Template attack on masking AES based on fault sensitivity analysis

Qian Wang; An Wang; Liji Wu; Gang Qu; Guoshuang Zhang

doi:10.1109/HST.2015.7140245

Template attack on masking AES based on fault sensitivity analysis

Qian Wang, An Wang^*, Liji Wu, Gang Qu, Guoshuang Zhang

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Citations (Scopus)

Abstract

Fault Sensitivity Analysis (FSA) is an emerging fault based attack that utilizes the sensitive circuit delay information to retrieve keys. However, one of the major limitations of the existing FSA methods is that they are restricted to specific implementation of the AES S-box. In this paper, we introduce the notion of right or wrong collision rate to replace the current Hamming weight model. Based on this, we propose a novel template attack by injecting glitches simultaneously to two parallel S-boxes in AES. The proposed attack is independent of the implementation of the S-boxes. It expands the projections from 8 Hamming Weights to 256 different inputs of the S-box. Thus we eliminate the time consuming calculation process in the brute force searching for the same Hamming Weight. We implement the proposed attack and design experiments to verify these claims. Our template based FSA attack successfully breaks the AES algorithm with mask countermeasure. Furthermore, the number of plaintexts and the calculations are reduced in our method.

Original language	English
Title of host publication	Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	96-99
Number of pages	4
ISBN (Electronic)	9781467374200
DOIs	https://doi.org/10.1109/HST.2015.7140245
Publication status	Published - 29 Jun 2015
Externally published	Yes
Event	2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015 - McLean, United States Duration: 5 May 2015 → 7 May 2015

Publication series

Name	Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015

Conference

Conference	2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015
Country/Territory	United States
City	McLean
Period	5/05/15 → 7/05/15

Keywords

AES
Fault Sensitivity Analysis
Masking
Template Attack

Access to Document

10.1109/HST.2015.7140245

Cite this

Wang, Q., Wang, A., Wu, L., Qu, G., & Zhang, G. (2015). Template attack on masking AES based on fault sensitivity analysis. In Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015 (pp. 96-99). Article 7140245 (Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/HST.2015.7140245

Wang, Qian ; Wang, An ; Wu, Liji et al. / Template attack on masking AES based on fault sensitivity analysis. Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 96-99 (Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015).

@inproceedings{726a42cd8b024eb3956a1fafbf2b1ba6,

title = "Template attack on masking AES based on fault sensitivity analysis",

abstract = "Fault Sensitivity Analysis (FSA) is an emerging fault based attack that utilizes the sensitive circuit delay information to retrieve keys. However, one of the major limitations of the existing FSA methods is that they are restricted to specific implementation of the AES S-box. In this paper, we introduce the notion of right or wrong collision rate to replace the current Hamming weight model. Based on this, we propose a novel template attack by injecting glitches simultaneously to two parallel S-boxes in AES. The proposed attack is independent of the implementation of the S-boxes. It expands the projections from 8 Hamming Weights to 256 different inputs of the S-box. Thus we eliminate the time consuming calculation process in the brute force searching for the same Hamming Weight. We implement the proposed attack and design experiments to verify these claims. Our template based FSA attack successfully breaks the AES algorithm with mask countermeasure. Furthermore, the number of plaintexts and the calculations are reduced in our method.",

keywords = "AES, Fault Sensitivity Analysis, Masking, Template Attack",

author = "Qian Wang and An Wang and Liji Wu and Gang Qu and Guoshuang Zhang",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015 ; Conference date: 05-05-2015 Through 07-05-2015",

year = "2015",

month = jun,

day = "29",

doi = "10.1109/HST.2015.7140245",

language = "English",

series = "Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "96--99",

booktitle = "Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015",

address = "United States",

}

Wang, Q, Wang, A, Wu, L, Qu, G & Zhang, G 2015, Template attack on masking AES based on fault sensitivity analysis. in Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015., 7140245, Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015, Institute of Electrical and Electronics Engineers Inc., pp. 96-99, 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015, McLean, United States, 5/05/15. https://doi.org/10.1109/HST.2015.7140245

Template attack on masking AES based on fault sensitivity analysis. / Wang, Qian; Wang, An; Wu, Liji et al.
Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 96-99 7140245 (Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Template attack on masking AES based on fault sensitivity analysis

AU - Wang, Qian

AU - Wang, An

AU - Wu, Liji

AU - Qu, Gang

AU - Zhang, Guoshuang

PY - 2015/6/29

Y1 - 2015/6/29

N2 - Fault Sensitivity Analysis (FSA) is an emerging fault based attack that utilizes the sensitive circuit delay information to retrieve keys. However, one of the major limitations of the existing FSA methods is that they are restricted to specific implementation of the AES S-box. In this paper, we introduce the notion of right or wrong collision rate to replace the current Hamming weight model. Based on this, we propose a novel template attack by injecting glitches simultaneously to two parallel S-boxes in AES. The proposed attack is independent of the implementation of the S-boxes. It expands the projections from 8 Hamming Weights to 256 different inputs of the S-box. Thus we eliminate the time consuming calculation process in the brute force searching for the same Hamming Weight. We implement the proposed attack and design experiments to verify these claims. Our template based FSA attack successfully breaks the AES algorithm with mask countermeasure. Furthermore, the number of plaintexts and the calculations are reduced in our method.

AB - Fault Sensitivity Analysis (FSA) is an emerging fault based attack that utilizes the sensitive circuit delay information to retrieve keys. However, one of the major limitations of the existing FSA methods is that they are restricted to specific implementation of the AES S-box. In this paper, we introduce the notion of right or wrong collision rate to replace the current Hamming weight model. Based on this, we propose a novel template attack by injecting glitches simultaneously to two parallel S-boxes in AES. The proposed attack is independent of the implementation of the S-boxes. It expands the projections from 8 Hamming Weights to 256 different inputs of the S-box. Thus we eliminate the time consuming calculation process in the brute force searching for the same Hamming Weight. We implement the proposed attack and design experiments to verify these claims. Our template based FSA attack successfully breaks the AES algorithm with mask countermeasure. Furthermore, the number of plaintexts and the calculations are reduced in our method.

KW - AES

KW - Fault Sensitivity Analysis

KW - Masking

KW - Template Attack

UR - http://www.scopus.com/inward/record.url?scp=84942593219&partnerID=8YFLogxK

U2 - 10.1109/HST.2015.7140245

DO - 10.1109/HST.2015.7140245

M3 - Conference contribution

AN - SCOPUS:84942593219

T3 - Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015

SP - 96

EP - 99

BT - Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015

Y2 - 5 May 2015 through 7 May 2015

ER -

Wang Q, Wang A, Wu L, Qu G, Zhang G. Template attack on masking AES based on fault sensitivity analysis. In Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 96-99. 7140245. (Proceedings of the 2015 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2015). doi: 10.1109/HST.2015.7140245

Template attack on masking AES based on fault sensitivity analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this