statistical fault attacks revisited application to
play

Statistical Fault Attacks Revisited Application to Authenticated - PowerPoint PPT Presentation

Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M. Eichlseder, T. Korak, V. Lomn e, F. Mendel ASK 2016 The research leading to these results has received funding from the European Unions Horizon


  1. Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M. Eichlseder, T. Korak, V. Lomn´ e, F. Mendel ASK 2016 The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644052 (HECTOR).

  2. www.iaik.tugraz.at Authenticated Encryption Encryption / Authentication E ( K , N , A , P ) = ( C , T ) Decryption / Verification D ( K , N , A , C , T ) ∈ { P , ⊥} 1 / 24

  3. www.iaik.tugraz.at Fault Attacks Differential Fault Analysis Collision Fault Analysis Safe Error Attack . . . ⇒ Statistical Fault Attack 2 / 24

  4. www.iaik.tugraz.at Statistical Fault Attack Fuhr et al. (FDTC 2013) Fault attack on AES with faulty ciphertexts only Succeeding with random and unknown plaintexts Main Idea: Fault injection introduces a bias on a target variable 3 / 24

  5. www.iaik.tugraz.at Fault Models Perfect control. The attacker perfectly knows the statistical distribution of the faulty value Partial control. The attacker has some partial information on the distribution of the faulty value No control. The attacker has no information about the distribution of the faulty value, except that it is non uniform 4 / 24

  6. www.iaik.tugraz.at Application to AES Attack on the 10th round Max. likelihood Min. mean HW a) 1 1 b) 10 14 c) 14 18 28 hypotheses per key byte 5 / 24

  7. www.iaik.tugraz.at Application to AES Attack on the 9th round Square Euclidean Imbalance a) 6 b) 14 c) 80 232 hypotheses to retrieve 4 key bytes 6 / 24

  8. www.iaik.tugraz.at Statistical Fault Attack Requirements for the Attack 1 The inputs need to be different for each fault 2 The block cipher output needs to be known 7 / 24

  9. www.iaik.tugraz.at Application Authenticated encryption modes for block ciphers (ISO/IEC) CCM EAX GCM OCB SIV (Key Wrap) 8 / 24

  10. www.iaik.tugraz.at Attack on CCM N � CTR 0 · · · CTR 1 CTR d ⊞ ⊞ 1 1 E k E k E k · · · P 1 ⊕ P d ⊕ S C 1 · · · C d S ⊕ · · · ⊕ ⊕ V E k E k trunc T 9 / 24

  11. www.iaik.tugraz.at Attack on EAX and GCM EAX CTR + CMAC cleaned-up CCM GCM CTR + CW MAC 10 / 24

  12. www.iaik.tugraz.at Attack on OCB � M i P 1 P d − 1 P d � 0 ∗ . . . ⊕ ∆ d − 1 ⊕ ∆ $ ⊕ ∆ 1 ∆ ∗ E k E k E k E k . . . ∆ 1 ⊕ ∆ d − 1 ⊕ ⊕ ⊕ V C 1 C d − 1 C d T . . . 11 / 24

  13. www.iaik.tugraz.at Application to other schemes rand rand rand ∆ k ⊕ E t E k E k k ∆ k ⊕ C C C 12 / 24

  14. www.iaik.tugraz.at Basic Construction rand Cloc/Silc CFB + CBC MAC E k OTR XE + 2r-Feistel C 13 / 24

  15. www.iaik.tugraz.at XEX-like Construction Output is mask by ∆ k rand ∆ k := δ k ∆ k ⊕ ∆ k := δ k + δ n E k ∆ k := δ k , n ∆ k ⊕ C Example: COPA 14 / 24

  16. www.iaik.tugraz.at Attack on COPA � P i P 1 P 2 P d ⊕ ⊕ ⊕ ⊕ 3 L 2 · 3 L 2 d − 1 3 L 2 d − 1 3 2 L E k E k E k E k · · · ⊕ ⊕ ⊕ ⊕ V L E k E k E k E k ⊕ ⊕ ⊕ ⊕ 2 2 L 2 d L 2 d 7 L 2 L C 1 C 2 C d T L = E k ( 0 ) 15 / 24

  17. www.iaik.tugraz.at Attack on COPA Idea: Consider 2 L as part of the last subkey SK ′ 10 := SK 10 ⊕ 2 L Apply SFA to recover SK ′ 10 Repeat attack to either recover SK 9 (in round 9) or 10 := SK 10 ⊕ 2 2 L of the next block the get SK 10 SK ′ ⇒ Attack complexity (number of needed faults) is doubled 16 / 24

  18. www.iaik.tugraz.at XEX-like Construction Output is mask by ∆ k rand ∆ k := δ k ∆ k ⊕ ∆ k := δ k + δ n E k ∆ k := δ k , n ∆ k ⊕ C 17 / 24

  19. www.iaik.tugraz.at Tweakable Block Cipher TWEAKEY framework rand Deoxys KIASU . . . E t k C 18 / 24

  20. www.iaik.tugraz.at Attack on Deoxys � = � P i P 1 P d E 0 , N , 0 E 0 , N , d − 1 E 1 , N , d − 1 · · · k k k ⊕ V C 1 C d T Similar to OCB 19 / 24

  21. www.iaik.tugraz.at Attack on Deoxys � = Deoxys-BC-256 · · · k h 2 h h 2 · · · t h h h ⊕ RC 0 ⊕ RC 1 ⊕ RC 13 ⊕ RC 14 SK 0 SK 13 SK 1 SK 14 ⊕ ⊕ · · · ⊕ ⊕ P f f f C 20 / 24

  22. www.iaik.tugraz.at Summary of Results Primitive Classification Comments CCM basic CTR GCM basic CTR EAX basic CTR OCB basic XE Cloc/Silc ∗ basic CFB OTR ∗ basic XE COPA ∗ XEX ELmD ∗ XEX SHELL ∗ XEX KIASU ∗ TBC TWEAKEY Deoxys ∗ TBC TWEAKEY ∗ CAESAR candidates 21 / 24

  23. www.iaik.tugraz.at Practical Verification/Implementation Clock glitches General-purpose microcontroller (ATxmega 256A3) AES software implementation AES hardware co-processor Laser fault injection Smartcard microcontroller AES hardware co-processor ⇒ Key-recovery with a small number of faulty ciphertexts 22 / 24

  24. www.iaik.tugraz.at Summary SFA is a powerful tool Attacks are not limited to AES-based modes e.g. Prøst, Joltik, Scream,. . . Applicable to some Sponge modes APE construction e.g. PRIMATEs, Ascon 23 / 24

  25. www.iaik.tugraz.at Thank you http://eprint.iacr.org/2016/616 24 / 24

  26. www.iaik.tugraz.at References E. Biham and A. Shamir Differential Fault Analysis of Secret Key Cryptosystems CRYPTO 1997 D. Boneh, R. A. DeMillo, and R. J. Lipton On the Importance of Checking Cryptographic Protocols for Faults EUROCRYPT 1997 J. Bl¨ omer and V. Krummel Fault Based Collision Attacks on AES FDTC 2006 T. Fuhr, ´ E. Jaulmes, V. Lomn´ e, and A. Thillard Fault Attacks on AES with Faulty Ciphertexts Only FDTC 2013 C. Dobraunig, M. Eichlseder, T. Korak, V. Lomn´ e, and F . Mendel Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes ASIACRYPT 2016

Recommend


More recommend