CTR 1 CTR d ⊞ ⊞ 1 1 E k E k E k · · · P 1 ⊕ P d ⊕ S C 1 · · · C d S ⊕ · · · ⊕ ⊕ V E k E k trunc T 5 / 21
www.iaik.tugraz.at Attack on CCM N � CTR 0 · · · CTR 1 CTR d ⊞ ⊞ 1 1 E k E k E k · · · P 1 ⊕ P d ⊕ S C 1 · · · C d S ⊕ · · · ⊕ ⊕ V E k E k trunc T 5 / 21
www.iaik.tugraz.at Attack on OCB � M i P 1 P d − 1 P d � 0 ∗ . . . ⊕ ∆ d − 1 ⊕ ∆ $ ⊕ ∆ 1 ∆ ∗ E k E k E k E k . . . ∆ 1 ⊕ ∆ d − 1 ⊕ ⊕ ⊕ V C 1 C d − 1 C d T . . . 6 / 21
www.iaik.tugraz.at Attack on OCB � M i P 1 P d − 1 P d � 0 ∗ . . . ⊕ ∆ d − 1 ⊕ ∆ $ ⊕ ∆ 1 ∆ ∗ E k E k E k E k . . . ∆ 1 ⊕ ∆ d − 1 ⊕ ⊕ ⊕ V C 1 C d − 1 C d T . . . 6 / 21
www.iaik.tugraz.at Application to other schemes rand rand rand ∆ k ⊕ E t E k E k k ∆ k ⊕ C C C 7 / 21
www.iaik.tugraz.at XEX-like Construction Output masked by ∆ k rand ∆ k := δ k ∆ k ⊕ ∆ k := δ k + δ n E k ∆ k := δ k , n ∆ k ⊕ C Example: COPA 8 / 21
www.iaik.tugraz.at Attack on COPA � P i P 1 P 2 P d ⊕ ⊕ ⊕ ⊕ 3 L 2 · 3 L 2 d − 1 3 L 2 d − 1 3 2 L E k E k E k E k · · · ⊕ ⊕ ⊕ ⊕ V L E k E k E k E k ⊕ ⊕ ⊕ ⊕ 2 2 L 2 d L 2 d 7 L 2 L C 1 C 2 C d T L = E k ( 0 ) 9 / 21
www.iaik.tugraz.at Attack on COPA � P i P 1 P 2 P d ⊕ ⊕ ⊕ ⊕ 3 L 2 · 3 L 2 d − 1 3 L 2 d − 1 3 2 L E k E k E k E k · · · ⊕ ⊕ ⊕ ⊕ V L E k E k E k E k ⊕ ⊕ ⊕ ⊕ 2 2 L 2 d L 2 d 7 L 2 L C 1 C 2 C d T L = E k ( 0 ) 9 / 21
www.iaik.tugraz.at Attack on COPA Idea: Consider 2 L as part of the last subkey SK ′ 10 := SK 10 ⊕ 2 L Apply SFA to recover SK ′ 10 Repeat attack to either recover SK 9 (in round 9) or 10 := SK 10 ⊕ 2 2 L of the next block the get SK 10 SK ′′ ⇒ Attack complexity (number of needed faults) is doubled 10 / 21
www.iaik.tugraz.at XEX-like Construction Output masked by ∆ k rand ∆ k := δ k ∆ k ⊕ ∆ k := δ k + δ n E k ∆ k := δ k , n ∆ k ⊕ C 11 / 21
www.iaik.tugraz.at Tweakable Block Cipher TWEAKEY framework rand Deoxys KIASU . . . E t k C 12 / 21
www.iaik.tugraz.at Attack on Deoxys � = � P i P 1 P d E 0 , N , 0 E 0 , N , d − 1 E 1 , N , d − 1 · · · k k k ⊕ V C 1 C d T Similar to OCB 13 / 21
www.iaik.tugraz.at Attack on Deoxys � = � P i P 1 P d E 0 , N , 0 E 0 , N , d − 1 E 1 , N , d − 1 · · · k k k ⊕ V C 1 C d T Similar to OCB 13 / 21
www.iaik.tugraz.at Attack on Deoxys � = Deoxys-BC-256 k h 2 h · · · h 2 t h h · · · h RC 0 RC 1 RC 13 RC 14 ⊕ ⊕ ⊕ ⊕ SK 0 SK 13 SK 1 SK 14 P ⊕ f ⊕ f · · · ⊕ f ⊕ C 14 / 21
www.iaik.tugraz.at Summary of Results Primitive Classification Comments CCM basic CTR GCM basic CTR EAX basic CTR OCB basic XE Cloc/Silc ∗ basic CFB OTR ∗ basic XE COPA ∗ XEX ELmD ∗ XEX SHELL ∗ XEX KIASU ∗ TBC Deoxys ∗ TBC ∗ CAESAR candidates 15 / 21
www.iaik.tugraz.at Practical Verification/Implementation Clock glitches General-purpose microcontroller AES software implementation AES hardware co-processor Laser fault injection Smartcard microcontroller AES hardware co-processor ⇒ Key-recovery with a small number of faulty ciphertexts 16 / 21
www.iaik.tugraz.at ATxmega 256A3 correct key 2 − 1 wrong keys 2 − 2 SEI 2 − 3 2 − 4 2 − 5 10 20 30 40 50 60 70 80 number of faulty encryptions Software implementation Single clock glitch 17 / 21
www.iaik.tugraz.at ATxmega 256A3 correct key 2 − 1 wrong keys 2 − 2 SEI 2 − 3 2 − 4 2 − 5 10 20 30 40 50 60 70 80 number of faulty encryptions Software implementation Multiple clock glitches 18 / 21
www.iaik.tugraz.at Smartcard Microcontroller correct key 2 − 1 wrong keys 2 − 2 SEI 2 − 3 2 − 4 2 − 5 10 20 30 40 50 60 70 80 number of faulty encryptions AES co-processor Laser 19 / 21
www.iaik.tugraz.at Summary SFA is a powerful tool Nonce is not enough Attacks are not limited to AES-based modes 20 / 21
www.iaik.tugraz.at Thank you http://eprint.iacr.org/2016/616 21 / 21
www.iaik.tugraz.at References E. Biham and A. Shamir Differential Fault Analysis of Secret Key Cryptosystems CRYPTO 1997 D. Boneh, R. A. DeMillo, and R. J. Lipton On the Importance of Checking Cryptographic Protocols for Faults EUROCRYPT 1997 J. Bl¨ omer and V. Krummel Fault Based Collision Attacks on AES FDTC 2006 T. Fuhr, ´ E. Jaulmes, V. Lomn´ e, and A. Thillard Fault Attacks on AES with Faulty Ciphertexts Only FDTC 2013 C. Dobraunig, M. Eichlseder, T. Korak, V. Lomn´ e, and F . Mendel Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes ASIACRYPT 2016
Recommend
More recommend