TY - JOUR
T1 - Fault rate analysis
T2 - Breaking masked AES hardware implementations efficiently
AU - Wang, An
AU - Chen, Man
AU - Wang, Zongyue
AU - Wang, Xiaoyun
PY - 2013
Y1 - 2013
N2 - In 2011, Li et al. presented clockwise collision analysis on nonprotected Advanced Encryption Standard (AES) hardware implementation. In this brief, we first propose a new clockwise collision attack, called fault rate analysis (FRA), on masked AES. Then, we analyze the critical and noncritical paths of the S-box and find that, for its three input bytes, namely, the input value, the input mask, and the output mask, the path relating to the output mask is much shorter than those relating to the other two inputs. Therefore, some sophisticated glitch cycles can be chosen such that the values in the critical path of the whole S-box are destroyed but this short path is not affected. As a result, the output mask does not offer protection to the S-box, which leads to a more efficient attack. Compared with three attacks on masking countermeasures at the Workshop on Cryptographic Hardware and Embedded Systems 2010 and 2011, our method only costs about 8% of their time and 4% of their storage space.
AB - In 2011, Li et al. presented clockwise collision analysis on nonprotected Advanced Encryption Standard (AES) hardware implementation. In this brief, we first propose a new clockwise collision attack, called fault rate analysis (FRA), on masked AES. Then, we analyze the critical and noncritical paths of the S-box and find that, for its three input bytes, namely, the input value, the input mask, and the output mask, the path relating to the output mask is much shorter than those relating to the other two inputs. Therefore, some sophisticated glitch cycles can be chosen such that the values in the critical path of the whole S-box are destroyed but this short path is not affected. As a result, the output mask does not offer protection to the S-box, which leads to a more efficient attack. Compared with three attacks on masking countermeasures at the Workshop on Cryptographic Hardware and Embedded Systems 2010 and 2011, our method only costs about 8% of their time and 4% of their storage space.
KW - Collision attack
KW - fault rate analysis (FRA)
KW - masking
KW - path delay
KW - side-channel attack
UR - http://www.scopus.com/inward/record.url?scp=84883023923&partnerID=8YFLogxK
U2 - 10.1109/TCSII.2013.2268379
DO - 10.1109/TCSII.2013.2268379
M3 - Article
AN - SCOPUS:84883023923
SN - 1549-7747
VL - 60
SP - 517
EP - 521
JO - IEEE Transactions on Circuits and Systems II: Express Briefs
JF - IEEE Transactions on Circuits and Systems II: Express Briefs
IS - 8
M1 - 6560346
ER -