Provably Secure Concurrent Error Detection for Advanced Encryption Standard
نویسندگان
چکیده
Differential fault analysis (DFA) poses a significant threat to Advanced Encryption Standard (AES). Only a single faulty ciphertext is required for contemporary DFA to extract the secret key of AES using an average of 2 computations. Concurrent error detection (CED) is widely used to protect AES against DFA. Traditionally, these CEDs are evaluated with uniformly distributed faults, and the resulting fault coverage indicates the security strength of CEDs. However, DFA-exploitable faults are not uniformly distributed and are a small subspace of the entire fault space. We provide a systematic study of various DFAs of AES and experimentally show that in the context of DFA, the attacker is capable of biasing the induced faults to improve the success rate of the attacks. Then we show that the fault coverage of most CED techniques drops significantly against the fault model used by the attacker. This work challenges the traditional use of fault coverage for uniformly distributed faults as a metric for evaluating security against DFA. Good cryptographic designs always consider the worst scenario. Because a single carefully injected fault can leak the secret key, we propose a DFA-aware design flow for CEDs. We point out that CEDs should provide 100% fault coverage for DFA-exploitable faults. We show that cryptographic algorithm-specific CEDs have higher fault coverage against DFA faults and lower area overhead compared to general CEDs.
منابع مشابه
Artemia: a family of provably secure authenticated encryption schemes
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the in...
متن کاملProvably Secure Concurrent Error Detection Against Differential Fault Analysis
Differential fault analysis (DFA) poses a significant threat to Advanced Encryption Standard (AES). It has been demonstrated that DFA can use only a single faulty ciphertext to reveal the secret key of AES in an average of 230 computation. Traditionally, concurrent error detection (CED) is used to protect AES against DFA. However, we emphasize that conventional CED assumes a uniform distributio...
متن کاملError Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard
The goal of the Advanced Encryption Standard (AES) is to achieve secure communication. The use of AES does not, however, guarantee reliable communication. Prior work has shown that even a single transient error occurring during the AES encryption (or decryption) process will very likely result in a large number of errors in the encrypted/decrypted data. Such faults must be detected before sendi...
متن کاملComputationally secure multiple secret sharing: models, schemes, and formal security analysis
A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secur...
متن کاملConcurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers
Fault-based side-channel cryptanalysis is very effective against symmetric and asymmetric encryption algorithms. Although straightforward hardware and time redundancy-based concurrent error detection (CED) architectures can be used to thwart such attacks, they entail significant overheads (either area or performance). The authors investigate systematic approaches to low-cost low-latency CED tec...
متن کامل